The installed version of SeaMonkey is earlier than 2.0.14. Such versions are potentially affected by the following security issues :
- Multiple use-after-free errors exist in the handling of the object attributes 'mChannel', 'mObserverList' and 'nsTreeRange'. (CVE-2011-0065, CVE-2011-0066, CVE-2011-0073)
- An error exists in the handling of Java applets that could allow sensitive form history data to be accessed.
(CVE-2011-0067)
- An error in the resource protocol could allow directory traversal. (CVE-2011-0071)
- Multiple memory safety issues could lead to application crashes and possibly remote code execution.
(CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0080)
- An information disclosure vulnerability exists in the 'xsltGenerateIdFunction' function in the included libxslt library. (CVE-2011-1202)
{"nessus": [{"lastseen": "2022-11-23T15:59:55", "description": "The installed version of Firefox is earlier than 3.5.19. Such versions are potentially affected by the following security issues :\n\n - Multiple use-after-free errors exist in the handling of the object attributes 'mChannel', 'mObserverList' and 'nsTreeRange'. (CVE-2011-0065, CVE-2011-0066, CVE-2011-0073)\n\n - An error exists in the handling of Java applets that can allow sensitive form history data to be accessed.\n (CVE-2011-0067)\n\n - An error in the resource protocol can allow a directory traversal attack. (CVE-2011-0071)\n\n - Multiple memory safety issues can lead to application crashes and possibly remote code execution.\n (CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0080)\n\n - An information disclosure vulnerability exists in the 'xsltGenerateIdFunction' function in the included libxslt library. (CVE-2011-1202)", "cvss3": {"score": null, "vector": null}, "published": "2011-04-29T00:00:00", "type": "nessus", "title": "Firefox < 3.5.19 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-1202"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_3519.NASL", "href": "https://www.tenable.com/plugins/nessus/53593", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53593);\n script_version(\"1.31\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n\n script_cve_id(\n \"CVE-2011-0065\",\n \"CVE-2011-0066\",\n \"CVE-2011-0067\",\n \"CVE-2011-0069\",\n \"CVE-2011-0070\",\n \"CVE-2011-0071\",\n \"CVE-2011-0072\",\n \"CVE-2011-0073\",\n \"CVE-2011-0074\",\n \"CVE-2011-0075\",\n \"CVE-2011-0077\",\n \"CVE-2011-0078\",\n \"CVE-2011-0080\",\n \"CVE-2011-1202\"\n );\n script_bugtraq_id(\n 47641,\n 47646,\n 47647,\n 47648,\n 47651,\n 47653,\n 47654,\n 47655,\n 47656,\n 47657,\n 47659,\n 47660,\n 47662,\n 47663,\n 47666,\n 47667,\n 47668\n );\n script_xref(name:\"EDB-ID\", value:\"17419\");\n script_xref(name:\"EDB-ID\", value:\"17520\");\n script_xref(name:\"EDB-ID\", value:\"17612\");\n script_xref(name:\"EDB-ID\", value:\"17650\");\n script_xref(name:\"EDB-ID\", value:\"17672\");\n script_xref(name:\"EDB-ID\", value:\"18377\");\n script_xref(name:\"Secunia\", value:\"44357\");\n\n script_name(english:\"Firefox < 3.5.19 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox is earlier than 3.5.19. Such\nversions are potentially affected by the following security issues :\n\n - Multiple use-after-free errors exist in the handling of\n the object attributes 'mChannel', 'mObserverList' and\n 'nsTreeRange'. (CVE-2011-0065, CVE-2011-0066, \n CVE-2011-0073)\n\n - An error exists in the handling of Java applets that\n can allow sensitive form history data to be accessed.\n (CVE-2011-0067)\n\n - An error in the resource protocol can allow a directory\n traversal attack. (CVE-2011-0071)\n\n - Multiple memory safety issues can lead to application \n crashes and possibly remote code execution.\n (CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, \n CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, \n CVE-2011-0078, CVE-2011-0080)\n\n - An information disclosure vulnerability exists in the\n 'xsltGenerateIdFunction' function in the included\n libxslt library. (CVE-2011-1202)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-157/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-159/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-14/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-18/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?82f2fc1c\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 3.5.19 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\"); \n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'3.5.19', min:'3.5', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:00:55", "description": "Versions of Firefox earlier than 3.5.19 are potentially affected by multiple vulnerabilities : \n\nMultiple memory corruption issues could lead to arbitrary code execution. (MFSA2011-12)\n - Multiple dangling pointer vulnerabilities exist. (MFSA2011-13)\n - A Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. (MFSA2011-14)\n - The Java Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox could be exploited to obtain elevated access to resources on a user's system. (MFSA2011-15)\n - The 'resource: ' protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. (MFSA2011-16)\n - The XSLT 'generate-id()' function returns may return a string that reveals a specific valid address of an object on the memory heap. (MFSA2011-18)", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2011-04-29T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 3.5.19 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0073", "CVE-2011-0065", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0072", "CVE-2011-1202", "CVE-2011-0076"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"], "id": "5900.PRM", "href": "https://www.tenable.com/plugins/nnm/5900", "sourceData": "Binary data 5900.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:00:54", "description": "Versions of Firefox earlier than 3.5.19 are potentially affected by multiple vulnerabilities : \n\nMultiple memory corruption issues could lead to arbitrary code execution. (MFSA2011-12)\n\n - Multiple dangling pointer vulnerabilities exist. (MFSA2011-13)\n\n - A Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. (MFSA2011-14)\n\n - The Java Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox could be exploited to obtain elevated access to resources on a user's system. (MFSA2011-15)\n\n - The 'resource: ' protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. (MFSA2011-16)\n\n - The XSLT 'generate-id()' function returns may return a string that reveals a specific valid address of an object on the memory heap. (MFSA2011-18)", "cvss3": {"score": null, "vector": null}, "published": "2011-04-29T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 3.5.19 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0073", "CVE-2011-0065", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0072", "CVE-2011-1202", "CVE-2011-0076"], "modified": "2011-04-29T00:00:00", "cpe": [], "id": "801247.PRM", "href": "https://www.tenable.com/plugins/lce/801247", "sourceData": "Binary data 801247.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-22T14:17:56", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Firefox.\n(CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled out-of-memory conditions. If all memory was consumed when a user visited a malicious web page, it could possibly lead to arbitrary code execution with the privileges of the user running Firefox.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML frameset tag. A web page with a frameset tag containing large values for the 'rows' and 'cols' attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web page with an iframe tag containing a specially crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee elements. A malformed HTML document could cause Firefox to execute arbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection element. Malformed content could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and iframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource:// protocol handler. Malicious content could cause Firefox to access arbitrary files accessible to the user running Firefox.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled 'application/http-index-format' documents. A malformed HTTP response could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript cross-domain requests. If malicious content generated a large number of cross-domain JavaScript requests, it could cause Firefox to execute arbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history information. (CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and mChannel objects. Malicious content could use these flaws to execute arbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This function returned the memory address of an object in memory, which could possibly be used by attackers to bypass address randomization protections. (CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.17. You can find a link to the Mozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.17, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110428_FIREFOX_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61025", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61025);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could possibly lead to arbitrary\ncode execution with the privileges of the user running Firefox.\n(CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user\nvisited a malicious web page, it could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values\nfor the 'rows' and 'cols' attributes could trigger this flaw, possibly\nleading to arbitrary code execution with the privileges of the user\nrunning Firefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web\npage with an iframe tag containing a specially crafted source address\ncould trigger this flaw, possibly leading to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee\nelements. A malformed HTML document could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection\nelement. Malformed content could cause Firefox to execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code\nwith the privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource://\nprotocol handler. Malicious content could cause Firefox to access\narbitrary files accessible to the user running Firefox.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n'application/http-index-format' documents. A malformed HTTP response\ncould cause Firefox to execute arbitrary code with the privileges of\nthe user running Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript\ncross-domain requests. If malicious content generated a large number\nof cross-domain JavaScript requests, it could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history\ninformation. (CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This\nfunction returned the memory address of an object in memory, which\ncould possibly be used by attackers to bypass address randomization\nprotections. (CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.17. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.17, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1104&L=scientific-linux-errata&T=0&P=3138\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b3390d95\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected firefox, xulrunner and / or xulrunner-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"firefox-3.6.17-2.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"firefox-3.6.17-1.el5_6\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-1.9.2.17-3.el5_6\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-devel-1.9.2.17-3.el5_6\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"firefox-3.6.17-1.el6_0\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-1.9.2.17-4.el6_0\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-devel-1.9.2.17-4.el6_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-23T16:04:37", "description": "It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird.\n(CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled certain JavaScript requests. If JavaScript were enabled, an attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman discovered several memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering code. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of certain DOM elements. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in Thunderbird's mChannel and mObserverList objects. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of the nsTreeSelection element. An attacker sending a specially crafted E-Mail could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets.\nIf plugins were enabled, an attacker could use this to mimic interaction with form autocomplete controls and steal entries from the form history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol.\nThis could potentially allow an attacker to load arbitrary files that were accessible to the user running Thunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable. (CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-06-13T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 10.10 : thunderbird vulnerabilities (USN-1122-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:thunderbird", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10"], "id": "UBUNTU_USN-1122-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55080", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1122-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55080);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_bugtraq_id(47641, 47646, 47647, 47648, 47651, 47653, 47654, 47655, 47656, 47659, 47662, 47663, 47666, 47667, 47668);\n script_xref(name:\"USN\", value:\"1122-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 : thunderbird vulnerabilities (USN-1122-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there was a vulnerability in the memory\nhandling of certain types of content. An attacker could exploit this\nto possibly run arbitrary code as the user running Thunderbird.\n(CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled certain\nJavaScript requests. If JavaScript were enabled, an attacker could\nexploit this to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a\ncertain types of documents. An attacker could exploit this to possibly\nrun arbitrary code as the user running Thunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse\nRuderman discovered several memory vulnerabilities. An attacker could\nexploit these to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering\ncode. An attacker could exploit these to possibly run arbitrary code\nas the user running Thunderbird. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker\ncould exploit these to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of\ncertain DOM elements. An attacker could exploit this to possibly run\narbitrary code as the user running Thunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in\nThunderbird's mChannel and mObserverList objects. An attacker could\nexploit these to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of\nthe nsTreeSelection element. An attacker sending a specially crafted\nE-Mail could exploit this to possibly run arbitrary code as the user\nrunning Thunderbird. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets.\nIf plugins were enabled, an attacker could use this to mimic\ninteraction with form autocomplete controls and steal entries from the\nform history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol.\nThis could potentially allow an attacker to load arbitrary files that\nwere accessible to the user running Thunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT\ngenerate-id() function. An attacker could possibly use this\nvulnerability to make other attacks more reliable. (CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1122-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"thunderbird\", pkgver:\"3.1.10+build1+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"thunderbird\", pkgver:\"3.1.10+build1+nobinonly-0ubuntu0.10.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-23T16:00:03", "description": "Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Firefox.\n(CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled out-of-memory conditions. If all memory was consumed when a user visited a malicious web page, it could possibly lead to arbitrary code execution with the privileges of the user running Firefox.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML frameset tag. A web page with a frameset tag containing large values for the 'rows' and 'cols' attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web page with an iframe tag containing a specially crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee elements. A malformed HTML document could cause Firefox to execute arbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection element. Malformed content could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and iframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource:// protocol handler. Malicious content could cause Firefox to access arbitrary files accessible to the user running Firefox.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled 'application/http-index-format' documents. A malformed HTTP response could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript cross-domain requests. If malicious content generated a large number of cross-domain JavaScript requests, it could cause Firefox to execute arbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history information. (CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and mChannel objects. Malicious content could use these flaws to execute arbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This function returned the memory address of an object in memory, which could possibly be used by attackers to bypass address randomization protections. (CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.17. You can find a link to the Mozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.17, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2011-04-29T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 / 6 : firefox (RHSA-2011:0471)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xulrunner", "p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xulrunner-devel", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.6", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "REDHAT-RHSA-2011-0471.NASL", "href": "https://www.tenable.com/plugins/nessus/53580", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0471. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53580);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_xref(name:\"RHSA\", value:\"2011:0471\");\n\n script_name(english:\"RHEL 4 / 5 / 6 : firefox (RHSA-2011:0471)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could possibly lead to arbitrary\ncode execution with the privileges of the user running Firefox.\n(CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user\nvisited a malicious web page, it could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values\nfor the 'rows' and 'cols' attributes could trigger this flaw, possibly\nleading to arbitrary code execution with the privileges of the user\nrunning Firefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web\npage with an iframe tag containing a specially crafted source address\ncould trigger this flaw, possibly leading to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee\nelements. A malformed HTML document could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection\nelement. Malformed content could cause Firefox to execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code\nwith the privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource://\nprotocol handler. Malicious content could cause Firefox to access\narbitrary files accessible to the user running Firefox.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n'application/http-index-format' documents. A malformed HTTP response\ncould cause Firefox to execute arbitrary code with the privileges of\nthe user running Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript\ncross-domain requests. If malicious content generated a large number\nof cross-domain JavaScript requests, it could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history\ninformation. (CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This\nfunction returned the memory address of an object in memory, which\ncould possibly be used by attackers to bypass address randomization\nprotections. (CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.17. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.17, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1202\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ab0bbddd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0471\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0471\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"firefox-3.6.17-2.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-3.6.17-1.el5_6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-1.9.2.17-3.el5_6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-devel-1.9.2.17-3.el5_6\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-3.6.17-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-debuginfo-3.6.17-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-1.9.2.17-4.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-debuginfo-1.9.2.17-4.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-devel-1.9.2.17-4.el6_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo / xulrunner / xulrunner-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-23T16:05:33", "description": "USN-1122-1 fixed vulnerabilities in Thunderbird for Lucid and Maverick. This update provides the corresponding fixes for Natty.\n\nIt was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird.\n(CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled certain JavaScript requests. If JavaScript were enabled, an attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman discovered several memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering code. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird.\n(CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of certain DOM elements. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in Thunderbird's mChannel and mObserverList objects. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird.\n(CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of the nsTreeSelection element. An attacker sending a specially crafted E-Mail could exploit this to possibly run arbitrary code as the user running Thunderbird.\n(CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets. If plugins were enabled, an attacker could use this to mimic interaction with form autocomplete controls and steal entries from the form history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource:\nprotocol. This could potentially allow an attacker to load arbitrary files that were accessible to the user running Thunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable.\n(CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-06-13T00:00:00", "type": "nessus", "title": "Ubuntu 11.04 : thunderbird vulnerabilities (USN-1122-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:thunderbird", "cpe:/o:canonical:ubuntu_linux:11.04"], "id": "UBUNTU_USN-1122-2.NASL", "href": "https://www.tenable.com/plugins/nessus/55081", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1122-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55081);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_bugtraq_id(47641, 47646, 47647, 47648, 47651, 47653, 47654, 47655, 47656, 47659, 47662, 47663, 47666, 47667, 47668);\n script_xref(name:\"USN\", value:\"1122-2\");\n\n script_name(english:\"Ubuntu 11.04 : thunderbird vulnerabilities (USN-1122-2)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1122-1 fixed vulnerabilities in Thunderbird for Lucid and\nMaverick. This update provides the corresponding fixes for Natty.\n\nIt was discovered that there was a vulnerability in the memory\nhandling of certain types of content. An attacker could exploit this\nto possibly run arbitrary code as the user running Thunderbird.\n(CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled\ncertain JavaScript requests. If JavaScript were enabled, an\nattacker could exploit this to possibly run arbitrary code\nas the user running Thunderbird. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling\nof a certain types of documents. An attacker could exploit\nthis to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and\nJesse Ruderman discovered several memory vulnerabilities. An\nattacker could exploit these to possibly run arbitrary code\nas the user running Thunderbird. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML\nrendering code. An attacker could exploit these to possibly\nrun arbitrary code as the user running Thunderbird.\n(CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An\nattacker could exploit these to possibly run arbitrary code\nas the user running Thunderbird. (CVE-2011-0077,\nCVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the\nhandling of certain DOM elements. An attacker could exploit\nthis to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free\nvulnerabilities in Thunderbird's mChannel and mObserverList\nobjects. An attacker could exploit these to possibly run\narbitrary code as the user running Thunderbird.\n(CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the\nhandling of the nsTreeSelection element. An attacker sending\na specially crafted E-Mail could exploit this to possibly\nrun arbitrary code as the user running Thunderbird.\n(CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of\nJava applets. If plugins were enabled, an attacker could use\nthis to mimic interaction with form autocomplete controls\nand steal entries from the form history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource:\nprotocol. This could potentially allow an attacker to load\narbitrary files that were accessible to the user running\nThunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT\ngenerate-id() function. An attacker could possibly use this\nvulnerability to make other attacks more reliable.\n(CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1122-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"thunderbird\", pkgver:\"3.1.10+build1+nobinonly-0ubuntu0.11.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-23T16:04:57", "description": "USN-1122-2 fixed vulnerabilities in Thunderbird on Ubuntu 11.04. A regression was introduced which caused Thunderbird to display an empty menu bar. This update fixes the problem. We apologize for the inconvenience.\n\nIt was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird.\n(CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled certain JavaScript requests. If JavaScript were enabled, an attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman discovered several memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering code. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird.\n(CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of certain DOM elements. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in Thunderbird's mChannel and mObserverList objects. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird.\n(CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of the nsTreeSelection element. An attacker sending a specially crafted E-Mail could exploit this to possibly run arbitrary code as the user running Thunderbird.\n(CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets. If plugins were enabled, an attacker could use this to mimic interaction with form autocomplete controls and steal entries from the form history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource:\nprotocol. This could potentially allow an attacker to load arbitrary files that were accessible to the user running Thunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable.\n(CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-06-13T00:00:00", "type": "nessus", "title": "Ubuntu 11.04 : thunderbird regression (USN-1122-3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:thunderbird-globalmenu", "cpe:/o:canonical:ubuntu_linux:11.04"], "id": "UBUNTU_USN-1122-3.NASL", "href": "https://www.tenable.com/plugins/nessus/55082", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1122-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55082);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_xref(name:\"USN\", value:\"1122-3\");\n\n script_name(english:\"Ubuntu 11.04 : thunderbird regression (USN-1122-3)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1122-2 fixed vulnerabilities in Thunderbird on Ubuntu 11.04. A\nregression was introduced which caused Thunderbird to display an empty\nmenu bar. This update fixes the problem. We apologize for the\ninconvenience.\n\nIt was discovered that there was a vulnerability in the memory\nhandling of certain types of content. An attacker could exploit this\nto possibly run arbitrary code as the user running Thunderbird.\n(CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled\ncertain JavaScript requests. If JavaScript were enabled, an\nattacker could exploit this to possibly run arbitrary code\nas the user running Thunderbird. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling\nof a certain types of documents. An attacker could exploit\nthis to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and\nJesse Ruderman discovered several memory vulnerabilities. An\nattacker could exploit these to possibly run arbitrary code\nas the user running Thunderbird. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML\nrendering code. An attacker could exploit these to possibly\nrun arbitrary code as the user running Thunderbird.\n(CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An\nattacker could exploit these to possibly run arbitrary code\nas the user running Thunderbird. (CVE-2011-0077,\nCVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the\nhandling of certain DOM elements. An attacker could exploit\nthis to possibly run arbitrary code as the user running\nThunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free\nvulnerabilities in Thunderbird's mChannel and mObserverList\nobjects. An attacker could exploit these to possibly run\narbitrary code as the user running Thunderbird.\n(CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the\nhandling of the nsTreeSelection element. An attacker sending\na specially crafted E-Mail could exploit this to possibly\nrun arbitrary code as the user running Thunderbird.\n(CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of\nJava applets. If plugins were enabled, an attacker could use\nthis to mimic interaction with form autocomplete controls\nand steal entries from the form history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource:\nprotocol. This could potentially allow an attacker to load\narbitrary files that were accessible to the user running\nThunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT\ngenerate-id() function. An attacker could possibly use this\nvulnerability to make other attacks more reliable.\n(CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1122-3/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird-globalmenu package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-globalmenu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"thunderbird-globalmenu\", pkgver:\"3.1.10+build1+nobinonly-0ubuntu0.11.04.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird-globalmenu\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-23T16:05:48", "description": "It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Firefox.\n(CVE-2011-0081)\n\nIt was discovered that Firefox incorrectly handled certain JavaScript requests. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman discovered several memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering code. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of certain DOM elements. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in Firefox's mChannel and mObserverList objects. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. (CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of the nsTreeSelection element. An attacker serving malicious content could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets.\nAn attacker could use this to mimic interaction with form autocomplete controls and steal entries from the form history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol.\nThis could potentially allow an attacker to load arbitrary files that were accessible to the user running Firefox. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Firefox's XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable. (CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-06-13T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities (USN-1112-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.10"], "id": "UBUNTU_USN-1112-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55070", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1112-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55070);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_xref(name:\"USN\", value:\"1112-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities (USN-1112-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there was a vulnerability in the memory\nhandling of certain types of content. An attacker could exploit this\nto possibly run arbitrary code as the user running Firefox.\n(CVE-2011-0081)\n\nIt was discovered that Firefox incorrectly handled certain JavaScript\nrequests. An attacker could exploit this to possibly run arbitrary\ncode as the user running Firefox. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a\ncertain types of documents. An attacker could exploit this to possibly\nrun arbitrary code as the user running Firefox. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse\nRuderman discovered several memory vulnerabilities. An attacker could\nexploit these to possibly run arbitrary code as the user running\nFirefox. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering\ncode. An attacker could exploit these to possibly run arbitrary code\nas the user running Firefox. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker\ncould exploit these to possibly run arbitrary code as the user running\nFirefox. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of\ncertain DOM elements. An attacker could exploit this to possibly run\narbitrary code as the user running Firefox. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in\nFirefox's mChannel and mObserverList objects. An attacker could\nexploit these to possibly run arbitrary code as the user running\nFirefox. (CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of\nthe nsTreeSelection element. An attacker serving malicious content\ncould exploit this to possibly run arbitrary code as the user running\nFirefox. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets.\nAn attacker could use this to mimic interaction with form autocomplete\ncontrols and steal entries from the form history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol.\nThis could potentially allow an attacker to load arbitrary files that\nwere accessible to the user running Firefox. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Firefox's XSLT generate-id()\nfunction. An attacker could possibly use this vulnerability to make\nother attacks more reliable. (CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1112-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or xulrunner-1.9.2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|9\\.10|10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 9.10 / 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox\", pkgver:\"3.6.17+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.17+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox\", pkgver:\"3.6.17+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.17+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox\", pkgver:\"3.6.17+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.17+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"firefox\", pkgver:\"3.6.17+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.17+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner-1.9.2\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-23T16:02:07", "description": "Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Firefox.\n(CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled out-of-memory conditions. If all memory was consumed when a user visited a malicious web page, it could possibly lead to arbitrary code execution with the privileges of the user running Firefox.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML frameset tag. A web page with a frameset tag containing large values for the 'rows' and 'cols' attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web page with an iframe tag containing a specially crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee elements. A malformed HTML document could cause Firefox to execute arbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection element. Malformed content could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and iframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource:// protocol handler. Malicious content could cause Firefox to access arbitrary files accessible to the user running Firefox.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled 'application/http-index-format' documents. A malformed HTTP response could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript cross-domain requests. If malicious content generated a large number of cross-domain JavaScript requests, it could cause Firefox to execute arbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history information. (CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and mChannel objects. Malicious content could use these flaws to execute arbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This function returned the memory address of an object in memory, which could possibly be used by attackers to bypass address randomization protections. (CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.17. You can find a link to the Mozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.17, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2011-05-02T00:00:00", "type": "nessus", "title": "CentOS 4 / 5 : firefox (CESA-2011:0471)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:firefox", "p-cpe:/a:centos:centos:xulrunner", "p-cpe:/a:centos:centos:xulrunner-devel", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-0471.NASL", "href": "https://www.tenable.com/plugins/nessus/53598", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0471 and \n# CentOS Errata and Security Advisory 2011:0471 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53598);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_xref(name:\"RHSA\", value:\"2011:0471\");\n\n script_name(english:\"CentOS 4 / 5 : firefox (CESA-2011:0471)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could possibly lead to arbitrary\ncode execution with the privileges of the user running Firefox.\n(CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user\nvisited a malicious web page, it could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values\nfor the 'rows' and 'cols' attributes could trigger this flaw, possibly\nleading to arbitrary code execution with the privileges of the user\nrunning Firefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web\npage with an iframe tag containing a specially crafted source address\ncould trigger this flaw, possibly leading to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee\nelements. A malformed HTML document could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection\nelement. Malformed content could cause Firefox to execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code\nwith the privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource://\nprotocol handler. Malicious content could cause Firefox to access\narbitrary files accessible to the user running Firefox.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n'application/http-index-format' documents. A malformed HTTP response\ncould cause Firefox to execute arbitrary code with the privileges of\nthe user running Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript\ncross-domain requests. If malicious content generated a large number\nof cross-domain JavaScript requests, it could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history\ninformation. (CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This\nfunction returned the memory address of an object in memory, which\ncould possibly be used by attackers to bypass address randomization\nprotections. (CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.17. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.17, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-April/017460.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9b76e816\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-April/017461.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cabd06ba\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-April/017470.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e54017ae\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-April/017471.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7c2b0bf5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"firefox-3.6.17-2.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"firefox-3.6.17-2.el4.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-3.6.17-1.el5.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-1.9.2.17-3.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-devel-1.9.2.17-3.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner / xulrunner-devel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-23T14:36:29", "description": "From Red Hat Security Advisory 2011:0471 :\n\nUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Firefox.\n(CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled out-of-memory conditions. If all memory was consumed when a user visited a malicious web page, it could possibly lead to arbitrary code execution with the privileges of the user running Firefox.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML frameset tag. A web page with a frameset tag containing large values for the 'rows' and 'cols' attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web page with an iframe tag containing a specially crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee elements. A malformed HTML document could cause Firefox to execute arbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection element. Malformed content could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and iframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource:// protocol handler. Malicious content could cause Firefox to access arbitrary files accessible to the user running Firefox.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled 'application/http-index-format' documents. A malformed HTTP response could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript cross-domain requests. If malicious content generated a large number of cross-domain JavaScript requests, it could cause Firefox to execute arbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history information. (CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and mChannel objects. Malicious content could use these flaws to execute arbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This function returned the memory address of an object in memory, which could possibly be used by attackers to bypass address randomization protections. (CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.17. You can find a link to the Mozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.17, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 / 5 / 6 : firefox (ELSA-2011-0471)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:firefox", "p-cpe:/a:oracle:linux:xulrunner", "p-cpe:/a:oracle:linux:xulrunner-devel", "cpe:/o:oracle:linux:4", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2011-0471.NASL", "href": "https://www.tenable.com/plugins/nessus/68261", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0471 and \n# Oracle Linux Security Advisory ELSA-2011-0471 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68261);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_xref(name:\"RHSA\", value:\"2011:0471\");\n\n script_name(english:\"Oracle Linux 4 / 5 / 6 : firefox (ELSA-2011-0471)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0471 :\n\nUpdated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could possibly lead to arbitrary\ncode execution with the privileges of the user running Firefox.\n(CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user\nvisited a malicious web page, it could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values\nfor the 'rows' and 'cols' attributes could trigger this flaw, possibly\nleading to arbitrary code execution with the privileges of the user\nrunning Firefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web\npage with an iframe tag containing a specially crafted source address\ncould trigger this flaw, possibly leading to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee\nelements. A malformed HTML document could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection\nelement. Malformed content could cause Firefox to execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code\nwith the privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource://\nprotocol handler. Malicious content could cause Firefox to access\narbitrary files accessible to the user running Firefox.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n'application/http-index-format' documents. A malformed HTTP response\ncould cause Firefox to execute arbitrary code with the privileges of\nthe user running Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript\ncross-domain requests. If malicious content generated a large number\nof cross-domain JavaScript requests, it could cause Firefox to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history\ninformation. (CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This\nfunction returned the memory address of an object in memory, which\ncould possibly be used by attackers to bypass address randomization\nprotections. (CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.17. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.17, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-April/002101.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-April/002104.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-April/002106.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"firefox-3.6.17-2.0.1.el4\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"firefox-3.6.17-1.0.1.el5_6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-1.9.2.17-3.0.1.el5_6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-devel-1.9.2.17-3.0.1.el5_6\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"firefox-3.6.17-1.0.1.el6_0\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xulrunner-1.9.2.17-4.0.1.el6_0\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xulrunner-devel-1.9.2.17-4.0.1.el6_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner / xulrunner-devel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-23T16:00:39", "description": "The installed version of Firefox 3.6 is earlier than 3.6.17. Such versions are potentially affected by the following security issues :\n\n - Multiple use-after-free errors exist in the handling of the object attributes 'mChannel', 'mObserverList' and 'nsTreeRange'. (CVE-2011-0065, CVE-2011-0066, CVE-2011-0073)\n\n - An error exists in the handling of Java applets that can allow sensitive form history data to be accessed.\n (CVE-2011-0067)\n\n - An error in the resource protocol can allow directory traversal. (CVE-2011-0071)\n\n - Multiple memory safety issues can lead to application crashes and possibly remote code execution.\n (CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0080, CVE-2011-0081)\n\n - An information disclosure vulnerability exists in the 'xsltGenerateIdFunction' function in the included libxslt library. (CVE-2011-1202)", "cvss3": {"score": null, "vector": null}, "published": "2011-04-29T00:00:00", "type": "nessus", "title": "Firefox 3.6 < 3.6.17 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_3617.NASL", "href": "https://www.tenable.com/plugins/nessus/53594", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53594);\n script_version(\"1.31\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n\n script_cve_id(\n \"CVE-2011-0065\",\n \"CVE-2011-0066\",\n \"CVE-2011-0067\",\n \"CVE-2011-0069\",\n \"CVE-2011-0070\",\n \"CVE-2011-0071\",\n \"CVE-2011-0072\",\n \"CVE-2011-0073\",\n \"CVE-2011-0074\",\n \"CVE-2011-0075\",\n \"CVE-2011-0077\",\n \"CVE-2011-0078\",\n \"CVE-2011-0080\",\n \"CVE-2011-0081\",\n \"CVE-2011-1202\"\n );\n script_bugtraq_id(\n 47641,\n 47646,\n 47647,\n 47648,\n 47651,\n 47653,\n 47654,\n 47655,\n 47656,\n 47657,\n 47659,\n 47660,\n 47662,\n 47663,\n 47667,\n 47668\n );\n script_xref(name:\"EDB-ID\", value:\"17419\");\n script_xref(name:\"EDB-ID\", value:\"17520\");\n script_xref(name:\"EDB-ID\", value:\"17612\");\n script_xref(name:\"EDB-ID\", value:\"17650\");\n script_xref(name:\"EDB-ID\", value:\"17672\");\n script_xref(name:\"EDB-ID\", value:\"18377\");\n script_xref(name:\"Secunia\", value:\"44357\");\n\n script_name(english:\"Firefox 3.6 < 3.6.17 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox 3.6 is earlier than 3.6.17. Such\nversions are potentially affected by the following security issues :\n\n - Multiple use-after-free errors exist in the handling of\n the object attributes 'mChannel', 'mObserverList' and\n 'nsTreeRange'. (CVE-2011-0065, CVE-2011-0066, \n CVE-2011-0073)\n\n - An error exists in the handling of Java applets that\n can allow sensitive form history data to be accessed.\n (CVE-2011-0067)\n\n - An error in the resource protocol can allow directory\n traversal. (CVE-2011-0071)\n\n - Multiple memory safety issues can lead to application \n crashes and possibly remote code execution.\n (CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, \n CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, \n CVE-2011-0078, CVE-2011-0080, CVE-2011-0081)\n\n - An information disclosure vulnerability exists in the\n 'xsltGenerateIdFunction' function in the included\n libxslt library. (CVE-2011-1202)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-157/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-159/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-14/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-18/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7cbff22e\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 3.6.17 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\"); \n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'3.6.17', min:'3.6', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-23T16:03:34", "description": "Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.\n\n - CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 'Scoobidiver', Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella discovered memory corruption bugs, which may lead to the execution of arbitrary code.\n\n - CVE-2011-0065 CVE-2011-0066 CVE-2011-0073 'regenrecht' discovered several dangling pointer vulnerabilities, which may lead to the execution of arbitrary code.\n\n - CVE-2011-0067 Paul Stone discovered that Java applets could steal information from the autocompletion history.\n\n - CVE-2011-0071 Soroush Dalili discovered a directory traversal vulnerability in handling resource URIs.\n\nAs indicated in the Lenny (oldstable) release notes, security support for the Icedove packages in the oldstable needed to be stopped before the end of the regular Lenny security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a different mail client.", "cvss3": {"score": null, "vector": null}, "published": "2011-05-11T00:00:00", "type": "nessus", "title": "Debian DSA-2235-1 : icedove - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:icedove", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2235.NASL", "href": "https://www.tenable.com/plugins/nessus/53862", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2235. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53862);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n script_xref(name:\"DSA\", value:\"2235\");\n\n script_name(english:\"Debian DSA-2235-1 : icedove - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in Icedove, an unbranded\nversion of the Thunderbird mail/news client.\n\n - CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074\n CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080\n CVE-2011-0081\n 'Scoobidiver', Ian Beer Bob Clary, Henri Sivonen, Marco\n Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and\n Martin Barbella discovered memory corruption bugs, which\n may lead to the execution of arbitrary code.\n\n - CVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n 'regenrecht' discovered several dangling pointer\n vulnerabilities, which may lead to the execution of\n arbitrary code.\n\n - CVE-2011-0067\n Paul Stone discovered that Java applets could steal\n information from the autocompletion history.\n\n - CVE-2011-0071\n Soroush Dalili discovered a directory traversal\n vulnerability in handling resource URIs.\n\nAs indicated in the Lenny (oldstable) release notes, security support\nfor the Icedove packages in the oldstable needed to be stopped before\nthe end of the regular Lenny security maintenance life cycle. You are\nstrongly encouraged to upgrade to stable or switch to a different mail\nclient.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/icedove\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2235\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icedove packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"icedove\", reference:\"3.0.11-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"icedove-dbg\", reference:\"3.0.11-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"icedove-dev\", reference:\"3.0.11-1+squeeze2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-23T16:02:50", "description": "Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of SeaMonkey :\n\n - CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 'Scoobidiver', Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella discovered memory corruption bugs, which may lead to the execution of arbitrary code.\n\n - CVE-2011-0065 CVE-2011-0066 CVE-2011-0073 'regenrecht' discovered several dangling pointer vulnerabilities, which may lead to the execution of arbitrary code.\n\n - CVE-2011-0067 Paul Stone discovered that Java applets could steal information from the autocompletion history.\n\n - CVE-2011-0071 Soroush Dalili discovered a directory traversal vulnerability in handling resource URIs.\n\nThe oldstable distribution (lenny) is not affected. The iceape package only provides the XPCOM code.", "cvss3": {"score": null, "vector": null}, "published": "2011-05-02T00:00:00", "type": "nessus", "title": "Debian DSA-2227-1 : iceape - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:iceape", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2227.NASL", "href": "https://www.tenable.com/plugins/nessus/53602", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2227. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53602);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n script_xref(name:\"DSA\", value:\"2227\");\n\n script_name(english:\"Debian DSA-2227-1 : iceape - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been found in the Iceape internet suite,\nan unbranded version of SeaMonkey :\n\n - CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074\n CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080\n CVE-2011-0081\n 'Scoobidiver', Ian Beer Bob Clary, Henri Sivonen, Marco\n Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and\n Martin Barbella discovered memory corruption bugs, which\n may lead to the execution of arbitrary code.\n\n - CVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n 'regenrecht' discovered several dangling pointer\n vulnerabilities, which may lead to the execution of\n arbitrary code.\n\n - CVE-2011-0067\n Paul Stone discovered that Java applets could steal\n information from the autocompletion history.\n\n - CVE-2011-0071\n Soroush Dalili discovered a directory traversal\n vulnerability in handling resource URIs.\n\nThe oldstable distribution (lenny) is not affected. The iceape package\nonly provides the XPCOM code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/iceape\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2227\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the iceape packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceape\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"iceape\", reference:\"2.0.11-5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceape-browser\", reference:\"2.0.11-5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceape-chatzilla\", reference:\"2.0.11-5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceape-dbg\", reference:\"2.0.11-5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceape-dev\", reference:\"2.0.11-5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceape-mailnews\", reference:\"2.0.11-5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-23T16:01:27", "description": "Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox :\n\n - CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 'Scoobidiver', Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella discovered memory corruption bugs, which may lead to the execution of arbitrary code.\n\n - CVE-2011-0065 CVE-2011-0066 CVE-2011-0073 'regenrecht' discovered several dangling pointer vulnerabilities, which may lead to the execution of arbitrary code.\n\n - CVE-2011-0067 Paul Stone discovered that Java applets could steal information from the autocompletion history.\n\n - CVE-2011-0071 Soroush Dalili discovered a directory traversal vulnerability in handling resource URIs.", "cvss3": {"score": null, "vector": null}, "published": "2011-05-02T00:00:00", "type": "nessus", "title": "Debian DSA-2228-1 : iceweasel - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:iceweasel", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2228.NASL", "href": "https://www.tenable.com/plugins/nessus/53603", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2228. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53603);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n script_xref(name:\"DSA\", value:\"2228\");\n\n script_name(english:\"Debian DSA-2228-1 : iceweasel - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been found in Iceweasel, a web browser\nbased on Firefox :\n\n - CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074\n CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080\n CVE-2011-0081\n 'Scoobidiver', Ian Beer Bob Clary, Henri Sivonen, Marco\n Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and\n Martin Barbella discovered memory corruption bugs, which\n may lead to the execution of arbitrary code.\n\n - CVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n 'regenrecht' discovered several dangling pointer\n vulnerabilities, which may lead to the execution of\n arbitrary code.\n\n - CVE-2011-0067\n Paul Stone discovered that Java applets could steal\n information from the autocompletion history.\n\n - CVE-2011-0071\n Soroush Dalili discovered a directory traversal\n vulnerability in handling resource URIs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/iceweasel\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2228\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the iceweasel packages.\n\nFor the oldstable distribution (lenny), this problem will be fixed\nsoon with updated packages of the xulrunner source package.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"iceweasel\", reference:\"3.5.16-7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"iceweasel-dbg\", reference:\"3.5.16-7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-23T16:04:14", "description": "Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release.\n\n - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits. (MFSA 2011-12)\n\n - Mozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6 (CVE-2011-0081) The web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\n Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\n Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\n Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 / CVE-2011-0075)\n\n Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 / CVE-2011-0078)\n\n Martin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\n - Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative. (MFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073)\n\n - Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. (MFSA 2011-14 / CVE-2011-0067)\n\n - Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system. (MFSA 2011-18 / CVE-2011-1202)", "cvss3": {"score": null, "vector": null}, "published": "2011-05-05T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : Mozilla-XULrunner (SAT Patch Number 4461)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_MOZILLA-XULRUNNER191-110429.NASL", "href": "https://www.tenable.com/plugins/nessus/53648", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53648);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n\n script_name(english:\"SuSE 11.1 Security Update : Mozilla-XULrunner (SAT Patch Number 4461)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. Credits. (MFSA 2011-12)\n\n - Mozilla developer Scoobidiver reported a memory safety\n issue which affected Firefox 4 and Firefox 3.6\n (CVE-2011-0081) The web development team of Alcidion\n reported a crash that affected Firefox 4, Firefox 3.6\n and Firefox 3.5. (CVE-2011-0069)\n\n Ian Beer reported a crash that affected Firefox 4,\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\n Mozilla developers Bob Clary, Henri Sivonen, Marco\n Bonardo, Mats Palmgren and Jesse Ruderman reported\n memory safety issues which affected Firefox 3.6 and\n Firefox 3.5. (CVE-2011-0080)\n\n Aki Helin reported memory safety issues which affected\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 /\n CVE-2011-0075)\n\n Ian Beer reported memory safety issues which affected\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 /\n CVE-2011-0078)\n\n Martin Barbella reported a memory safety issue which\n affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\n - Security researcher regenrecht reported several dangling\n pointer vulnerabilities via TippingPoint's Zero Day\n Initiative. (MFSA 2011-13 / CVE-2011-0065 /\n CVE-2011-0066 / CVE-2011-0073)\n\n - Security researcher Paul Stone reported that a Java\n applet could be used to mimic interaction with form\n autocomplete controls and steal entries from the form\n history. (MFSA 2011-14 / CVE-2011-0067)\n\n - Chris Evans of the Chrome Security Team reported that\n the XSLT generate-id() function returned a string that\n revealed a specific valid address of an object on the\n memory heap. It is possible that in some cases this\n address would be valuable information that could be used\n by an attacker while exploiting a different memory\n corruption but, in order to make an exploit more\n reliable or work around mitigation features in the\n browser or operating system. (MFSA 2011-18 /\n CVE-2011-1202)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-12.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-13.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-14.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-18.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0065.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0066.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0067.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0069.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0070.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0072.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0073.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0074.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0077.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0078.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0080.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0081.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1202.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4461.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-translations-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.19-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.19-0.2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-23T16:02:50", "description": "Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history.\n\nMFSA 2011-18 / CVE-2011-1202: Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system.", "cvss3": {"score": null, "vector": null}, "published": "2011-05-05T00:00:00", "type": "nessus", "title": "openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-4456)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozilla-xulrunner191", "p-cpe:/a:novell:opensuse:mozilla-xulrunner191-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner191-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs", "p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-other", "p-cpe:/a:novell:opensuse:python-xpcom191", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_MOZILLA-XULRUNNER191-110429.NASL", "href": "https://www.tenable.com/plugins/nessus/53779", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update mozilla-xulrunner191-4456.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53779);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n\n script_name(english:\"openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-4456)\");\n script_summary(english:\"Check for the mozilla-xulrunner191-4456 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.\n\nMFSA 2011-18 / CVE-2011-1202: Chris Evans of the Chrome Security Team\nreported that the XSLT generate-id() function returned a string that\nrevealed a specific valid address of an object on the memory heap. It\nis possible that in some cases this address would be valuable\ninformation that could be used by an attacker while exploiting a\ndifferent memory corruption but, in order to make an exploit more\nreliable or work around mitigation features in the browser or\noperating system.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla-xulrunner191 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xpcom191\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner191-1.9.1.19-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner191-devel-1.9.1.19-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.19-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner191-translations-common-1.9.1.19-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner191-translations-other-1.9.1.19-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"python-xpcom191-1.9.1.19-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.19-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.19-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mozilla-xulrunner191\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-23T16:02:52", "description": "Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release.\n\n - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits. (MFSA 2011-12)\n\n - Mozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6.\n (CVE-2011-0081)\n\n The web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5.\n (CVE-2011-0069)\n\n Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\n Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\n Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 / CVE-2011-0075)\n\n Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 / CVE-2011-0078)\n\n Martin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\n - Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative. (MFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073)\n\n - Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. (MFSA 2011-14 / CVE-2011-0067)\n\n - Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system. (MFSA 2011-18 / CVE-2011-1202)", "cvss3": {"score": null, "vector": null}, "published": "2011-05-05T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Mozilla XULrunner (ZYPP Patch Number 7493)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_MOZILLA-XULRUNNER191-7493.NASL", "href": "https://www.tenable.com/plugins/nessus/53650", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53650);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n\n script_name(english:\"SuSE 10 Security Update : Mozilla XULrunner (ZYPP Patch Number 7493)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. Credits. (MFSA 2011-12)\n\n - Mozilla developer Scoobidiver reported a memory safety\n issue which affected Firefox 4 and Firefox 3.6.\n (CVE-2011-0081)\n\n The web development team of Alcidion reported a crash\n that affected Firefox 4, Firefox 3.6 and Firefox 3.5.\n (CVE-2011-0069)\n\n Ian Beer reported a crash that affected Firefox 4,\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\n Mozilla developers Bob Clary, Henri Sivonen, Marco\n Bonardo, Mats Palmgren and Jesse Ruderman reported\n memory safety issues which affected Firefox 3.6 and\n Firefox 3.5. (CVE-2011-0080)\n\n Aki Helin reported memory safety issues which affected\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 /\n CVE-2011-0075)\n\n Ian Beer reported memory safety issues which affected\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 /\n CVE-2011-0078)\n\n Martin Barbella reported a memory safety issue which\n affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\n - Security researcher regenrecht reported several dangling\n pointer vulnerabilities via TippingPoint's Zero Day\n Initiative. (MFSA 2011-13 / CVE-2011-0065 /\n CVE-2011-0066 / CVE-2011-0073)\n\n - Security researcher Paul Stone reported that a Java\n applet could be used to mimic interaction with form\n autocomplete controls and steal entries from the form\n history. (MFSA 2011-14 / CVE-2011-0067)\n\n - Chris Evans of the Chrome Security Team reported that\n the XSLT generate-id() function returned a string that\n revealed a specific valid address of an object on the\n memory heap. It is possible that in some cases this\n address would be valuable information that could be used\n by an attacker while exploiting a different memory\n corruption but, in order to make an exploit more\n reliable or work around mitigation features in the\n browser or operating system. (MFSA 2011-18 /\n CVE-2011-1202)\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-12.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-13.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-14.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-14/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-18.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-18/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0065.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0066.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0067.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0069.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0070.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0072.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0073.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0074.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0077.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0078.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0080.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0081.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1202.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7493.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner191-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner191-translations-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.19-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-23T16:11:30", "description": "Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release.\n\n - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits. (MFSA 2011-12)\n\n Mozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6.\n (CVE-2011-0081)\n\n The web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5.\n (CVE-2011-0069)\n\n Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\n Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\n Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 / CVE-2011-0075)\n\n Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 / CVE-2011-0078)\n\n Martin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\n - Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative. (MFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073)\n\n - Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. (MFSA 2011-14 / CVE-2011-0067)\n\n - Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system. (MFSA 2011-18 / CVE-2011-1202)", "cvss3": {"score": null, "vector": null}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Mozilla XULrunner (ZYPP Patch Number 7492)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_MOZILLA-XULRUNNER191-7492.NASL", "href": "https://www.tenable.com/plugins/nessus/57228", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57228);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n\n script_name(english:\"SuSE 10 Security Update : Mozilla XULrunner (ZYPP Patch Number 7492)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. Credits. (MFSA 2011-12)\n\n Mozilla developer Scoobidiver reported a memory safety\n issue which affected Firefox 4 and Firefox 3.6.\n (CVE-2011-0081)\n\n The web development team of Alcidion reported a crash\n that affected Firefox 4, Firefox 3.6 and Firefox 3.5.\n (CVE-2011-0069)\n\n Ian Beer reported a crash that affected Firefox 4,\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\n Mozilla developers Bob Clary, Henri Sivonen, Marco\n Bonardo, Mats Palmgren and Jesse Ruderman reported\n memory safety issues which affected Firefox 3.6 and\n Firefox 3.5. (CVE-2011-0080)\n\n Aki Helin reported memory safety issues which affected\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 /\n CVE-2011-0075)\n\n Ian Beer reported memory safety issues which affected\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 /\n CVE-2011-0078)\n\n Martin Barbella reported a memory safety issue which\n affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\n - Security researcher regenrecht reported several dangling\n pointer vulnerabilities via TippingPoint's Zero Day\n Initiative. (MFSA 2011-13 / CVE-2011-0065 /\n CVE-2011-0066 / CVE-2011-0073)\n\n - Security researcher Paul Stone reported that a Java\n applet could be used to mimic interaction with form\n autocomplete controls and steal entries from the form\n history. (MFSA 2011-14 / CVE-2011-0067)\n\n - Chris Evans of the Chrome Security Team reported that\n the XSLT generate-id() function returned a string that\n revealed a specific valid address of an object on the\n memory heap. It is possible that in some cases this\n address would be valuable information that could be used\n by an attacker while exploiting a different memory\n corruption but, in order to make an exploit more\n reliable or work around mitigation features in the\n browser or operating system. (MFSA 2011-18 /\n CVE-2011-1202)\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-12.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-13.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-14.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-14/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-18.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-18/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0065.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0066.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0067.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0069.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0070.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0072.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0073.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0074.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0077.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0078.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0080.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0081.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1202.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7492.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"mozilla-xulrunner191-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"mozilla-xulrunner191-translations-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"mozilla-xulrunner191-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"mozilla-xulrunner191-translations-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.19-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.19-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-27T14:25:01", "description": "Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history.\n\nMFSA 2011-18 / CVE-2011-1202: Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-4456)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozilla-xulrunner191", "p-cpe:/a:novell:opensuse:mozilla-xulrunner191-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner191-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs", "p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-other", "p-cpe:/a:novell:opensuse:python-xpcom191", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_MOZILLA-XULRUNNER191-110429.NASL", "href": "https://www.tenable.com/plugins/nessus/75675", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update mozilla-xulrunner191-4456.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75675);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n\n script_name(english:\"openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-4456)\");\n script_summary(english:\"Check for the mozilla-xulrunner191-4456 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.\n\nMFSA 2011-18 / CVE-2011-1202: Chris Evans of the Chrome Security Team\nreported that the XSLT generate-id() function returned a string that\nrevealed a specific valid address of an object on the memory heap. It\nis possible that in some cases this address would be valuable\ninformation that could be used by an attacker while exploiting a\ndifferent memory corruption but, in order to make an exploit more\nreliable or work around mitigation features in the browser or\noperating system.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla-xulrunner191 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xpcom191\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner191-1.9.1.19-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner191-devel-1.9.1.19-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.19-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner191-translations-common-1.9.1.19-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner191-translations-other-1.9.1.19-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"python-xpcom191-1.9.1.19-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.19-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.19-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mozilla-xulrunner191\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-23T16:04:14", "description": "Mozilla SeaMonkey was updated to the 2.0.14 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history.", "cvss3": {"score": null, "vector": null}, "published": "2011-05-05T00:00:00", "type": "nessus", "title": "openSUSE Security Update : seamonkey (seamonkey-4462)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_SEAMONKEY-110429.NASL", "href": "https://www.tenable.com/plugins/nessus/53800", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-4462.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53800);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (seamonkey-4462)\");\n script_summary(english:\"Check for the seamonkey-4462 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey was updated to the 2.0.14 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"seamonkey-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"seamonkey-dom-inspector-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"seamonkey-irc-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"seamonkey-venkman-2.0.14-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-27T14:21:00", "description": "Mozilla SeaMonkey was updated to the 2.0.14 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : seamonkey (seamonkey-4462)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_SEAMONKEY-110429.NASL", "href": "https://www.tenable.com/plugins/nessus/76019", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-4462.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76019);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (seamonkey-4462)\");\n script_summary(english:\"Check for the seamonkey-4462 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey was updated to the 2.0.14 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debuginfo-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debugsource-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-dom-inspector-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-irc-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-common-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-other-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-venkman-2.0.14-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-27T14:24:10", "description": "Mozilla SeaMonkey was updated to the 2.0.14 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : seamonkey (seamonkey-4462)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_SEAMONKEY-110429.NASL", "href": "https://www.tenable.com/plugins/nessus/75738", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-4462.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75738);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (seamonkey-4462)\");\n script_summary(english:\"Check for the seamonkey-4462 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey was updated to the 2.0.14 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-dom-inspector-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-irc-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-translations-common-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-translations-other-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-venkman-2.0.14-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:00:55", "description": "Versions of Firefox 3.6.x earlier than 3.6.17 are potentially affected by multiple vulnerabilities : \n\nMultiple memory corruption issues could lead to arbitrary code execution. (MFSA2011-12)\n - Multiple dangling pointer vulnerabilities exist. (MFSA2011-13)\n - A Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. (MFSA2011-14)\n - The Java Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox could be exploited to obtain elevated access to resources on a user's system. (MFSA2011-15)\n - The 'resource: ' protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. (MFSA2011-16)\n - The XSLT 'generate-id()' function returned a string that revealed a specific valid address of an object on the memory heap. (MFSA2011-18)", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2011-04-29T00:00:00", "type": "nessus", "title": "Mozilla Firefox 3.6.x < 3.6.17 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0073", "CVE-2011-0065", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0072", "CVE-2011-1202", "CVE-2011-0076"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"], "id": "5901.PRM", "href": "https://www.tenable.com/plugins/nnm/5901", "sourceData": "Binary data 5901.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:01:11", "description": "Versions of SeaMonkey earlier than 2.0.14 are potentially affected by multiple vulnerabilities : \n\nMultiple memory corruption issues could lead to arbitrary code execution. (MFSA2011-12)\n\n - Multiple dangling pointer vulnerabilities exist. (MFSA2011-13)\n\n - A Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. (MFSA2011-14)\n\n - The Java Embedding Plugin (JEP) shipped with the Mac OS X versions of SeaMonkey could be exploited to obtain elevated access to resources on a user's system. (MFSA2011-15)\n\n - The 'resource: ' protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. (MFSA2011-16)\n\n - The XSLT 'generate-id()' function returned a string that revealed a specific valid address of an object on the memory heap. (MFSA2011-18)", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2011-03-25T00:00:00", "type": "nessus", "title": "SeaMonkey < 2.0.14 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0073", "CVE-2011-0065", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0072", "CVE-2011-1202", "CVE-2011-0076"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*"], "id": "5904.PRM", "href": "https://www.tenable.com/plugins/nnm/5904", "sourceData": "Binary data 5904.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:01:09", "description": "Versions of SeaMonkey earlier than 2.0.14 are potentially affected by multiple vulnerabilities : \n\nMultiple memory corruption issues could lead to arbitrary code execution. (MFSA2011-12)\n\n - Multiple dangling pointer vulnerabilities exist. (MFSA2011-13)\n\n - A Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. (MFSA2011-14)\n\n - The Java Embedding Plugin (JEP) shipped with the Mac OS X versions of SeaMonkey could be exploited to obtain elevated access to resources on a user's system. (MFSA2011-15)\n\n - The 'resource: ' protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. (MFSA2011-16)\n\n - The XSLT 'generate-id()' function returned a string that revealed a specific valid address of an object on the memory heap. (MFSA2011-18)", "cvss3": {"score": null, "vector": null}, "published": "2011-03-25T00:00:00", "type": "nessus", "title": "Mozilla SeaMonkey < 2.0.14 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0073", "CVE-2011-0065", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0072", "CVE-2011-1202", "CVE-2011-0076"], "modified": "2011-03-25T00:00:00", "cpe": [], "id": "801324.PRM", "href": "https://www.tenable.com/plugins/lce/801324", "sourceData": "Binary data 801324.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:00:54", "description": "Versions of Firefox 3.6.x earlier than 3.6.17 are potentially affected by multiple vulnerabilities : \n\nMultiple memory corruption issues could lead to arbitrary code execution. (MFSA2011-12)\n\n - Multiple dangling pointer vulnerabilities exist. (MFSA2011-13)\n\n - A Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. (MFSA2011-14)\n\n - The Java Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox could be exploited to obtain elevated access to resources on a user's system. (MFSA2011-15)\n\n - The 'resource: ' protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. (MFSA2011-16)\n\n - The XSLT 'generate-id()' function returned a string that revealed a specific valid address of an object on the memory heap. (MFSA2011-18)", "cvss3": {"score": null, "vector": null}, "published": "2011-04-29T00:00:00", "type": "nessus", "title": "Mozilla Firefox 3.6.x < 3.6.17 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0073", "CVE-2011-0065", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0072", "CVE-2011-1202", "CVE-2011-0076"], "modified": "2011-04-29T00:00:00", "cpe": [], "id": "801238.PRM", "href": "https://www.tenable.com/plugins/lce/801238", "sourceData": "Binary data 801238.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-23T16:11:07", "description": "Mozilla Firefox was updated to the 3.6.17 security release.\n\n - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits. (MFSA 2011-12)\n\n Mozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6.\n (CVE-2011-0081)\n\n The web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5.\n (CVE-2011-0069)\n\n Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\n Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\n Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 / CVE-2011-0075)\n\n Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 / CVE-2011-0078)\n\n Martin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\n - Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative. (MFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073)\n\n - Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. (MFSA 2011-14 / CVE-2011-0067)\n\n - David Remahl of Apple Product Security reported that the Java Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox could be exploited to obtain elevated access to resources on a user's system. (MFSA 2011-15 / CVE-2011-0076)\n\n - Security researcher Soroush Dalili reported that the resource: protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. The impact would depend on whether interesting files existed in predictable locations in a useful format. For example, the existence or non-existence of particular images might indicate whether certain software was installed.\n (MFSA 2011-16 / CVE-2011-0071)\n\n - Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system. (MFSA 2011-18 / CVE-2011-1202)", "cvss3": {"score": null, "vector": null}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7490)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0076", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_MOZILLAFIREFOX-7490.NASL", "href": "https://www.tenable.com/plugins/nessus/57148", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57148);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0076\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n\n script_name(english:\"SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7490)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was updated to the 3.6.17 security release.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. Credits. (MFSA 2011-12)\n\n Mozilla developer Scoobidiver reported a memory safety\n issue which affected Firefox 4 and Firefox 3.6.\n (CVE-2011-0081)\n\n The web development team of Alcidion reported a crash\n that affected Firefox 4, Firefox 3.6 and Firefox 3.5.\n (CVE-2011-0069)\n\n Ian Beer reported a crash that affected Firefox 4,\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\n Mozilla developers Bob Clary, Henri Sivonen, Marco\n Bonardo, Mats Palmgren and Jesse Ruderman reported\n memory safety issues which affected Firefox 3.6 and\n Firefox 3.5. (CVE-2011-0080)\n\n Aki Helin reported memory safety issues which affected\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 /\n CVE-2011-0075)\n\n Ian Beer reported memory safety issues which affected\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 /\n CVE-2011-0078)\n\n Martin Barbella reported a memory safety issue which\n affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\n - Security researcher regenrecht reported several dangling\n pointer vulnerabilities via TippingPoint's Zero Day\n Initiative. (MFSA 2011-13 / CVE-2011-0065 /\n CVE-2011-0066 / CVE-2011-0073)\n\n - Security researcher Paul Stone reported that a Java\n applet could be used to mimic interaction with form\n autocomplete controls and steal entries from the form\n history. (MFSA 2011-14 / CVE-2011-0067)\n\n - David Remahl of Apple Product Security reported that the\n Java Embedding Plugin (JEP) shipped with the Mac OS X\n versions of Firefox could be exploited to obtain\n elevated access to resources on a user's system. (MFSA\n 2011-15 / CVE-2011-0076)\n\n - Security researcher Soroush Dalili reported that the\n resource: protocol could be exploited to allow directory\n traversal on Windows and the potential loading of\n resources from non-permitted locations. The impact would\n depend on whether interesting files existed in\n predictable locations in a useful format. For example,\n the existence or non-existence of particular images\n might indicate whether certain software was installed.\n (MFSA 2011-16 / CVE-2011-0071)\n\n - Chris Evans of the Chrome Security Team reported that\n the XSLT generate-id() function returned a string that\n revealed a specific valid address of an object on the\n memory heap. It is possible that in some cases this\n address would be valuable information that could be used\n by an attacker while exploiting a different memory\n corruption but, in order to make an exploit more\n reliable or work around mitigation features in the\n browser or operating system. (MFSA 2011-18 /\n CVE-2011-1202)\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-12.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-13.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-14.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-14/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-15.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-15/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-16.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-16/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-18.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-18/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0065.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0066.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0067.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0069.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0070.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0071.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0072.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0073.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0074.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0076.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0077.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0078.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0080.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0081.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1202.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7490.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"MozillaFirefox-3.6.17-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"MozillaFirefox-translations-3.6.17-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"mozilla-xulrunner192-1.9.2.17-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"mozilla-xulrunner192-gnome-1.9.2.17-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"mozilla-xulrunner192-translations-1.9.2.17-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.17-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.17-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-32bit-1.9.2.17-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"MozillaFirefox-3.6.17-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"MozillaFirefox-translations-3.6.17-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"mozilla-xulrunner192-1.9.2.17-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"mozilla-xulrunner192-gnome-1.9.2.17-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"mozilla-xulrunner192-translations-1.9.2.17-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.17-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.17-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-32bit-1.9.2.17-0.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-23T16:04:15", "description": "Mozilla Firefox was updated to the 3.6.17 security release.\n\n - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits. (MFSA 2011-12)\n\n Mozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6.\n (CVE-2011-0081)\n\n The web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5.\n (CVE-2011-0069)\n\n Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\n Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\n Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 / CVE-2011-0075)\n\n Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 / CVE-2011-0078)\n\n Martin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\n - Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative. (MFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073)\n\n - Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. (MFSA 2011-14 / CVE-2011-0067)\n\n - David Remahl of Apple Product Security reported that the Java Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox could be exploited to obtain elevated access to resources on a user's system. (MFSA 2011-15 / CVE-2011-0076)\n\n - Security researcher Soroush Dalili reported that the resource: protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. The impact would depend on whether interesting files existed in predictable locations in a useful format. For example, the existence or non-existence of particular images might indicate whether certain software was installed.\n (MFSA 2011-16 / CVE-2011-0071)\n\n - Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system. (MFSA 2011-18 / CVE-2011-1202)", "cvss3": {"score": null, "vector": null}, "published": "2011-05-05T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7491)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0076", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_MOZILLAFIREFOX-7491.NASL", "href": "https://www.tenable.com/plugins/nessus/53649", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53649);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0076\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n\n script_name(english:\"SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7491)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was updated to the 3.6.17 security release.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. Credits. (MFSA 2011-12)\n\n Mozilla developer Scoobidiver reported a memory safety\n issue which affected Firefox 4 and Firefox 3.6.\n (CVE-2011-0081)\n\n The web development team of Alcidion reported a crash\n that affected Firefox 4, Firefox 3.6 and Firefox 3.5.\n (CVE-2011-0069)\n\n Ian Beer reported a crash that affected Firefox 4,\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\n Mozilla developers Bob Clary, Henri Sivonen, Marco\n Bonardo, Mats Palmgren and Jesse Ruderman reported\n memory safety issues which affected Firefox 3.6 and\n Firefox 3.5. (CVE-2011-0080)\n\n Aki Helin reported memory safety issues which affected\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 /\n CVE-2011-0075)\n\n Ian Beer reported memory safety issues which affected\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 /\n CVE-2011-0078)\n\n Martin Barbella reported a memory safety issue which\n affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\n - Security researcher regenrecht reported several dangling\n pointer vulnerabilities via TippingPoint's Zero Day\n Initiative. (MFSA 2011-13 / CVE-2011-0065 /\n CVE-2011-0066 / CVE-2011-0073)\n\n - Security researcher Paul Stone reported that a Java\n applet could be used to mimic interaction with form\n autocomplete controls and steal entries from the form\n history. (MFSA 2011-14 / CVE-2011-0067)\n\n - David Remahl of Apple Product Security reported that the\n Java Embedding Plugin (JEP) shipped with the Mac OS X\n versions of Firefox could be exploited to obtain\n elevated access to resources on a user's system. (MFSA\n 2011-15 / CVE-2011-0076)\n\n - Security researcher Soroush Dalili reported that the\n resource: protocol could be exploited to allow directory\n traversal on Windows and the potential loading of\n resources from non-permitted locations. The impact would\n depend on whether interesting files existed in\n predictable locations in a useful format. For example,\n the existence or non-existence of particular images\n might indicate whether certain software was installed.\n (MFSA 2011-16 / CVE-2011-0071)\n\n - Chris Evans of the Chrome Security Team reported that\n the XSLT generate-id() function returned a string that\n revealed a specific valid address of an object on the\n memory heap. It is possible that in some cases this\n address would be valuable information that could be used\n by an attacker while exploiting a different memory\n corruption but, in order to make an exploit more\n reliable or work around mitigation features in the\n browser or operating system. (MFSA 2011-18 /\n CVE-2011-1202)\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-12.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-13.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-14.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-14/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-15.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-15/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-16.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-16/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-18.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-18/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0065.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0066.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0067.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0069.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0070.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0071.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0072.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0073.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0074.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0076.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0077.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0078.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0080.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0081.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1202.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7491.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"MozillaFirefox-3.6.17-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"MozillaFirefox-translations-3.6.17-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner192-1.9.2.17-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner192-gnome-1.9.2.17-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner192-translations-1.9.2.17-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.17-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.17-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-32bit-1.9.2.17-0.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-23T16:02:06", "description": "Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system (CVE-2011-1202).\n\nSecurity researcher Soroush Dalili reported that the resource:\nprotocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations.\nThe impact would depend on whether interesting files existed in predictable locations in a useful format. For example, the existence or non-existence of particular images might indicate whether certain software was installed (CVE-2011-0071).\n\nDavid Remahl of Apple Product Security reported that the Java Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox could be exploited to obtain elevated access to resources on a user's system (CVE-2011-0076).\n\nSecurity researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history (CVE-2011-0067).\n\nSecurity researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative (CVE-2011-0065, CVE-2011-0066, CVE-2011-0073).\n\nMozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2011-0081, CVE-2011-0069, CVE-2011-0070, CVE-2011-0080, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0072).\n\nAdditionally the sqlite3 packages were upgraded to the 3.7.6.2 version. A new package that provides /usr/bin/lemon was added. The lemon software was previousely provided with sqlite3 and is used in some cases when building php.\n\nPackages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nAdditionally, some packages which require so, have been rebuilt and are being provided as updates.", "cvss3": {"score": null, "vector": null}, "published": "2011-05-02T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : firefox (MDVSA-2011:079)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0076", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:beagle", "p-cpe:/a:mandriva:linux:beagle-crawl-system", "p-cpe:/a:mandriva:linux:beagle-doc", "p-cpe:/a:mandriva:linux:beagle-epiphany", "p-cpe:/a:mandriva:linux:beagle-evolution", "p-cpe:/a:mandriva:linux:beagle-gui", "p-cpe:/a:mandriva:linux:beagle-gui-qt", "p-cpe:/a:mandriva:linux:beagle-libs", "p-cpe:/a:mandriva:linux:devhelp", "p-cpe:/a:mandriva:linux:devhelp-plugins", "p-cpe:/a:mandriva:linux:epiphany", "p-cpe:/a:mandriva:linux:epiphany-devel", "p-cpe:/a:mandriva:linux:firefox", "p-cpe:/a:mandriva:linux:firefox-af", "p-cpe:/a:mandriva:linux:firefox-ar", "p-cpe:/a:mandriva:linux:firefox-be", "p-cpe:/a:mandriva:linux:firefox-bg", "p-cpe:/a:mandriva:linux:firefox-bn", "p-cpe:/a:mandriva:linux:firefox-ca", "p-cpe:/a:mandriva:linux:firefox-cs", "p-cpe:/a:mandriva:linux:firefox-cy", "p-cpe:/a:mandriva:linux:firefox-da", "p-cpe:/a:mandriva:linux:firefox-de", "p-cpe:/a:mandriva:linux:firefox-devel", "p-cpe:/a:mandriva:linux:firefox-el", "p-cpe:/a:mandriva:linux:firefox-en_GB", "p-cpe:/a:mandriva:linux:firefox-eo", "p-cpe:/a:mandriva:linux:firefox-es_AR", "p-cpe:/a:mandriva:linux:firefox-es_ES", "p-cpe:/a:mandriva:linux:firefox-et", "p-cpe:/a:mandriva:linux:firefox-eu", "p-cpe:/a:mandriva:linux:firefox-ext-beagle", "p-cpe:/a:mandriva:linux:firefox-ext-blogrovr", "p-cpe:/a:mandriva:linux:firefox-ext-mozvoikko", "p-cpe:/a:mandriva:linux:firefox-ext-plasmanotify", "p-cpe:/a:mandriva:linux:firefox-ext-r-kiosk", "p-cpe:/a:mandriva:linux:firefox-ext-scribefire", "p-cpe:/a:mandriva:linux:firefox-ext-weave-sync", "p-cpe:/a:mandriva:linux:firefox-ext-xmarks", "p-cpe:/a:mandriva:linux:firefox-fi", "p-cpe:/a:mandriva:linux:firefox-fr", "p-cpe:/a:mandriva:linux:firefox-fy", "p-cpe:/a:mandriva:linux:firefox-ga_IE", "p-cpe:/a:mandriva:linux:firefox-gl", "p-cpe:/a:mandriva:linux:firefox-gu_IN", "p-cpe:/a:mandriva:linux:firefox-he", "p-cpe:/a:mandriva:linux:firefox-hi", "p-cpe:/a:mandriva:linux:firefox-hu", "p-cpe:/a:mandriva:linux:firefox-id", "p-cpe:/a:mandriva:linux:firefox-is", "p-cpe:/a:mandriva:linux:firefox-it", "p-cpe:/a:mandriva:linux:firefox-ja", "p-cpe:/a:mandriva:linux:firefox-ka", "p-cpe:/a:mandriva:linux:firefox-kn", "p-cpe:/a:mandriva:linux:firefox-ko", "p-cpe:/a:mandriva:linux:firefox-ku", "p-cpe:/a:mandriva:linux:firefox-lt", "p-cpe:/a:mandriva:linux:firefox-lv", "p-cpe:/a:mandriva:linux:firefox-mk", "p-cpe:/a:mandriva:linux:firefox-mr", "p-cpe:/a:mandriva:linux:firefox-nb_NO", "p-cpe:/a:mandriva:linux:firefox-nl", "p-cpe:/a:mandriva:linux:firefox-nn_NO", "p-cpe:/a:mandriva:linux:firefox-oc", "p-cpe:/a:mandriva:linux:firefox-pa_IN", "p-cpe:/a:mandriva:linux:firefox-pl", "p-cpe:/a:mandriva:linux:firefox-pt_BR", "p-cpe:/a:mandriva:linux:firefox-pt_PT", "p-cpe:/a:mandriva:linux:firefox-ro", "p-cpe:/a:mandriva:linux:firefox-ru", "p-cpe:/a:mandriva:linux:firefox-si", "p-cpe:/a:mandriva:linux:firefox-sk", "p-cpe:/a:mandriva:linux:firefox-sl", "p-cpe:/a:mandriva:linux:firefox-sq", "p-cpe:/a:mandriva:linux:firefox-sr", "p-cpe:/a:mandriva:linux:firefox-sv_SE", "p-cpe:/a:mandriva:linux:firefox-te", "p-cpe:/a:mandriva:linux:firefox-th", "p-cpe:/a:mandriva:linux:firefox-theme-kfirefox", "p-cpe:/a:mandriva:linux:firefox-tr", "p-cpe:/a:mandriva:linux:firefox-uk", "p-cpe:/a:mandriva:linux:firefox-zh_CN", "p-cpe:/a:mandriva:linux:firefox-zh_TW", "p-cpe:/a:mandriva:linux:gjs", "p-cpe:/a:mandriva:linux:gnome-python-extras", "p-cpe:/a:mandriva:linux:gnome-python-gda", "p-cpe:/a:mandriva:linux:gnome-python-gda-devel", "p-cpe:/a:mandriva:linux:gnome-python-gdl", "p-cpe:/a:mandriva:linux:gnome-python-gtkhtml2", "p-cpe:/a:mandriva:linux:gnome-python-gtkmozembed", "p-cpe:/a:mandriva:linux:gnome-python-gtkspell", "p-cpe:/a:mandriva:linux:google-gadgets-common", "p-cpe:/a:mandriva:linux:google-gadgets-gtk", "p-cpe:/a:mandriva:linux:google-gadgets-qt", "p-cpe:/a:mandriva:linux:lemon", "p-cpe:/a:mandriva:linux:lib64devhelp-1-devel", "p-cpe:/a:mandriva:linux:lib64devhelp-1_0", "p-cpe:/a:mandriva:linux:lib64ggadget-dbus1.0_0", "p-cpe:/a:mandriva:linux:lib64ggadget-gtk1.0_0", "p-cpe:/a:mandriva:linux:lib64ggadget-js1.0_0", "p-cpe:/a:mandriva:linux:lib64ggadget-npapi1.0_0", "p-cpe:/a:mandriva:linux:lib64ggadget-qt1.0_0", "p-cpe:/a:mandriva:linux:lib64ggadget-webkitjs0", "p-cpe:/a:mandriva:linux:lib64ggadget-xdg1.0_0", "p-cpe:/a:mandriva:linux:lib64ggadget1.0_0", "p-cpe:/a:mandriva:linux:lib64gjs-devel", "p-cpe:/a:mandriva:linux:lib64gjs0", "p-cpe:/a:mandriva:linux:lib64google-gadgets-devel", "p-cpe:/a:mandriva:linux:lib64opensc-devel", "p-cpe:/a:mandriva:linux:lib64opensc2", "p-cpe:/a:mandriva:linux:lib64sqlite3-devel", "p-cpe:/a:mandriva:linux:lib64sqlite3-static-devel", "p-cpe:/a:mandriva:linux:lib64sqlite3_0", "p-cpe:/a:mandriva:linux:lib64xulrunner-devel", "p-cpe:/a:mandriva:linux:lib64xulrunner1.9.2.17", "p-cpe:/a:mandriva:linux:libdevhelp-1-devel", "p-cpe:/a:mandriva:linux:libdevhelp-1_0", "p-cpe:/a:mandriva:linux:libggadget-dbus1.0_0", "p-cpe:/a:mandriva:linux:libggadget-gtk1.0_0", "p-cpe:/a:mandriva:linux:libggadget-js1.0_0", "p-cpe:/a:mandriva:linux:libggadget-npapi1.0_0", "p-cpe:/a:mandriva:linux:libggadget-qt1.0_0", "p-cpe:/a:mandriva:linux:libggadget-webkitjs0", "p-cpe:/a:mandriva:linux:libggadget-xdg1.0_0", "p-cpe:/a:mandriva:linux:libggadget1.0_0", "p-cpe:/a:mandriva:linux:libgjs-devel", "p-cpe:/a:mandriva:linux:libgjs0", "p-cpe:/a:mandriva:linux:libgoogle-gadgets-devel", "p-cpe:/a:mandriva:linux:libopensc-devel", "p-cpe:/a:mandriva:linux:libopensc2", "p-cpe:/a:mandriva:linux:libsqlite3-devel", "p-cpe:/a:mandriva:linux:libsqlite3-static-devel", "p-cpe:/a:mandriva:linux:libsqlite3_0", "p-cpe:/a:mandriva:linux:libxulrunner-devel", "p-cpe:/a:mandriva:linux:libxulrunner1.9.2.17", "p-cpe:/a:mandriva:linux:mozilla-plugin-opensc", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-beagle", "p-cpe:/a:mandriva:linux:opensc", "p-cpe:/a:mandriva:linux:sqlite3-tools", "p-cpe:/a:mandriva:linux:xulrunner", "p-cpe:/a:mandriva:linux:yelp", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2010.0", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2011-079.NASL", "href": "https://www.tenable.com/plugins/nessus/53616", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:079. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53616);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0076\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_xref(name:\"MDVSA\", value:\"2011:079\");\n\n script_name(english:\"Mandriva Linux Security Advisory : firefox (MDVSA-2011:079)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chris Evans of the Chrome Security Team reported that the XSLT\ngenerate-id() function returned a string that revealed a specific\nvalid address of an object on the memory heap. It is possible that in\nsome cases this address would be valuable information that could be\nused by an attacker while exploiting a different memory corruption\nbut, in order to make an exploit more reliable or work around\nmitigation features in the browser or operating system\n(CVE-2011-1202).\n\nSecurity researcher Soroush Dalili reported that the resource:\nprotocol could be exploited to allow directory traversal on Windows\nand the potential loading of resources from non-permitted locations.\nThe impact would depend on whether interesting files existed in\npredictable locations in a useful format. For example, the existence\nor non-existence of particular images might indicate whether certain\nsoftware was installed (CVE-2011-0071).\n\nDavid Remahl of Apple Product Security reported that the Java\nEmbedding Plugin (JEP) shipped with the Mac OS X versions of Firefox\ncould be exploited to obtain elevated access to resources on a user's\nsystem (CVE-2011-0076).\n\nSecurity researcher Paul Stone reported that a Java applet could be\nused to mimic interaction with form autocomplete controls and steal\nentries from the form history (CVE-2011-0067).\n\nSecurity researcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative (CVE-2011-0065,\nCVE-2011-0066, CVE-2011-0073).\n\nMozilla developers identified and fixed several memory safety bugs in\nthe browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code (CVE-2011-0081,\nCVE-2011-0069, CVE-2011-0070, CVE-2011-0080, CVE-2011-0074,\nCVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0072).\n\nAdditionally the sqlite3 packages were upgraded to the 3.7.6.2\nversion. A new package that provides /usr/bin/lemon was added. The\nlemon software was previousely provided with sqlite3 and is used in\nsome cases when building php.\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nAdditionally, some packages which require so, have been rebuilt and\nare being provided as updates.\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.17\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7cbff22e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-crawl-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-evolution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-gui-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:devhelp-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:epiphany-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-en_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_AR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-beagle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-blogrovr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-plasmanotify\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-r-kiosk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-scribefire\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-weave-sync\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-xmarks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ga_IE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-gu_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nb_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nn_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-oc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pa_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pt_PT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sv_SE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-theme-kfirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gjs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gda\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gda-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkhtml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkmozembed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:google-gadgets-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:google-gadgets-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:google-gadgets-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64devhelp-1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64devhelp-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ggadget-dbus1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ggadget-gtk1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ggadget-js1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ggadget-npapi1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ggadget-qt1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ggadget-webkitjs0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ggadget-xdg1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ggadget1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gjs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gjs0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64google-gadgets-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64opensc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64opensc2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64sqlite3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64sqlite3-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64sqlite3_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xulrunner1.9.2.17\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdevhelp-1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdevhelp-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libggadget-dbus1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libggadget-gtk1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libggadget-js1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libggadget-npapi1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libggadget-qt1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libggadget-webkitjs0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libggadget-xdg1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libggadget1.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgjs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgjs0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgoogle-gadgets-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopensc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopensc2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsqlite3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsqlite3-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsqlite3_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxulrunner1.9.2.17\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-plugin-opensc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-beagle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:opensc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:sqlite3-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-0.3.8-13.36mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-crawl-system-0.3.8-13.36mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-doc-0.3.8-13.36mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-epiphany-0.3.8-13.36mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-evolution-0.3.8-13.36mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-gui-0.3.8-13.36mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-gui-qt-0.3.8-13.36mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-libs-0.3.8-13.36mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"devhelp-0.21-3.25mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"devhelp-plugins-0.21-3.25mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"epiphany-2.24.3-0.14mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"epiphany-devel-2.24.3-0.14mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-af-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ar-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-be-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-bg-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-bn-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ca-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-cs-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-cy-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-da-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-de-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-devel-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-el-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-en_GB-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-eo-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-es_AR-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-es_ES-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-et-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-eu-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ext-beagle-0.3.8-13.36mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ext-blogrovr-1.1.804-0.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ext-mozvoikko-1.0-0.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ext-scribefire-3.5.1-0.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ext-xmarks-3.5.10-0.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-fi-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-fr-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-fy-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ga_IE-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-gl-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-gu_IN-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-he-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-hi-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-hu-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-id-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-is-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-it-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ja-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ka-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-kn-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ko-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ku-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-lt-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-lv-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-mk-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-mr-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-nb_NO-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-nl-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-nn_NO-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-oc-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-pa_IN-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-pl-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-pt_BR-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-pt_PT-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ro-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ru-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-si-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-sk-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-sl-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-sq-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-sr-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-sv_SE-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-te-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-th-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-theme-kfirefox-0.16-0.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-tr-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-uk-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-zh_CN-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-zh_TW-3.6.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-extras-2.19.1-20.27mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-gda-2.19.1-20.27mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-gda-devel-2.19.1-20.27mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-gdl-2.19.1-20.27mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-gtkhtml2-2.19.1-20.27mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-gtkmozembed-2.19.1-20.27mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-gtkspell-2.19.1-20.27mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"lemon-3.7.4-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64devhelp-1-devel-0.21-3.25mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64devhelp-1_0-0.21-3.25mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64sqlite3-devel-3.7.6.2-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64sqlite3-static-devel-3.7.6.2-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64sqlite3_0-3.7.6.2-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64xulrunner-devel-1.9.2.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64xulrunner1.9.2.17-1.9.2.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libdevhelp-1-devel-0.21-3.25mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libdevhelp-1_0-0.21-3.25mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libsqlite3-devel-3.7.6.2-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libsqlite3-static-devel-3.7.6.2-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libsqlite3_0-3.7.6.2-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libxulrunner-devel-1.9.2.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libxulrunner1.9.2.17-1.9.2.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-beagle-0.3.8-13.36mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"sqlite3-tools-3.7.6.2-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xulrunner-1.9.2.17-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"yelp-2.24.0-3.28mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-0.3.9-20.24mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-crawl-system-0.3.9-20.24mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-doc-0.3.9-20.24mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-evolution-0.3.9-20.24mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-gui-0.3.9-20.24mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-gui-qt-0.3.9-20.24mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-libs-0.3.9-20.24mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-af-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ar-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-be-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-bg-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-bn-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ca-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-cs-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-cy-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-da-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-de-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-devel-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-el-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-en_GB-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-eo-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-es_AR-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-es_ES-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-et-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-eu-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ext-beagle-0.3.9-20.24mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ext-blogrovr-1.1.804-6.19mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ext-mozvoikko-1.0-6.19mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ext-plasmanotify-0.3.1-0.14mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ext-r-kiosk-0.7.2-9.19mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ext-scribefire-3.5.1-0.13mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-fi-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-fr-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-fy-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ga_IE-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-gl-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-gu_IN-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-he-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-hi-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-hu-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-id-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-is-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-it-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ja-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ka-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-kn-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ko-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ku-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-lt-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-lv-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-mk-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-mr-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-nb_NO-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-nl-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-nn_NO-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-oc-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-pa_IN-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-pl-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-pt_BR-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-pt_PT-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ro-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ru-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-si-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-sk-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-sl-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-sq-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-sr-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-sv_SE-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-te-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-th-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-theme-kfirefox-0.16-7.18mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-tr-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-uk-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-zh_CN-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-zh_TW-3.6.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"gnome-python-extras-2.25.3-10.19mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"gnome-python-gda-2.25.3-10.19mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"gnome-python-gda-devel-2.25.3-10.19mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"gnome-python-gdl-2.25.3-10.19mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"gnome-python-gtkhtml2-2.25.3-10.19mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"gnome-python-gtkmozembed-2.25.3-10.19mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"gnome-python-gtkspell-2.25.3-10.19mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"google-gadgets-common-0.11.2-0.14mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"google-gadgets-gtk-0.11.2-0.14mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"google-gadgets-qt-0.11.2-0.14mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"lemon-3.7.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ggadget-dbus1.0_0-0.11.2-0.14mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ggadget-gtk1.0_0-0.11.2-0.14mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ggadget-js1.0_0-0.11.2-0.14mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ggadget-npapi1.0_0-0.11.2-0.14mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ggadget-qt1.0_0-0.11.2-0.14mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ggadget-webkitjs0-0.11.2-0.14mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ggadget-xdg1.0_0-0.11.2-0.14mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ggadget1.0_0-0.11.2-0.14mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64google-gadgets-devel-0.11.2-0.14mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64opensc-devel-0.11.9-1.19mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64opensc2-0.11.9-1.19mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64sqlite3-devel-3.7.6.2-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64sqlite3-static-devel-3.7.6.2-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64sqlite3_0-3.7.6.2-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64xulrunner-devel-1.9.2.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64xulrunner1.9.2.17-1.9.2.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libggadget-dbus1.0_0-0.11.2-0.14mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libggadget-gtk1.0_0-0.11.2-0.14mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libggadget-js1.0_0-0.11.2-0.14mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libggadget-npapi1.0_0-0.11.2-0.14mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libggadget-qt1.0_0-0.11.2-0.14mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libggadget-webkitjs0-0.11.2-0.14mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libggadget-xdg1.0_0-0.11.2-0.14mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libggadget1.0_0-0.11.2-0.14mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libgoogle-gadgets-devel-0.11.2-0.14mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libopensc-devel-0.11.9-1.19mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libopensc2-0.11.9-1.19mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libsqlite3-devel-3.7.6.2-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libsqlite3-static-devel-3.7.6.2-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libsqlite3_0-3.7.6.2-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libxulrunner-devel-1.9.2.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libxulrunner1.9.2.17-1.9.2.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-plugin-opensc-0.11.9-1.19mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-beagle-0.3.9-20.24mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"opensc-0.11.9-1.19mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"sqlite3-tools-3.7.6.2-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"xulrunner-1.9.2.17-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"yelp-2.28.0-1.21mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"beagle-0.3.9-40.14mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"beagle-crawl-system-0.3.9-40.14mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"beagle-doc-0.3.9-40.14mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"beagle-evolution-0.3.9-40.14mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"beagle-gui-0.3.9-40.14mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"beagle-gui-qt-0.3.9-40.14mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"beagle-libs-0.3.9-40.14mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-af-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ar-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-be-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-bg-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-bn-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ca-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-cs-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-cy-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-da-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-de-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-devel-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-el-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-en_GB-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-eo-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-es_AR-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-es_ES-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-et-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-eu-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ext-beagle-0.3.9-40.14mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ext-blogrovr-1.1.804-13.11mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ext-mozvoikko-1.0.1-2.11mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ext-r-kiosk-0.8.1-2.11mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ext-scribefire-3.5.2-2.11mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ext-weave-sync-1.1-5.11mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ext-xmarks-3.6.14-2.11mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-fi-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-fr-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-fy-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ga_IE-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-gl-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-gu_IN-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-he-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-hi-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-hu-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-id-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-is-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-it-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ja-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ka-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-kn-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ko-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ku-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-lt-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-lv-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-mk-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-mr-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-nb_NO-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-nl-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-nn_NO-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-oc-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-pa_IN-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-pl-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-pt_BR-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-pt_PT-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ro-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ru-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-si-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-sk-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-sl-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-sq-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-sr-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-sv_SE-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-te-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-th-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-tr-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-uk-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-zh_CN-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-zh_TW-3.6.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"gjs-0.6-4.11mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"gnome-python-extras-2.25.3-18.11mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"gnome-python-gda-2.25.3-18.11mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"gnome-python-gda-devel-2.25.3-18.11mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"gnome-python-gdl-2.25.3-18.11mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"gnome-python-gtkhtml2-2.25.3-18.11mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"gnome-python-gtkmozembed-2.25.3-18.11mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"gnome-python-gtkspell-2.25.3-18.11mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"lemon-3.7.4-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64gjs-devel-0.6-4.11mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64gjs0-0.6-4.11mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64sqlite3-devel-3.7.6.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64sqlite3-static-devel-3.7.6.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64sqlite3_0-3.7.6.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64xulrunner-devel-1.9.2.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64xulrunner1.9.2.17-1.9.2.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libgjs-devel-0.6-4.11mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libgjs0-0.6-4.11mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsqlite3-devel-3.7.6.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsqlite3-static-devel-3.7.6.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsqlite3_0-3.7.6.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libxulrunner-devel-1.9.2.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libxulrunner1.9.2.17-1.9.2.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-beagle-0.3.9-40.14mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"sqlite3-tools-3.7.6.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"xulrunner-1.9.2.17-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"yelp-2.30.1-4.11mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-23T16:02:52", "description": "Mozilla Firefox was updated to the 3.6.17 security release.\n\n - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits. (MFSA 2011-12)\n\n Mozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6.\n (CVE-2011-0081)\n\n - The web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5.\n (CVE-2011-0069) Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\n Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\n Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 / CVE-2011-0075)\n\n Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 / CVE-2011-0078)\n\n Martin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\n - Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative. (MFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073)\n\n - Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. (MFSA 2011-14 / CVE-2011-0067)\n\n - David Remahl of Apple Product Security reported that the Java Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox could be exploited to obtain elevated access to resources on a user's system. (MFSA 2011-15 / CVE-2011-0076)\n\n - Security researcher Soroush Dalili reported that the resource: protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. The impact would depend on whether interesting files existed in predictable locations in a useful format. For example, the existence or non-existence of particular images might indicate whether certain software was installed.\n (MFSA 2011-16 / CVE-2011-0071)\n\n - Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system. (MFSA 2011-18 / CVE-2011-1202)", "cvss3": {"score": null, "vector": null}, "published": "2011-05-05T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 4463)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0076", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:MozillaFirefox", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations-32bit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_MOZILLAFIREFOX-110429.NASL", "href": "https://www.tenable.com/plugins/nessus/53647", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53647);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0076\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n\n script_name(english:\"SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 4463)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was updated to the 3.6.17 security release.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. Credits. (MFSA 2011-12)\n\n Mozilla developer Scoobidiver reported a memory safety\n issue which affected Firefox 4 and Firefox 3.6.\n (CVE-2011-0081)\n\n - The web development team of Alcidion reported a crash\n that affected Firefox 4, Firefox 3.6 and Firefox 3.5.\n (CVE-2011-0069) Ian Beer reported a crash that affected\n Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\n Mozilla developers Bob Clary, Henri Sivonen, Marco\n Bonardo, Mats Palmgren and Jesse Ruderman reported\n memory safety issues which affected Firefox 3.6 and\n Firefox 3.5. (CVE-2011-0080)\n\n Aki Helin reported memory safety issues which affected\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 /\n CVE-2011-0075)\n\n Ian Beer reported memory safety issues which affected\n Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 /\n CVE-2011-0078)\n\n Martin Barbella reported a memory safety issue which\n affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\n - Security researcher regenrecht reported several dangling\n pointer vulnerabilities via TippingPoint's Zero Day\n Initiative. (MFSA 2011-13 / CVE-2011-0065 /\n CVE-2011-0066 / CVE-2011-0073)\n\n - Security researcher Paul Stone reported that a Java\n applet could be used to mimic interaction with form\n autocomplete controls and steal entries from the form\n history. (MFSA 2011-14 / CVE-2011-0067)\n\n - David Remahl of Apple Product Security reported that the\n Java Embedding Plugin (JEP) shipped with the Mac OS X\n versions of Firefox could be exploited to obtain\n elevated access to resources on a user's system. (MFSA\n 2011-15 / CVE-2011-0076)\n\n - Security researcher Soroush Dalili reported that the\n resource: protocol could be exploited to allow directory\n traversal on Windows and the potential loading of\n resources from non-permitted locations. The impact would\n depend on whether interesting files existed in\n predictable locations in a useful format. For example,\n the existence or non-existence of particular images\n might indicate whether certain software was installed.\n (MFSA 2011-16 / CVE-2011-0071)\n\n - Chris Evans of the Chrome Security Team reported that\n the XSLT generate-id() function returned a string that\n revealed a specific valid address of an object on the\n memory heap. It is possible that in some cases this\n address would be valuable information that could be used\n by an attacker while exploiting a different memory\n corruption but, in order to make an exploit more\n reliable or work around mitigation features in the\n browser or operating system. (MFSA 2011-18 /\n CVE-2011-1202)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-12.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-13.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-14.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-15.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-16.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-18.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0065.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0066.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0067.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0069.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0070.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0071.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0072.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0073.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0074.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0076.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0077.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0078.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0080.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0081.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1202.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4463.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"MozillaFirefox-3.6.17-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"MozillaFirefox-translations-3.6.17-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner192-1.9.2.17-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner192-gnome-1.9.2.17-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner192-translations-1.9.2.17-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"MozillaFirefox-3.6.17-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-3.6.17-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-1.9.2.17-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.17-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-1.9.2.17-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.17-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-1.9.2.17-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-32bit-1.9.2.17-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"MozillaFirefox-3.6.17-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"MozillaFirefox-translations-3.6.17-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner192-1.9.2.17-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner192-gnome-1.9.2.17-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner192-translations-1.9.2.17-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"mozilla-xulrunner192-32bit-1.9.2.17-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.17-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-23T16:01:26", "description": "Mozilla Firefox was updated to the 3.6.17 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history.\n\nMFSA 2011-15 / CVE-2011-0076: David Remahl of Apple Product Security reported that the Java Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox could be exploited to obtain elevated access to resources on a user's system.\n\nMFSA 2011-16 / CVE-2011-0071: Security researcher Soroush Dalili reported that the resource: protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. The impact would depend on whether interesting files existed in predictable locations in a useful format.\nFor example, the existence or non-existence of particular images might indicate whether certain software was installed. \n\nMFSA 2011-18 / CVE-2011-1202: Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system.", "cvss3": {"score": null, "vector": null}, "published": "2011-05-05T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaFirefox (MozillaFirefox-4459)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0076", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:mozilla-js192", "p-cpe:/a:novell:opensuse:mozilla-js192-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_MOZILLAFIREFOX-110429.NASL", "href": "https://www.tenable.com/plugins/nessus/53772", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-4459.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53772);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0076\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (MozillaFirefox-4459)\");\n script_summary(english:\"Check for the MozillaFirefox-4459 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was updated to the 3.6.17 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.\n\nMFSA 2011-15 / CVE-2011-0076: David Remahl of Apple Product Security\nreported that the Java Embedding Plugin (JEP) shipped with the Mac OS\nX versions of Firefox could be exploited to obtain elevated access to\nresources on a user's system.\n\nMFSA 2011-16 / CVE-2011-0071: Security researcher Soroush Dalili\nreported that the resource: protocol could be exploited to allow\ndirectory traversal on Windows and the potential loading of resources\nfrom non-permitted locations. The impact would depend on whether\ninteresting files existed in predictable locations in a useful format.\nFor example, the existence or non-existence of particular images might\nindicate whether certain software was installed. \n\nMFSA 2011-18 / CVE-2011-1202: Chris Evans of the Chrome Security Team\nreported that the XSLT generate-id() function returned a string that\nrevealed a specific valid address of an object on the memory heap. It\nis possible that in some cases this address would be valuable\ninformation that could be used by an attacker while exploiting a\ndifferent memory corruption but, in order to make an exploit more\nreliable or work around mitigation features in the browser or\noperating system.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaFirefox-3.6.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaFirefox-branding-upstream-3.6.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaFirefox-translations-common-3.6.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaFirefox-translations-other-3.6.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-js192-1.9.2.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner192-1.9.2.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner192-buildsymbols-1.9.2.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner192-devel-1.9.2.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner192-gnome-1.9.2.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner192-translations-common-1.9.2.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner192-translations-other-1.9.2.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"mozilla-js192-32bit-1.9.2.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-common-32bit-1.9.2.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-other-32bit-1.9.2.17-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-27T14:25:01", "description": "Mozilla XULRunner 1.9.2 was updated to the 1.9.2.17 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history.\n\nMFSA 2011-15 / CVE-2011-0076: David Remahl of Apple Product Security reported that the Java Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox could be exploited to obtain elevated access to resources on a user's system.\n\nMFSA 2011-16 / CVE-2011-0071: Security researcher Soroush Dalili reported that the resource: protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. The impact would depend on whether interesting files existed in predictable locations in a useful format.\nFor example, the existence or non-existence of particular images might indicate whether certain software was installed.\n\nMFSA 2011-18 / CVE-2011-1202: Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : mozilla-js192 (mozilla-js192-4460)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0076", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozilla-js192", "p-cpe:/a:novell:opensuse:mozilla-js192-32bit", "p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debugsource", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_MOZILLA-JS192-110429.NASL", "href": "https://www.tenable.com/plugins/nessus/75956", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update mozilla-js192-4460.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75956);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0076\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n\n script_name(english:\"openSUSE Security Update : mozilla-js192 (mozilla-js192-4460)\");\n script_summary(english:\"Check for the mozilla-js192-4460 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla XULRunner 1.9.2 was updated to the 1.9.2.17 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.\n\nMFSA 2011-15 / CVE-2011-0076: David Remahl of Apple Product Security\nreported that the Java Embedding Plugin (JEP) shipped with the Mac OS\nX versions of Firefox could be exploited to obtain elevated access to\nresources on a user's system.\n\nMFSA 2011-16 / CVE-2011-0071: Security researcher Soroush Dalili\nreported that the resource: protocol could be exploited to allow\ndirectory traversal on Windows and the potential loading of resources\nfrom non-permitted locations. The impact would depend on whether\ninteresting files existed in predictable locations in a useful format.\nFor example, the existence or non-existence of particular images might\nindicate whether certain software was installed.\n\nMFSA 2011-18 / CVE-2011-1202: Chris Evans of the Chrome Security Team\nreported that the XSLT generate-id() function returned a string that\nrevealed a specific valid address of an object on the memory heap. It\nis possible that in some cases this address would be valuable\ninformation that could be used by an attacker while exploiting a\ndifferent memory corruption but, in order to make an exploit more\nreliable or work around mitigation features in the browser or\noperating system.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla-js192 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-js192-1.9.2.17-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-js192-debuginfo-1.9.2.17-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-1.9.2.17-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-buildsymbols-1.9.2.17-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-debuginfo-1.9.2.17-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-debugsource-1.9.2.17-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-devel-1.9.2.17-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-devel-debuginfo-1.9.2.17-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-gnome-1.9.2.17-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-gnome-debuginfo-1.9.2.17-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-translations-common-1.9.2.17-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner192-translations-other-1.9.2.17-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-js192-32bit-1.9.2.17-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-js192-debuginfo-32bit-1.9.2.17-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.17-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-debuginfo-32bit-1.9.2.17-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.17-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-debuginfo-32bit-1.9.2.17-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-common-32bit-1.9.2.17-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-other-32bit-1.9.2.17-0.2.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mozilla-xulrunner192\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-27T14:20:54", "description": "Mozilla Firefox was updated to the 3.6.17 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history.\n\nMFSA 2011-15 / CVE-2011-0076: David Remahl of Apple Product Security reported that the Java Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox could be exploited to obtain elevated access to resources on a user's system.\n\nMFSA 2011-16 / CVE-2011-0071: Security researcher Soroush Dalili reported that the resource: protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. The impact would depend on whether interesting files existed in predictable locations in a useful format.\nFor example, the existence or non-existence of particular images might indicate whether certain software was installed. \n\nMFSA 2011-18 / CVE-2011-1202: Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaFirefox (MozillaFirefox-4459)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0076", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:mozilla-js192", "p-cpe:/a:novell:opensuse:mozilla-js192-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_MOZILLAFIREFOX-110429.NASL", "href": "https://www.tenable.com/plugins/nessus/75652", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-4459.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75652);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0076\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (MozillaFirefox-4459)\");\n script_summary(english:\"Check for the MozillaFirefox-4459 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was updated to the 3.6.17 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.\n\nMFSA 2011-15 / CVE-2011-0076: David Remahl of Apple Product Security\nreported that the Java Embedding Plugin (JEP) shipped with the Mac OS\nX versions of Firefox could be exploited to obtain elevated access to\nresources on a user's system.\n\nMFSA 2011-16 / CVE-2011-0071: Security researcher Soroush Dalili\nreported that the resource: protocol could be exploited to allow\ndirectory traversal on Windows and the potential loading of resources\nfrom non-permitted locations. The impact would depend on whether\ninteresting files existed in predictable locations in a useful format.\nFor example, the existence or non-existence of particular images might\nindicate whether certain software was installed. \n\nMFSA 2011-18 / CVE-2011-1202: Chris Evans of the Chrome Security Team\nreported that the XSLT generate-id() function returned a string that\nrevealed a specific valid address of an object on the memory heap. It\nis possible that in some cases this address would be valuable\ninformation that could be used by an attacker while exploiting a\ndifferent memory corruption but, in order to make an exploit more\nreliable or work around mitigation features in the browser or\noperating system.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaFirefox-3.6.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaFirefox-branding-upstream-3.6.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaFirefox-translations-common-3.6.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaFirefox-translations-other-3.6.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-js192-1.9.2.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-1.9.2.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-buildsymbols-1.9.2.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-devel-1.9.2.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-gnome-1.9.2.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-translations-common-1.9.2.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-translations-other-1.9.2.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-js192-32bit-1.9.2.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-common-32bit-1.9.2.17-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-other-32bit-1.9.2.17-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:00:57", "description": "The installed version of Thunderbird 3.1 is earlier than 3.1.10. Such versions are potentially affected by the following security issues :\n\n - An error in the resource protocol can allow directory traversal. (CVE-2011-0071)\n\n - Multiple memory safety issues can lead to application crashes and possibly remote code execution.\n (CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0080, CVE-2011-0081)", "cvss3": {"score": null, "vector": null}, "published": "2011-04-29T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird 3.1 < 3.1.10 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MOZILLA_THUNDERBIRD_3110.NASL", "href": "https://www.tenable.com/plugins/nessus/53596", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53596);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/16 14:09:15\");\n\n script_cve_id(\n \"CVE-2011-0069\",\n \"CVE-2011-0070\",\n \"CVE-2011-0071\",\n \"CVE-2011-0072\",\n \"CVE-2011-0074\",\n \"CVE-2011-0075\",\n \"CVE-2011-0077\",\n \"CVE-2011-0078\",\n \"CVE-2011-0080\",\n \"CVE-2011-0081\"\n );\n script_bugtraq_id(\n 47641,\n 47646,\n 47647,\n 47648,\n 47651,\n 47653,\n 47654,\n 47655,\n 47656,\n 47657,\n 47666\n );\n script_xref(name:\"Secunia\", value:\"44407\");\n\n script_name(english:\"Mozilla Thunderbird 3.1 < 3.1.10 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a mail client that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Thunderbird 3.1 is earlier than 3.1.10. \nSuch versions are potentially affected by the following security\nissues :\n\n - An error in the resource protocol can allow directory\n traversal. (CVE-2011-0071)\n\n - Multiple memory safety issues can lead to application \n crashes and possibly remote code execution.\n (CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, \n CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, \n CVE-2011-0078, CVE-2011-0080, CVE-2011-0081)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?353363cb\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Thunderbird 3.1.10 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\");\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'3.1.10', min:'3.1.0', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:01:04", "description": "Security issues were identified and fixed in mozilla-thunderbird :\n\nSecurity researcher Soroush Dalili reported that the resource:\nprotocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations.\nThe impact would depend on whether interesting files existed in predictable locations in a useful format. For example, the existence or non-existence of particular images might indicate whether certain software was installed (CVE-2011-0071).\n\nMozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2011-0081, CVE-2011-0069, CVE-2011-0070, CVE-2011-0080, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0072).\n\nThe mozilla-thunderbird-lightning package shipped with MDVSA-2011:042 had a packaging bug that prevented extension to be loaded (#59951).\n\nPackages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nAdditionally, some packages which require so, have been rebuilt and are being provided as updates.", "cvss3": {"score": null, "vector": null}, "published": "2011-05-02T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2011:080)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:beagle", "p-cpe:/a:mandriva:linux:beagle-crawl-system", "p-cpe:/a:mandriva:linux:beagle-doc", "p-cpe:/a:mandriva:linux:beagle-epiphany", "p-cpe:/a:mandriva:linux:beagle-evolution", "p-cpe:/a:mandriva:linux:beagle-gui", "p-cpe:/a:mandriva:linux:beagle-gui-qt", "p-cpe:/a:mandriva:linux:beagle-libs", "p-cpe:/a:mandriva:linux:firefox-ext-beagle", "p-cpe:/a:mandriva:linux:mozilla-thunderbird", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-af", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ar", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-be", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-beagle", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-bg", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-bn_BD", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ca", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-cs", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-da", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-de", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-el", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-en_GB", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ar", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ca", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-cs", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-de", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-el", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fi", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fr", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-hu", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-it", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ja", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ko", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nb", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt_BR", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ru", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sv", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-tr", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-vi", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_CN", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_TW", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_AR", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_ES", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-et", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-et_EE", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-eu", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-fi", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-fr", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-fy", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ga", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-gd", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-gl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-he", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-hu", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-id", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-is", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-it", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ja", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ka", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ko", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-lightning", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-lt", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-nb_NO", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-nl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-nn_NO", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-pa_IN", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-pl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_BR", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_PT", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ro", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ru", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-si", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-sk", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-sl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-sq", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-sr", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-sv_SE", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-tr", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-uk", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-vi", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_CN", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_TW", "p-cpe:/a:mandriva:linux:nsinstall", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2010.0", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2011-080.NASL", "href": "https://www.tenable.com/plugins/nessus/53617", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:080. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53617);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n script_xref(name:\"MDVSA\", value:\"2011:080\");\n\n script_name(english:\"Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2011:080)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security issues were identified and fixed in mozilla-thunderbird :\n\nSecurity researcher Soroush Dalili reported that the resource:\nprotocol could be exploited to allow directory traversal on Windows\nand the potential loading of resources from non-permitted locations.\nThe impact would depend on whether interesting files existed in\npredictable locations in a useful format. For example, the existence\nor non-existence of particular images might indicate whether certain\nsoftware was installed (CVE-2011-0071).\n\nMozilla developers identified and fixed several memory safety bugs in\nthe browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code (CVE-2011-0081,\nCVE-2011-0069, CVE-2011-0070, CVE-2011-0080, CVE-2011-0074,\nCVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0072).\n\nThe mozilla-thunderbird-lightning package shipped with MDVSA-2011:042\nhad a packaging bug that prevented extension to be loaded (#59951).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nAdditionally, some packages which require so, have been rebuilt and\nare being provided as updates.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozillamessaging.com/en-US/thunderbird/3.1.10/releasenotes/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-crawl-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-evolution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-gui-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-beagle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-beagle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-bn_BD\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-en_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_AR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-et_EE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-lightning\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nb_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nn_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pa_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_PT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sv_SE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nsinstall\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-0.3.8-13.37mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-crawl-system-0.3.8-13.37mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-doc-0.3.8-13.37mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-epiphany-0.3.8-13.37mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-evolution-0.3.8-13.37mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-gui-0.3.8-13.37mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-gui-qt-0.3.8-13.37mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-libs-0.3.8-13.37mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ext-beagle-0.3.8-13.37mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-af-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-ar-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-be-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-beagle-0.3.8-13.37mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-bg-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-bn_BD-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-ca-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-cs-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-da-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-de-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-el-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-en_GB-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-ar-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-ca-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-cs-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-de-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-el-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-es-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-fi-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-fr-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-hu-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-it-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-ja-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-ko-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-nb-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-nl-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-pl-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-pt-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-pt_BR-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-ru-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-sl-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-sv-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-tr-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-vi-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-zh_CN-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-zh_TW-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-es_AR-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-es_ES-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-et-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-et_EE-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-eu-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-fi-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-fr-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-fy-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-ga-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-gd-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-gl-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-he-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-hu-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-id-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-is-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-it-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-ja-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-ka-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-ko-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-lightning-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-lt-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-nb_NO-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-nl-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-nn_NO-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-pa_IN-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-pl-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-pt_BR-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-pt_PT-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-ro-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-ru-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-si-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-sk-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-sl-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-sq-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-sr-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-sv_SE-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-tr-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-uk-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-vi-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-zh_CN-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-zh_TW-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"nsinstall-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-0.3.9-20.25mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-crawl-system-0.3.9-20.25mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-doc-0.3.9-20.25mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-evolution-0.3.9-20.25mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-gui-0.3.9-20.25mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-gui-qt-0.3.9-20.25mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-libs-0.3.9-20.25mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ext-beagle-0.3.9-20.25mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-af-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-ar-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-be-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-beagle-0.3.9-20.25mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-bg-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-bn_BD-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-ca-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-cs-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-da-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-de-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-el-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-en_GB-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-ar-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-ca-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-cs-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-de-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-el-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-es-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-fi-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-fr-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-hu-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-it-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-ja-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-ko-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-nb-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-nl-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-pl-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-pt-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-pt_BR-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-ru-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-sl-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-sv-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-tr-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-vi-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-zh_CN-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-zh_TW-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-es_AR-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-es_ES-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-et-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-et_EE-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-eu-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-fi-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-fr-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-fy-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-ga-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-gd-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-gl-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-he-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-hu-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-id-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-is-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-it-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-ja-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-ka-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-ko-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-lightning-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-lt-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-nb_NO-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-nl-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-nn_NO-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-pa_IN-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-pl-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-pt_BR-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-pt_PT-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-ro-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-ru-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-si-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-sk-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-sl-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-sq-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-sr-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-sv_SE-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-tr-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-uk-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-vi-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-zh_CN-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-zh_TW-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"nsinstall-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"beagle-0.3.9-40.15mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"beagle-crawl-system-0.3.9-40.15mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"beagle-doc-0.3.9-40.15mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"beagle-evolution-0.3.9-40.15mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"beagle-gui-0.3.9-40.15mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"beagle-gui-qt-0.3.9-40.15mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"beagle-libs-0.3.9-40.15mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ext-beagle-0.3.9-40.15mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-af-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ar-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-be-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-beagle-0.3.9-40.15mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-bg-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-bn_BD-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ca-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-cs-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-da-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-de-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-el-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-en_GB-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-ar-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-ca-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-cs-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-de-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-el-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-es-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-fi-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-fr-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-hu-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-it-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-ja-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-ko-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-nb-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-nl-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-pl-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-pt-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-pt_BR-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-ru-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-sl-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-sv-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-tr-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-vi-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-zh_CN-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-zh_TW-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-es_AR-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-es_ES-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-et-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-et_EE-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-eu-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-fi-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-fr-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-fy-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ga-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-gd-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-gl-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-he-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-hu-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-id-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-is-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-it-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ja-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ka-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ko-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-lightning-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-lt-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-nb_NO-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-nl-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-nn_NO-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-pa_IN-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-pl-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-pt_BR-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-pt_PT-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ro-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ru-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-si-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-sk-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-sl-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-sq-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-sr-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-sv_SE-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-tr-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-uk-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-vi-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-zh_CN-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-zh_TW-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"nsinstall-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:00:56", "description": "Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nSeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running SeaMonkey.\n(CVE-2011-0080)\n\nAn arbitrary memory write flaw was found in the way SeaMonkey handled out-of-memory conditions. If all memory was consumed when a user visited a malicious web page, it could possibly lead to arbitrary code execution with the privileges of the user running SeaMonkey.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way SeaMonkey handled the HTML frameset tag. A web page with a frameset tag containing large values for the 'rows' and 'cols' attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running SeaMonkey. (CVE-2011-0077)\n\nA flaw was found in the way SeaMonkey handled the HTML iframe tag. A web page with an iframe tag containing a specially crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running SeaMonkey.\n(CVE-2011-0075)\n\nA flaw was found in the way SeaMonkey displayed multiple marquee elements. A malformed HTML document could cause SeaMonkey to execute arbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2011-0074)\n\nA flaw was found in the way SeaMonkey handled the nsTreeSelection element. Malformed content could cause SeaMonkey to execute arbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2011-0073)\n\nA use-after-free flaw was found in the way SeaMonkey appended frame and iframe elements to a DOM tree when the NoScript add-on was enabled. Malicious HTML content could cause SeaMonkey to execute arbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2011-0072)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2011-04-29T00:00:00", "type": "nessus", "title": "RHEL 4 : seamonkey (RHSA-2011:0473)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:seamonkey", "p-cpe:/a:redhat:enterprise_linux:seamonkey-chat", "p-cpe:/a:redhat:enterprise_linux:seamonkey-devel", "p-cpe:/a:redhat:enterprise_linux:seamonkey-dom-inspector", "p-cpe:/a:redhat:enterprise_linux:seamonkey-js-debugger", "p-cpe:/a:redhat:enterprise_linux:seamonkey-mail", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8"], "id": "REDHAT-RHSA-2011-0473.NASL", "href": "https://www.tenable.com/plugins/nessus/53582", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0473. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53582);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\");\n script_xref(name:\"RHSA\", value:\"2011:0473\");\n\n script_name(english:\"RHEL 4 : seamonkey (RHSA-2011:0473)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated SeaMonkey packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSeaMonkey is an open source web browser, email and newsgroup client,\nIRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could possibly lead to arbitrary\ncode execution with the privileges of the user running SeaMonkey.\n(CVE-2011-0080)\n\nAn arbitrary memory write flaw was found in the way SeaMonkey handled\nout-of-memory conditions. If all memory was consumed when a user\nvisited a malicious web page, it could possibly lead to arbitrary code\nexecution with the privileges of the user running SeaMonkey.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way SeaMonkey handled the\nHTML frameset tag. A web page with a frameset tag containing large\nvalues for the 'rows' and 'cols' attributes could trigger this flaw,\npossibly leading to arbitrary code execution with the privileges of\nthe user running SeaMonkey. (CVE-2011-0077)\n\nA flaw was found in the way SeaMonkey handled the HTML iframe tag. A\nweb page with an iframe tag containing a specially crafted source\naddress could trigger this flaw, possibly leading to arbitrary code\nexecution with the privileges of the user running SeaMonkey.\n(CVE-2011-0075)\n\nA flaw was found in the way SeaMonkey displayed multiple marquee\nelements. A malformed HTML document could cause SeaMonkey to execute\narbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2011-0074)\n\nA flaw was found in the way SeaMonkey handled the nsTreeSelection\nelement. Malformed content could cause SeaMonkey to execute arbitrary\ncode with the privileges of the user running SeaMonkey.\n(CVE-2011-0073)\n\nA use-after-free flaw was found in the way SeaMonkey appended frame\nand iframe elements to a DOM tree when the NoScript add-on was\nenabled. Malicious HTML content could cause SeaMonkey to execute\narbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2011-0072)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncorrect these issues. After installing the update, SeaMonkey must be\nrestarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0473\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0473\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-1.0.9-70.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-chat-1.0.9-70.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-devel-1.0.9-70.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-dom-inspector-1.0.9-70.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-js-debugger-1.0.9-70.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-mail-1.0.9-70.el4_8\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-chat / seamonkey-devel / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:57:48", "description": "SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running SeaMonkey.\n(CVE-2011-0080)\n\nAn arbitrary memory write flaw was found in the way SeaMonkey handled out-of-memory conditions. If all memory was consumed when a user visited a malicious web page, it could possibly lead to arbitrary code execution with the privileges of the user running SeaMonkey.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way SeaMonkey handled the HTML frameset tag. A web page with a frameset tag containing large values for the 'rows' and 'cols' attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running SeaMonkey. (CVE-2011-0077)\n\nA flaw was found in the way SeaMonkey handled the HTML iframe tag. A web page with an iframe tag containing a specially crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running SeaMonkey.\n(CVE-2011-0075)\n\nA flaw was found in the way SeaMonkey displayed multiple marquee elements. A malformed HTML document could cause SeaMonkey to execute arbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2011-0074)\n\nA flaw was found in the way SeaMonkey handled the nsTreeSelection element. Malformed content could cause SeaMonkey to execute arbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2011-0073)\n\nA use-after-free flaw was found in the way SeaMonkey appended frame and iframe elements to a DOM tree when the NoScript add-on was enabled. Malicious HTML content could cause SeaMonkey to execute arbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2011-0072)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : seamonkey on SL4.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110428_SEAMONKEY_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61027", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61027);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\");\n\n script_name(english:\"Scientific Linux Security Update : seamonkey on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SeaMonkey is an open source web browser, email and newsgroup client,\nIRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could possibly lead to arbitrary\ncode execution with the privileges of the user running SeaMonkey.\n(CVE-2011-0080)\n\nAn arbitrary memory write flaw was found in the way SeaMonkey handled\nout-of-memory conditions. If all memory was consumed when a user\nvisited a malicious web page, it could possibly lead to arbitrary code\nexecution with the privileges of the user running SeaMonkey.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way SeaMonkey handled the\nHTML frameset tag. A web page with a frameset tag containing large\nvalues for the 'rows' and 'cols' attributes could trigger this flaw,\npossibly leading to arbitrary code execution with the privileges of\nthe user running SeaMonkey. (CVE-2011-0077)\n\nA flaw was found in the way SeaMonkey handled the HTML iframe tag. A\nweb page with an iframe tag containing a specially crafted source\naddress could trigger this flaw, possibly leading to arbitrary code\nexecution with the privileges of the user running SeaMonkey.\n(CVE-2011-0075)\n\nA flaw was found in the way SeaMonkey displayed multiple marquee\nelements. A malformed HTML document could cause SeaMonkey to execute\narbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2011-0074)\n\nA flaw was found in the way SeaMonkey handled the nsTreeSelection\nelement. Malformed content could cause SeaMonkey to execute arbitrary\ncode with the privileges of the user running SeaMonkey.\n(CVE-2011-0073)\n\nA use-after-free flaw was found in the way SeaMonkey appended frame\nand iframe elements to a DOM tree when the NoScript add-on was\nenabled. Malicious HTML content could cause SeaMonkey to execute\narbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2011-0072)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncorrect these issues. After installing the update, SeaMonkey must be\nrestarted for the changes to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1104&L=scientific-linux-errata&T=0&P=3458\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26d91f2d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-1.0.9-70.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-chat-1.0.9-70.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-devel-1.0.9-70.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-dom-inspector-1.0.9-70.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-js-debugger-1.0.9-70.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-mail-1.0.9-70.el4_8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:54:19", "description": "From Red Hat Security Advisory 2011:0473 :\n\nUpdated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nSeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running SeaMonkey.\n(CVE-2011-0080)\n\nAn arbitrary memory write flaw was found in the way SeaMonkey handled out-of-memory conditions. If all memory was consumed when a user visited a malicious web page, it could possibly lead to arbitrary code execution with the privileges of the user running SeaMonkey.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way SeaMonkey handled the HTML frameset tag. A web page with a frameset tag containing large values for the 'rows' and 'cols' attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running SeaMonkey. (CVE-2011-0077)\n\nA flaw was found in the way SeaMonkey handled the HTML iframe tag. A web page with an iframe tag containing a specially crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running SeaMonkey.\n(CVE-2011-0075)\n\nA flaw was found in the way SeaMonkey displayed multiple marquee elements. A malformed HTML document could cause SeaMonkey to execute arbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2011-0074)\n\nA flaw was found in the way SeaMonkey handled the nsTreeSelection element. Malformed content could cause SeaMonkey to execute arbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2011-0073)\n\nA use-after-free flaw was found in the way SeaMonkey appended frame and iframe elements to a DOM tree when the NoScript add-on was enabled. Malicious HTML content could cause SeaMonkey to execute arbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2011-0072)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : seamonkey (ELSA-2011-0473)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:seamonkey", "p-cpe:/a:oracle:linux:seamonkey-chat", "p-cpe:/a:oracle:linux:seamonkey-devel", "p-cpe:/a:oracle:linux:seamonkey-dom-inspector", "p-cpe:/a:oracle:linux:seamonkey-js-debugger", "p-cpe:/a:oracle:linux:seamonkey-mail", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2011-0473.NASL", "href": "https://www.tenable.com/plugins/nessus/68263", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0473 and \n# Oracle Linux Security Advisory ELSA-2011-0473 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68263);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\");\n script_xref(name:\"RHSA\", value:\"2011:0473\");\n\n script_name(english:\"Oracle Linux 4 : seamonkey (ELSA-2011-0473)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0473 :\n\nUpdated SeaMonkey packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSeaMonkey is an open source web browser, email and newsgroup client,\nIRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could possibly lead to arbitrary\ncode execution with the privileges of the user running SeaMonkey.\n(CVE-2011-0080)\n\nAn arbitrary memory write flaw was found in the way SeaMonkey handled\nout-of-memory conditions. If all memory was consumed when a user\nvisited a malicious web page, it could possibly lead to arbitrary code\nexecution with the privileges of the user running SeaMonkey.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way SeaMonkey handled the\nHTML frameset tag. A web page with a frameset tag containing large\nvalues for the 'rows' and 'cols' attributes could trigger this flaw,\npossibly leading to arbitrary code execution with the privileges of\nthe user running SeaMonkey. (CVE-2011-0077)\n\nA flaw was found in the way SeaMonkey handled the HTML iframe tag. A\nweb page with an iframe tag containing a specially crafted source\naddress could trigger this flaw, possibly leading to arbitrary code\nexecution with the privileges of the user running SeaMonkey.\n(CVE-2011-0075)\n\nA flaw was found in the way SeaMonkey displayed multiple marquee\nelements. A malformed HTML document could cause SeaMonkey to execute\narbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2011-0074)\n\nA flaw was found in the way SeaMonkey handled the nsTreeSelection\nelement. Malformed content could cause SeaMonkey to execute arbitrary\ncode with the privileges of the user running SeaMonkey.\n(CVE-2011-0073)\n\nA use-after-free flaw was found in the way SeaMonkey appended frame\nand iframe elements to a DOM tree when the NoScript add-on was\nenabled. Malicious HTML content could cause SeaMonkey to execute\narbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2011-0072)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncorrect these issues. After installing the update, SeaMonkey must be\nrestarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-April/002108.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-1.0.9-70.0.1.el4_8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-chat-1.0.9-70.0.1.el4_8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-devel-1.0.9-70.0.1.el4_8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-dom-inspector-1.0.9-70.0.1.el4_8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-js-debugger-1.0.9-70.0.1.el4_8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-mail-1.0.9-70.0.1.el4_8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-chat / seamonkey-devel / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:00:56", "description": "Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nSeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running SeaMonkey.\n(CVE-2011-0080)\n\nAn arbitrary memory write flaw was found in the way SeaMonkey handled out-of-memory conditions. If all memory was consumed when a user visited a malicious web page, it could possibly lead to arbitrary code execution with the privileges of the user running SeaMonkey.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way SeaMonkey handled the HTML frameset tag. A web page with a frameset tag containing large values for the 'rows' and 'cols' attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running SeaMonkey. (CVE-2011-0077)\n\nA flaw was found in the way SeaMonkey handled the HTML iframe tag. A web page with an iframe tag containing a specially crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running SeaMonkey.\n(CVE-2011-0075)\n\nA flaw was found in the way SeaMonkey displayed multiple marquee elements. A malformed HTML document could cause SeaMonkey to execute arbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2011-0074)\n\nA flaw was found in the way SeaMonkey handled the nsTreeSelection element. Malformed content could cause SeaMonkey to execute arbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2011-0073)\n\nA use-after-free flaw was found in the way SeaMonkey appended frame and iframe elements to a DOM tree when the NoScript add-on was enabled. Malicious HTML content could cause SeaMonkey to execute arbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2011-0072)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2011-05-02T00:00:00", "type": "nessus", "title": "CentOS 4 : seamonkey (CESA-2011:0473)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:seamonkey", "p-cpe:/a:centos:centos:seamonkey-chat", "p-cpe:/a:centos:centos:seamonkey-devel", "p-cpe:/a:centos:centos:seamonkey-dom-inspector", "p-cpe:/a:centos:centos:seamonkey-js-debugger", "p-cpe:/a:centos:centos:seamonkey-mail", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2011-0473.NASL", "href": "https://www.tenable.com/plugins/nessus/53600", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0473 and \n# CentOS Errata and Security Advisory 2011:0473 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53600);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\");\n script_xref(name:\"RHSA\", value:\"2011:0473\");\n\n script_name(english:\"CentOS 4 : seamonkey (CESA-2011:0473)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated SeaMonkey packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSeaMonkey is an open source web browser, email and newsgroup client,\nIRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could possibly lead to arbitrary\ncode execution with the privileges of the user running SeaMonkey.\n(CVE-2011-0080)\n\nAn arbitrary memory write flaw was found in the way SeaMonkey handled\nout-of-memory conditions. If all memory was consumed when a user\nvisited a malicious web page, it could possibly lead to arbitrary code\nexecution with the privileges of the user running SeaMonkey.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way SeaMonkey handled the\nHTML frameset tag. A web page with a frameset tag containing large\nvalues for the 'rows' and 'cols' attributes could trigger this flaw,\npossibly leading to arbitrary code execution with the privileges of\nthe user running SeaMonkey. (CVE-2011-0077)\n\nA flaw was found in the way SeaMonkey handled the HTML iframe tag. A\nweb page with an iframe tag containing a specially crafted source\naddress could trigger this flaw, possibly leading to arbitrary code\nexecution with the privileges of the user running SeaMonkey.\n(CVE-2011-0075)\n\nA flaw was found in the way SeaMonkey displayed multiple marquee\nelements. A malformed HTML document could cause SeaMonkey to execute\narbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2011-0074)\n\nA flaw was found in the way SeaMonkey handled the nsTreeSelection\nelement. Malformed content could cause SeaMonkey to execute arbitrary\ncode with the privileges of the user running SeaMonkey.\n(CVE-2011-0073)\n\nA use-after-free flaw was found in the way SeaMonkey appended frame\nand iframe elements to a DOM tree when the NoScript add-on was\nenabled. Malicious HTML content could cause SeaMonkey to execute\narbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2011-0072)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncorrect these issues. After installing the update, SeaMonkey must be\nrestarted for the changes to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-April/017468.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a261e2a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-April/017469.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bd258156\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"seamonkey-1.0.9-70.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"seamonkey-1.0.9-70.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"seamonkey-chat-1.0.9-70.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"seamonkey-chat-1.0.9-70.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"seamonkey-devel-1.0.9-70.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"seamonkey-devel-1.0.9-70.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"seamonkey-dom-inspector-1.0.9-70.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"seamonkey-dom-inspector-1.0.9-70.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"seamonkey-js-debugger-1.0.9-70.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"seamonkey-js-debugger-1.0.9-70.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"seamonkey-mail-1.0.9-70.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"seamonkey-mail-1.0.9-70.el4.centos\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-chat / seamonkey-devel / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:00:59", "description": "An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML content.\nAn HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Thunderbird handled out-of-memory conditions. If all memory was consumed when a user viewed a malicious HTML mail message, it could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Thunderbird handled the HTML frameset tag. An HTML mail message with a frameset tag containing large values for the 'rows' and 'cols' attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0077)\n\nA flaw was found in the way Thunderbird handled the HTML iframe tag.\nAn HTML mail message with an iframe tag containing a specially crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Thunderbird.\n(CVE-2011-0075)\n\nA flaw was found in the way Thunderbird displayed multiple marquee elements. A malformed HTML mail message could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0074)\n\nA flaw was found in the way Thunderbird handled the nsTreeSelection element. Malformed content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-0073)\n\nA directory traversal flaw was found in the Thunderbird resource:// protocol handler. Malicious content could cause Thunderbird to access arbitrary files accessible to the user running Thunderbird.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Thunderbird handled 'application/http-index-format' documents. A malformed HTTP response could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0070)\n\nAll Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2011-04-29T00:00:00", "type": "nessus", "title": "RHEL 6 : thunderbird (RHSA-2011:0475)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:thunderbird", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "REDHAT-RHSA-2011-0475.NASL", "href": "https://www.tenable.com/plugins/nessus/53584", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0475. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53584);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n script_xref(name:\"RHSA\", value:\"2011:0475\");\n\n script_name(english:\"RHEL 6 : thunderbird (RHSA-2011:0475)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML content.\nAn HTML mail message containing malicious content could possibly lead\nto arbitrary code execution with the privileges of the user running\nThunderbird. (CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Thunderbird\nhandled out-of-memory conditions. If all memory was consumed when a\nuser viewed a malicious HTML mail message, it could possibly lead to\narbitrary code execution with the privileges of the user running\nThunderbird. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Thunderbird handled the\nHTML frameset tag. An HTML mail message with a frameset tag containing\nlarge values for the 'rows' and 'cols' attributes could trigger this\nflaw, possibly leading to arbitrary code execution with the privileges\nof the user running Thunderbird. (CVE-2011-0077)\n\nA flaw was found in the way Thunderbird handled the HTML iframe tag.\nAn HTML mail message with an iframe tag containing a specially crafted\nsource address could trigger this flaw, possibly leading to arbitrary\ncode execution with the privileges of the user running Thunderbird.\n(CVE-2011-0075)\n\nA flaw was found in the way Thunderbird displayed multiple marquee\nelements. A malformed HTML mail message could cause Thunderbird to\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2011-0074)\n\nA flaw was found in the way Thunderbird handled the nsTreeSelection\nelement. Malformed content could cause Thunderbird to execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-0073)\n\nA directory traversal flaw was found in the Thunderbird resource://\nprotocol handler. Malicious content could cause Thunderbird to access\narbitrary files accessible to the user running Thunderbird.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Thunderbird handled\n'application/http-index-format' documents. A malformed HTTP response\ncould cause Thunderbird to execute arbitrary code with the privileges\nof the user running Thunderbird. (CVE-2011-0070)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0475\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0475\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-3.1.10-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-3.1.10-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-3.1.10-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-debuginfo-3.1.10-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-debuginfo-3.1.10-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-3.1.10-1.el6_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:57:48", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML content.\nAn HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Thunderbird handled out-of-memory conditions. If all memory was consumed when a user viewed a malicious HTML mail message, it could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Thunderbird handled the HTML frameset tag. An HTML mail message with a frameset tag containing large values for the 'rows' and 'cols' attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0077)\n\nA flaw was found in the way Thunderbird handled the HTML iframe tag.\nAn HTML mail message with an iframe tag containing a specially crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Thunderbird.\n(CVE-2011-0075)\n\nA flaw was found in the way Thunderbird displayed multiple marquee elements. A malformed HTML mail message could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0074)\n\nA flaw was found in the way Thunderbird handled the nsTreeSelection element. Malformed content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-0073)\n\nA directory traversal flaw was found in the Thunderbird resource:// protocol handler. Malicious content could cause Thunderbird to access arbitrary files accessible to the user running Thunderbird.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Thunderbird handled 'application/http-index-format' documents. A malformed HTTP response could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0070)\n\nAll Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110428_THUNDERBIRD_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61029", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61029);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML content.\nAn HTML mail message containing malicious content could possibly lead\nto arbitrary code execution with the privileges of the user running\nThunderbird. (CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Thunderbird\nhandled out-of-memory conditions. If all memory was consumed when a\nuser viewed a malicious HTML mail message, it could possibly lead to\narbitrary code execution with the privileges of the user running\nThunderbird. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Thunderbird handled the\nHTML frameset tag. An HTML mail message with a frameset tag containing\nlarge values for the 'rows' and 'cols' attributes could trigger this\nflaw, possibly leading to arbitrary code execution with the privileges\nof the user running Thunderbird. (CVE-2011-0077)\n\nA flaw was found in the way Thunderbird handled the HTML iframe tag.\nAn HTML mail message with an iframe tag containing a specially crafted\nsource address could trigger this flaw, possibly leading to arbitrary\ncode execution with the privileges of the user running Thunderbird.\n(CVE-2011-0075)\n\nA flaw was found in the way Thunderbird displayed multiple marquee\nelements. A malformed HTML mail message could cause Thunderbird to\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2011-0074)\n\nA flaw was found in the way Thunderbird handled the nsTreeSelection\nelement. Malformed content could cause Thunderbird to execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-0073)\n\nA directory traversal flaw was found in the Thunderbird resource://\nprotocol handler. Malicious content could cause Thunderbird to access\narbitrary files accessible to the user running Thunderbird.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Thunderbird handled\n'application/http-index-format' documents. A malformed HTTP response\ncould cause Thunderbird to execute arbitrary code with the privileges\nof the user running Thunderbird. (CVE-2011-0070)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1104&L=scientific-linux-errata&T=0&P=3764\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?21f63c86\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-3.1.10-1.el6_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:53:32", "description": "From Red Hat Security Advisory 2011:0475 :\n\nAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML content.\nAn HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Thunderbird handled out-of-memory conditions. If all memory was consumed when a user viewed a malicious HTML mail message, it could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Thunderbird handled the HTML frameset tag. An HTML mail message with a frameset tag containing large values for the 'rows' and 'cols' attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0077)\n\nA flaw was found in the way Thunderbird handled the HTML iframe tag.\nAn HTML mail message with an iframe tag containing a specially crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Thunderbird.\n(CVE-2011-0075)\n\nA flaw was found in the way Thunderbird displayed multiple marquee elements. A malformed HTML mail message could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0074)\n\nA flaw was found in the way Thunderbird handled the nsTreeSelection element. Malformed content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-0073)\n\nA directory traversal flaw was found in the Thunderbird resource:// protocol handler. Malicious content could cause Thunderbird to access arbitrary files accessible to the user running Thunderbird.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Thunderbird handled 'application/http-index-format' documents. A malformed HTTP response could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0070)\n\nAll Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : thunderbird (ELSA-2011-0475)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:thunderbird", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2011-0475.NASL", "href": "https://www.tenable.com/plugins/nessus/68265", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0475 and \n# Oracle Linux Security Advisory ELSA-2011-0475 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68265);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n script_xref(name:\"RHSA\", value:\"2011:0475\");\n\n script_name(english:\"Oracle Linux 6 : thunderbird (ELSA-2011-0475)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0475 :\n\nAn updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML content.\nAn HTML mail message containing malicious content could possibly lead\nto arbitrary code execution with the privileges of the user running\nThunderbird. (CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Thunderbird\nhandled out-of-memory conditions. If all memory was consumed when a\nuser viewed a malicious HTML mail message, it could possibly lead to\narbitrary code execution with the privileges of the user running\nThunderbird. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Thunderbird handled the\nHTML frameset tag. An HTML mail message with a frameset tag containing\nlarge values for the 'rows' and 'cols' attributes could trigger this\nflaw, possibly leading to arbitrary code execution with the privileges\nof the user running Thunderbird. (CVE-2011-0077)\n\nA flaw was found in the way Thunderbird handled the HTML iframe tag.\nAn HTML mail message with an iframe tag containing a specially crafted\nsource address could trigger this flaw, possibly leading to arbitrary\ncode execution with the privileges of the user running Thunderbird.\n(CVE-2011-0075)\n\nA flaw was found in the way Thunderbird displayed multiple marquee\nelements. A malformed HTML mail message could cause Thunderbird to\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2011-0074)\n\nA flaw was found in the way Thunderbird handled the nsTreeSelection\nelement. Malformed content could cause Thunderbird to execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-0073)\n\nA directory traversal flaw was found in the Thunderbird resource://\nprotocol handler. Malicious content could cause Thunderbird to access\narbitrary files accessible to the user running Thunderbird.\n(CVE-2011-0071)\n\nA double free flaw was found in the way Thunderbird handled\n'application/http-index-format' documents. A malformed HTTP response\ncould cause Thunderbird to execute arbitrary code with the privileges\nof the user running Thunderbird. (CVE-2011-0070)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-April/002103.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"thunderbird-3.1.10-1.0.1.el6_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:49:35", "description": "Mozilla Thunderbird was updated to the 3.1.10 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-4458)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0072", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:enigmail", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_MOZILLATHUNDERBIRD-110429.NASL", "href": "https://www.tenable.com/plugins/nessus/75664", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaThunderbird-4458.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75664);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n\n script_name(english:\"openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-4458)\");\n script_summary(english:\"Check for the MozillaThunderbird-4458 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Thunderbird was updated to the 3.1.10 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaThunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaThunderbird-3.1.10-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaThunderbird-devel-3.1.10-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaThunderbird-translations-common-3.1.10-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaThunderbird-translations-other-3.1.10-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"enigmail-1.1.2-9.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:01:04", "description": "Mozilla Thunderbird was updated to the 3.1.10 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)", "cvss3": {"score": null, "vector": null}, "published": "2011-05-05T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-4458)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0072", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:enigmail", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_MOZILLATHUNDERBIRD-110429.NASL", "href": "https://www.tenable.com/plugins/nessus/53775", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaThunderbird-4458.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53775);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n\n script_name(english:\"openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-4458)\");\n script_summary(english:\"Check for the MozillaThunderbird-4458 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Thunderbird was updated to the 3.1.10 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaThunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaThunderbird-3.1.10-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaThunderbird-devel-3.1.10-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaThunderbird-translations-common-3.1.10-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaThunderbird-translations-other-3.1.10-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"enigmail-1.1.2-9.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:49:45", "description": "Mozilla Thunderbird was updated to the 3.1.10 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072)", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-4458)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0072", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:enigmail", "p-cpe:/a:novell:opensuse:enigmail-debuginfo", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_MOZILLATHUNDERBIRD-110429.NASL", "href": "https://www.tenable.com/plugins/nessus/75964", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaThunderbird-4458.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75964);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n\n script_name(english:\"openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-4458)\");\n script_summary(english:\"Check for the MozillaThunderbird-4458 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Thunderbird was updated to the 3.1.10 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaThunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-3.1.10-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-buildsymbols-3.1.10-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-debuginfo-3.1.10-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-debugsource-3.1.10-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-devel-3.1.10-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-devel-debuginfo-3.1.10-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-translations-common-3.1.10-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-translations-other-3.1.10-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"enigmail-1.1.2-9.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"enigmail-debuginfo-1.1.2-9.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:53:32", "description": "From Red Hat Security Advisory 2011:0474 :\n\nAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML content.\nAn HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0080)\n\nAn arbitrary memory write flaw was found in the way Thunderbird handled out-of-memory conditions. If all memory was consumed when a user viewed a malicious HTML mail message, it could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Thunderbird handled the HTML frameset tag. An HTML mail message with a frameset tag containing large values for the 'rows' and 'cols' attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0077)\n\nA flaw was found in the way Thunderbird handled the HTML iframe tag.\nAn HTML mail message with an iframe tag containing a specially crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Thunderbird.\n(CVE-2011-0075)\n\nA flaw was found in the way Thunderbird displayed multiple marquee elements. A malformed HTML mail message could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0074)\n\nA flaw was found in the way Thunderbird handled the nsTreeSelection element. Malformed content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-0073)\n\nAll Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : thunderbird (ELSA-2011-0474)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:thunderbird", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2011-0474.NASL", "href": "https://www.tenable.com/plugins/nessus/68264", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0474 and \n# Oracle Linux Security Advisory ELSA-2011-0474 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68264);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\");\n script_xref(name:\"RHSA\", value:\"2011:0474\");\n\n script_name(english:\"Oracle Linux 4 : thunderbird (ELSA-2011-0474)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0474 :\n\nAn updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML content.\nAn HTML mail message containing malicious content could possibly lead\nto arbitrary code execution with the privileges of the user running\nThunderbird. (CVE-2011-0080)\n\nAn arbitrary memory write flaw was found in the way Thunderbird\nhandled out-of-memory conditions. If all memory was consumed when a\nuser viewed a malicious HTML mail message, it could possibly lead to\narbitrary code execution with the privileges of the user running\nThunderbird. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Thunderbird handled the\nHTML frameset tag. An HTML mail message with a frameset tag containing\nlarge values for the 'rows' and 'cols' attributes could trigger this\nflaw, possibly leading to arbitrary code execution with the privileges\nof the user running Thunderbird. (CVE-2011-0077)\n\nA flaw was found in the way Thunderbird handled the HTML iframe tag.\nAn HTML mail message with an iframe tag containing a specially crafted\nsource address could trigger this flaw, possibly leading to arbitrary\ncode execution with the privileges of the user running Thunderbird.\n(CVE-2011-0075)\n\nA flaw was found in the way Thunderbird displayed multiple marquee\nelements. A malformed HTML mail message could cause Thunderbird to\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2011-0074)\n\nA flaw was found in the way Thunderbird handled the nsTreeSelection\nelement. Malformed content could cause Thunderbird to execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-0073)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-April/002109.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"thunderbird-1.5.0.12-38.0.1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:57:55", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML content.\nAn HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0080)\n\nAn arbitrary memory write flaw was found in the way Thunderbird handled out-of-memory conditions. If all memory was consumed when a user viewed a malicious HTML mail message, it could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Thunderbird handled the HTML frameset tag. An HTML mail message with a frameset tag containing large values for the 'rows' and 'cols' attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0077)\n\nA flaw was found in the way Thunderbird handled the HTML iframe tag.\nAn HTML mail message with an iframe tag containing a specially crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Thunderbird.\n(CVE-2011-0075)\n\nA flaw was found in the way Thunderbird displayed multiple marquee elements. A malformed HTML mail message could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0074)\n\nA flaw was found in the way Thunderbird handled the nsTreeSelection element. Malformed content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-0073)\n\nAll Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : thunderbird on SL4.x,SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110428_THUNDERBIRD_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61028", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61028);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL4.x,SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML content.\nAn HTML mail message containing malicious content could possibly lead\nto arbitrary code execution with the privileges of the user running\nThunderbird. (CVE-2011-0080)\n\nAn arbitrary memory write flaw was found in the way Thunderbird\nhandled out-of-memory conditions. If all memory was consumed when a\nuser viewed a malicious HTML mail message, it could possibly lead to\narbitrary code execution with the privileges of the user running\nThunderbird. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Thunderbird handled the\nHTML frameset tag. An HTML mail message with a frameset tag containing\nlarge values for the 'rows' and 'cols' attributes could trigger this\nflaw, possibly leading to arbitrary code execution with the privileges\nof the user running Thunderbird. (CVE-2011-0077)\n\nA flaw was found in the way Thunderbird handled the HTML iframe tag.\nAn HTML mail message with an iframe tag containing a specially crafted\nsource address could trigger this flaw, possibly leading to arbitrary\ncode execution with the privileges of the user running Thunderbird.\n(CVE-2011-0075)\n\nA flaw was found in the way Thunderbird displayed multiple marquee\nelements. A malformed HTML mail message could cause Thunderbird to\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2011-0074)\n\nA flaw was found in the way Thunderbird handled the nsTreeSelection\nelement. Malformed content could cause Thunderbird to execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-0073)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1104&L=scientific-linux-errata&T=0&P=3607\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c33dbb3e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"thunderbird-1.5.0.12-38.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-2.0.0.24-17.el5_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:00:56", "description": "An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML content.\nAn HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0080)\n\nAn arbitrary memory write flaw was found in the way Thunderbird handled out-of-memory conditions. If all memory was consumed when a user viewed a malicious HTML mail message, it could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Thunderbird handled the HTML frameset tag. An HTML mail message with a frameset tag containing large values for the 'rows' and 'cols' attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0077)\n\nA flaw was found in the way Thunderbird handled the HTML iframe tag.\nAn HTML mail message with an iframe tag containing a specially crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Thunderbird.\n(CVE-2011-0075)\n\nA flaw was found in the way Thunderbird displayed multiple marquee elements. A malformed HTML mail message could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0074)\n\nA flaw was found in the way Thunderbird handled the nsTreeSelection element. Malformed content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-0073)\n\nAll Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2011-04-29T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : thunderbird (RHSA-2011:0474)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:thunderbird", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.6"], "id": "REDHAT-RHSA-2011-0474.NASL", "href": "https://www.tenable.com/plugins/nessus/53583", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0474. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53583);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\");\n script_xref(name:\"RHSA\", value:\"2011:0474\");\n\n script_name(english:\"RHEL 4 / 5 : thunderbird (RHSA-2011:0474)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML content.\nAn HTML mail message containing malicious content could possibly lead\nto arbitrary code execution with the privileges of the user running\nThunderbird. (CVE-2011-0080)\n\nAn arbitrary memory write flaw was found in the way Thunderbird\nhandled out-of-memory conditions. If all memory was consumed when a\nuser viewed a malicious HTML mail message, it could possibly lead to\narbitrary code execution with the privileges of the user running\nThunderbird. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Thunderbird handled the\nHTML frameset tag. An HTML mail message with a frameset tag containing\nlarge values for the 'rows' and 'cols' attributes could trigger this\nflaw, possibly leading to arbitrary code execution with the privileges\nof the user running Thunderbird. (CVE-2011-0077)\n\nA flaw was found in the way Thunderbird handled the HTML iframe tag.\nAn HTML mail message with an iframe tag containing a specially crafted\nsource address could trigger this flaw, possibly leading to arbitrary\ncode execution with the privileges of the user running Thunderbird.\n(CVE-2011-0075)\n\nA flaw was found in the way Thunderbird displayed multiple marquee\nelements. A malformed HTML mail message could cause Thunderbird to\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2011-0074)\n\nA flaw was found in the way Thunderbird handled the nsTreeSelection\nelement. Malformed content could cause Thunderbird to execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-0073)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0474\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0474\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"thunderbird-1.5.0.12-38.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-2.0.0.24-17.el5_6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-2.0.0.24-17.el5_6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:01:00", "description": "An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML content.\nAn HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0080)\n\nAn arbitrary memory write flaw was found in the way Thunderbird handled out-of-memory conditions. If all memory was consumed when a user viewed a malicious HTML mail message, it could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Thunderbird handled the HTML frameset tag. An HTML mail message with a frameset tag containing large values for the 'rows' and 'cols' attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0077)\n\nA flaw was found in the way Thunderbird handled the HTML iframe tag.\nAn HTML mail message with an iframe tag containing a specially crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Thunderbird.\n(CVE-2011-0075)\n\nA flaw was found in the way Thunderbird displayed multiple marquee elements. A malformed HTML mail message could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0074)\n\nA flaw was found in the way Thunderbird handled the nsTreeSelection element. Malformed content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-0073)\n\nAll Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2011-05-02T00:00:00", "type": "nessus", "title": "CentOS 4 / 5 : thunderbird (CESA-2011:0474)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-0474.NASL", "href": "https://www.tenable.com/plugins/nessus/53601", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0474 and \n# CentOS Errata and Security Advisory 2011:0474 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53601);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\");\n script_xref(name:\"RHSA\", value:\"2011:0474\");\n\n script_name(english:\"CentOS 4 / 5 : thunderbird (CESA-2011:0474)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML content.\nAn HTML mail message containing malicious content could possibly lead\nto arbitrary code execution with the privileges of the user running\nThunderbird. (CVE-2011-0080)\n\nAn arbitrary memory write flaw was found in the way Thunderbird\nhandled out-of-memory conditions. If all memory was consumed when a\nuser viewed a malicious HTML mail message, it could possibly lead to\narbitrary code execution with the privileges of the user running\nThunderbird. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Thunderbird handled the\nHTML frameset tag. An HTML mail message with a frameset tag containing\nlarge values for the 'rows' and 'cols' attributes could trigger this\nflaw, possibly leading to arbitrary code execution with the privileges\nof the user running Thunderbird. (CVE-2011-0077)\n\nA flaw was found in the way Thunderbird handled the HTML iframe tag.\nAn HTML mail message with an iframe tag containing a specially crafted\nsource address could trigger this flaw, possibly leading to arbitrary\ncode execution with the privileges of the user running Thunderbird.\n(CVE-2011-0075)\n\nA flaw was found in the way Thunderbird displayed multiple marquee\nelements. A malformed HTML mail message could cause Thunderbird to\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2011-0074)\n\nA flaw was found in the way Thunderbird handled the nsTreeSelection\nelement. Malformed content could cause Thunderbird to execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-0073)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-April/017462.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fb8690fc\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-April/017463.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6654033e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-April/017464.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1948d826\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-April/017465.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?88a77e7c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"thunderbird-1.5.0.12-38.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"thunderbird-1.5.0.12-38.el4.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-2.0.0.24-17.el5.centos\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:00:54", "description": "Versions of Thunderbird 3.1.x earlier than 3.1.10 are potentially affected by multiple vulnerabilities :\n\n - Multiple memory corruption issues could lead to arbitrary code execution. (MFSA2011-12)\n\n - The 'resource:' protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. (MFSA2011-16)", "cvss3": {"score": null, "vector": null}, "published": "2011-04-29T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird 3.1.x < 3.1.10 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-0069", "CVE-2011-0072", "CVE-2011-0079"], "modified": "2011-04-29T00:00:00", "cpe": [], "id": "801271.PRM", "href": "https://www.tenable.com/plugins/lce/801271", "sourceData": "Binary data 801271.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:00:55", "description": "Versions of Mozilla Thunderbird 3.1.x prior to 3.1.10 are affected by the following vulnerabilities :\n\n - Multiple memory corruption issues could lead to arbitrary code execution. (MFSA2011-12)\n - The 'resource:' protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. (MFSA2011-16)", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2011-04-29T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird 3.1.x < 3.1.10 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-0069", "CVE-2011-0072", "CVE-2011-0079"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"], "id": "5903.PRM", "href": "https://www.tenable.com/plugins/nnm/5903", "sourceData": "Binary data 5903.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-23T16:05:34", "description": "A large number of security issues were discovered in the Gecko rendering engine. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-06-13T00:00:00", "type": "nessus", "title": "Ubuntu 9.10 : Multiple Xulrunner 1.9.1 vulnerabilities (USN-1123-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1585", "CVE-2010-3776", "CVE-2010-3778", "CVE-2011-0051", "CVE-2011-0053", "CVE-2011-0054", "CVE-2011-0055", "CVE-2011-0056", "CVE-2011-0057", "CVE-2011-0058", "CVE-2011-0059", "CVE-2011-0062", "CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-1202"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1", "cpe:/o:canonical:ubuntu_linux:9.10"], "id": "UBUNTU_USN-1123-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55083", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1123-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55083);\n script_version(\"1.24\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2010-1585\", \"CVE-2010-3776\", \"CVE-2010-3778\", \"CVE-2011-0051\", \"CVE-2011-0053\", \"CVE-2011-0054\", \"CVE-2011-0055\", \"CVE-2011-0056\", \"CVE-2011-0057\", \"CVE-2011-0058\", \"CVE-2011-0059\", \"CVE-2011-0062\", \"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-1202\");\n script_bugtraq_id(45344, 45347, 46643, 46645, 46647, 46648, 46650, 46652, 46660, 46661, 46663);\n script_xref(name:\"USN\", value:\"1123-1\");\n\n script_name(english:\"Ubuntu 9.10 : Multiple Xulrunner 1.9.1 vulnerabilities (USN-1123-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A large number of security issues were discovered in the Gecko\nrendering engine. If a user were tricked into viewing a malicious\nwebsite, a remote attacker could exploit a variety of issues related\nto web browser security, including cross-site scripting attacks,\ndenial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1123-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xulrunner-1.9.1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(9\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 9.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.1\", pkgver:\"1.9.1.19+build2+nobinonly-0ubuntu0.9.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xulrunner-1.9.1\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:00:43", "description": "Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted Mielczarek discovered multiple memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. (CVE-2011-0079)\n\nIt was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Firefox.\n(CVE-2011-0081)\n\nIt was discovered that Firefox incorrectly handled certain JavaScript requests. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0070)\n\nChris Evans discovered a vulnerability in Firefox's XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable. (CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-06-13T00:00:00", "type": "nessus", "title": "Ubuntu 11.04 : Firefox vulnerabilities (USN-1121-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0079", "CVE-2011-0081", "CVE-2011-1202"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:11.04"], "id": "UBUNTU_USN-1121-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55079", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1121-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55079);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0079\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_xref(name:\"USN\", value:\"1121-1\");\n\n script_name(english:\"Ubuntu 11.04 : Firefox vulnerabilities (USN-1121-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted\nMielczarek discovered multiple memory vulnerabilities. An attacker\ncould exploit these to possibly run arbitrary code as the user running\nFirefox. (CVE-2011-0079)\n\nIt was discovered that there was a vulnerability in the memory\nhandling of certain types of content. An attacker could exploit this\nto possibly run arbitrary code as the user running Firefox.\n(CVE-2011-0081)\n\nIt was discovered that Firefox incorrectly handled certain JavaScript\nrequests. An attacker could exploit this to possibly run arbitrary\ncode as the user running Firefox. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a\ncertain types of documents. An attacker could exploit this to possibly\nrun arbitrary code as the user running Firefox. (CVE-2011-0070)\n\nChris Evans discovered a vulnerability in Firefox's XSLT generate-id()\nfunction. An attacker could possibly use this vulnerability to make\nother attacks more reliable. (CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1121-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"firefox\", pkgver:\"4.0.1+build1+nobinonly-0ubuntu0.11.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:00:54", "description": "Versions of Firefox 4.0.x earlier than 4.0.1 are potentially affected by multiple vulnerabilities : \n\nMultiple memory corruption issues could lead to arbitrary code execution. (MFSA2011-12)\n\n - Multiple vulnerabilities in the WebGL feature and WebGLES could be exploited to execute arbitrary code or bypass ASLR protection on Windows. (MFSA2011-17) - The XSLT 'generate-id()' function returned a string that revealed a specific valid address of an object on the memory heap. (MFSA2011-18)", "cvss3": {"score": null, "vector": null}, "published": "2011-04-29T00:00:00", "type": "nessus", "title": "Mozilla Firefox 4.0.x < 4.0.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0070", "CVE-2011-0081", "CVE-2011-0069", "CVE-2011-1202", "CVE-2011-0079", "CVE-2011-0068"], "modified": "2011-04-29T00:00:00", "cpe": [], "id": "801264.PRM", "href": "https://www.tenable.com/plugins/lce/801264", "sourceData": "Binary data 801264.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:00:55", "description": "Versions of Firefox 4.0.x earlier than 4.0.1 are potentially affected by multiple vulnerabilities : \n\nMultiple memory corruption issues could lead to arbitrary code execution. (MFSA2011-12)\n - Multiple vulnerabilities in the WebGL feature and WebGLES could be exploited to execute arbitrary code or bypass ASLR protection on Windows. (MFSA2011-17) - The XSLT 'generate-id()' function returned a string that revealed a specific valid address of an object on the memory heap. (MFSA2011-18)", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2011-04-29T00:00:00", "type": "nessus", "title": "Mozilla Firefox 4.0.x < 4.0.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0070", "CVE-2011-0081", "CVE-2011-0069", "CVE-2011-1202", "CVE-2011-0079", "CVE-2011-0068"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"], "id": "5902.PRM", "href": "https://www.tenable.com/plugins/nnm/5902", "sourceData": "Binary data 5902.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:01:05", "description": "The installed version of Firefox 4.0 is earlier than 4.0.1. As such, it is potentially affected by the following security issues :\n\n - A buffer overflow exists in the WebGLES library.\n Additionally, the Windows version was not compiled with ASLR enabled. (CVE-2011-0068)\n\n - Multiple memory safety issues can lead to application crashes and possibly remote code execution.\n (CVE-2011-0069, CVE-2011-0070, CVE-2011-0079, CVE-2011-0081)\n\n - An information disclosure vulnerability exists in the 'xsltGenerateIdFunction' function in the included libxslt library. (CVE-2011-1202)", "cvss3": {"score": null, "vector": null}, "published": "2011-04-29T00:00:00", "type": "nessus", "title": "Firefox 4.0 < 4.0.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0068", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0079", "CVE-2011-0081", "CVE-2011-1202"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_401.NASL", "href": "https://www.tenable.com/plugins/nessus/53595", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53595);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\n \"CVE-2011-0068\",\n \"CVE-2011-0069\",\n \"CVE-2011-0070\",\n \"CVE-2011-0079\",\n \"CVE-2011-0081\",\n \"CVE-2011-1202\"\n );\n script_bugtraq_id(\n 47641,\n 47646,\n 47648,\n 47651,\n 47653,\n 47654,\n 47655,\n 47656,\n 47657,\n 47659,\n 47661,\n 47662,\n 47663,\n 47667,\n 47668\n );\n script_xref(name:\"Secunia\", value:\"44406\");\n\n script_name(english:\"Firefox 4.0 < 4.0.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox 4.0 is earlier than 4.0.1. As such,\nit is potentially affected by the following security issues :\n\n - A buffer overflow exists in the WebGLES library.\n Additionally, the Windows version was not compiled\n with ASLR enabled. (CVE-2011-0068)\n\n - Multiple memory safety issues can lead to application\n crashes and possibly remote code execution.\n (CVE-2011-0069, CVE-2011-0070, CVE-2011-0079,\n CVE-2011-0081)\n\n - An information disclosure vulnerability exists in the\n 'xsltGenerateIdFunction' function in the included\n libxslt library. (CVE-2011-1202)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-18/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?12d3777c\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 4.0.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'4.0.1', min:'4.0', severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:49:34", "description": "Mozilla Firefox was updated to the 4.0.1 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits\n\nMozilla developers Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, Nils, Scoobidiver, and Ted Mielczarek reported memory safety issues which affected Firefox 4. (CVE-2011-0079)\n\nMozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070)\n\nMFSA 2011-17 / CVE-2011-0068: Two crashes that could potentially be exploited to run malicious code were found in the WebGL feature and fixed in Firefox 4.0.1. In addition the WebGLES libraries could potentially be used to bypass a security feature of recent Windows versions. The WebGL feature was introduced in Firefox 4; older versions are not affected by these issues.\n\nNils reported that the WebGLES libraries in the Windows version of Firefox were compiled without ASLR protection. An attacker who found an exploitable memory corruption flaw could then use these libraries to bypass ASLR on Windows Vista and Windows 7, making the flaw as exploitable on those platforms as it would be on Windows XP or other platforms.\n\nMozilla researcher Christoph Diehl reported a potentially exploitable buffer overflow in the WebGLES library\n\nYuri Ko reported a potentially exploitable overwrite in the WebGLES library to the Chrome Secuity Team. We thank them for coordinating with us on this fix.\n\nMFSA 2011-18 / CVE-2011-1202: Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaFirefox (MozillaFirefox-4457)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0068", "CVE-2011-0070", "CVE-2011-0079", "CVE-2011-0081", "CVE-2011-1202"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:mozilla-js20", "p-cpe:/a:novell:opensuse:mozilla-js20-32bit", "p-cpe:/a:novell:opensuse:mozilla-js20-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-js20-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner20", "p-cpe:/a:novell:opensuse:mozilla-xulrunner20-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner20-buildsymbols", "p-cpe:/a:novell:opensuse:mozilla-xulrunner20-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-xulrunner20-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner20-debugsource", "p-cpe:/a:novell:opensuse:mozilla-xulrunner20-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner20-devel-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-xulrunner20-gnome", "p-cpe:/a:novell:opensuse:mozilla-xulrunner20-gnome-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner20-gnome-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-xulrunner20-gnome-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner20-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner20-translations-common-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner20-translations-other", "p-cpe:/a:novell:opensuse:mozilla-xulrunner20-translations-other-32bit", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_MOZILLAFIREFOX-110429.NASL", "href": "https://www.tenable.com/plugins/nessus/75944", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-4457.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75944);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0068\", \"CVE-2011-0070\", \"CVE-2011-0079\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (MozillaFirefox-4457)\");\n script_summary(english:\"Check for the MozillaFirefox-4457 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was updated to the 4.0.1 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developers Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael\nWu, Nils, Scoobidiver, and Ted Mielczarek reported memory safety\nissues which affected Firefox 4. (CVE-2011-0079)\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMFSA 2011-17 / CVE-2011-0068: Two crashes that could potentially be\nexploited to run malicious code were found in the WebGL feature and\nfixed in Firefox 4.0.1. In addition the WebGLES libraries could\npotentially be used to bypass a security feature of recent Windows\nversions. The WebGL feature was introduced in Firefox 4; older\nversions are not affected by these issues.\n\nNils reported that the WebGLES libraries in the Windows version of\nFirefox were compiled without ASLR protection. An attacker who found\nan exploitable memory corruption flaw could then use these libraries\nto bypass ASLR on Windows Vista and Windows 7, making the flaw as\nexploitable on those platforms as it would be on Windows XP or other\nplatforms.\n\nMozilla researcher Christoph Diehl reported a potentially exploitable\nbuffer overflow in the WebGLES library\n\nYuri Ko reported a potentially exploitable overwrite in the WebGLES\nlibrary to the Chrome Secuity Team. We thank them for coordinating\nwith us on this fix.\n\nMFSA 2011-18 / CVE-2011-1202: Chris Evans of the Chrome Security Team\nreported that the XSLT generate-id() function returned a string that\nrevealed a specific valid address of an object on the memory heap. It\nis possible that in some cases this address would be valuable\ninformation that could be used by an attacker while exploiting a\ndifferent memory corruption but, in order to make an exploit more\nreliable or work around mitigation features in the browser or\noperating system.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js20\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js20-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js20-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js20-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-gnome-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-translations-common-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-translations-other-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-4.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-branding-upstream-4.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-debuginfo-4.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-debugsource-4.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-devel-4.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-translations-common-4.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-translations-other-4.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-js20-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-js20-debuginfo-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner20-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner20-buildsymbols-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner20-debuginfo-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner20-debugsource-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner20-devel-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner20-devel-debuginfo-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner20-gnome-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner20-gnome-debuginfo-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner20-translations-common-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner20-translations-other-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-js20-32bit-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-js20-debuginfo-32bit-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner20-32bit-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner20-debuginfo-32bit-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner20-gnome-32bit-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner20-gnome-debuginfo-32bit-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner20-translations-common-32bit-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner20-translations-other-32bit-2.0.1-0.2.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T13:13:29", "description": "It was discovered that there was a vulnerability in the memory handling of \ncertain types of content. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled certain JavaScript \nrequests. If JavaScript were enabled, an attacker could exploit this to \npossibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain \ntypes of documents. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman \ndiscovered several memory vulnerabilities. An attacker could exploit these \nto possibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering code. \nAn attacker could exploit these to possibly run arbitrary code as the user \nrunning Thunderbird. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker could \nexploit these to possibly run arbitrary code as the user running \nThunderbird. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of \ncertain DOM elements. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in \nThunderbird's mChannel and mObserverList objects. An attacker could exploit \nthese to possibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of the \nnsTreeSelection element. An attacker sending a specially crafted E-Mail \ncould exploit this to possibly run arbitrary code as the user running \nThunderbird. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets. If \nplugins were enabled, an attacker could use this to mimic interaction with \nform autocomplete controls and steal entries from the form history. \n(CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol. This \ncould potentially allow an attacker to load arbitrary files that were \naccessible to the user running Thunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT generate-id() \nfunction. An attacker could possibly use this vulnerability to make other \nattacks more reliable. (CVE-2011-1202)\n", "cvss3": {}, "published": "2011-05-05T00:00:00", "type": "ubuntu", "title": "Thunderbird vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0071", "CVE-2011-0078", "CVE-2011-0081", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0067", "CVE-2011-0065", "CVE-2011-0080", "CVE-2011-0070", "CVE-2011-0073", "CVE-2011-1202", "CVE-2011-0072", "CVE-2011-0077", "CVE-2011-0069", "CVE-2011-0066"], "modified": "2011-05-05T00:00:00", "id": "USN-1122-1", "href": "https://ubuntu.com/security/notices/USN-1122-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T13:12:49", "description": "USN-1122-2 fixed vulnerabilities in Thunderbird on Ubuntu 11.04. A \nregression was introduced which caused Thunderbird to display an empty menu \nbar. This update fixes the problem. We apologize for the inconvenience.\n\nOriginal advisory details:\n\nIt was discovered that there was a vulnerability in the memory handling of \ncertain types of content. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled certain JavaScript \nrequests. If JavaScript were enabled, an attacker could exploit this to \npossibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain \ntypes of documents. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman \ndiscovered several memory vulnerabilities. An attacker could exploit these \nto possibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering code. \nAn attacker could exploit these to possibly run arbitrary code as the user \nrunning Thunderbird. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker could \nexploit these to possibly run arbitrary code as the user running \nThunderbird. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of \ncertain DOM elements. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in \nThunderbird's mChannel and mObserverList objects. An attacker could exploit \nthese to possibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of the \nnsTreeSelection element. An attacker sending a specially crafted E-Mail \ncould exploit this to possibly run arbitrary code as the user running \nThunderbird. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets. If \nplugins were enabled, an attacker could use this to mimic interaction with \nform autocomplete controls and steal entries from the form history. \n(CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol. This \ncould potentially allow an attacker to load arbitrary files that were \naccessible to the user running Thunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT generate-id() \nfunction. An attacker could possibly use this vulnerability to make other \nattacks more reliable. (CVE-2011-1202)\n", "cvss3": {}, "published": "2011-06-06T00:00:00", "type": "ubuntu", "title": "Thunderbird regression", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0071", "CVE-2011-0078", "CVE-2011-0081", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0067", "CVE-2011-0065", "CVE-2011-0080", "CVE-2011-0070", "CVE-2011-0073", "CVE-2011-1202", "CVE-2011-0072", "CVE-2011-0077", "CVE-2011-0069", "CVE-2011-0066"], "modified": "2011-06-06T00:00:00", "id": "USN-1122-3", "href": "https://ubuntu.com/security/notices/USN-1122-3", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T13:13:30", "description": "USN-1122-1 fixed vulnerabilities in Thunderbird for Lucid and Maverick. \nThis update provides the corresponding fixes for Natty.\n\nOriginal advisory details:\n\nIt was discovered that there was a vulnerability in the memory handling of \ncertain types of content. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled certain JavaScript \nrequests. If JavaScript were enabled, an attacker could exploit this to \npossibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain \ntypes of documents. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman \ndiscovered several memory vulnerabilities. An attacker could exploit these \nto possibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering code. \nAn attacker could exploit these to possibly run arbitrary code as the user \nrunning Thunderbird. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker could \nexploit these to possibly run arbitrary code as the user running \nThunderbird. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of \ncertain DOM elements. An attacker could exploit this to possibly run \narbitrary code as the user running Thunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in \nThunderbird's mChannel and mObserverList objects. An attacker could exploit \nthese to possibly run arbitrary code as the user running Thunderbird. \n(CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of the \nnsTreeSelection element. An attacker sending a specially crafted E-Mail \ncould exploit this to possibly run arbitrary code as the user running \nThunderbird. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets. If \nplugins were enabled, an attacker could use this to mimic interaction with \nform autocomplete controls and steal entries from the form history. \n(CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol. This \ncould potentially allow an attacker to load arbitrary files that were \naccessible to the user running Thunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird's XSLT generate-id() \nfunction. An attacker could possibly use this vulnerability to make other \nattacks more reliable. (CVE-2011-1202)\n", "cvss3": {}, "published": "2011-05-05T00:00:00", "type": "ubuntu", "title": "Thunderbird vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0071", "CVE-2011-0078", "CVE-2011-0081", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0067", "CVE-2011-0065", "CVE-2011-0080", "CVE-2011-0070", "CVE-2011-0073", "CVE-2011-1202", "CVE-2011-0072", "CVE-2011-0077", "CVE-2011-0069", "CVE-2011-0066"], "modified": "2011-05-05T00:00:00", "id": "USN-1122-2", "href": "https://ubuntu.com/security/notices/USN-1122-2", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T13:13:39", "description": "It was discovered that there was a vulnerability in the memory handling of \ncertain types of content. An attacker could exploit this to possibly run \narbitrary code as the user running Firefox. (CVE-2011-0081)\n\nIt was discovered that Firefox incorrectly handled certain JavaScript \nrequests. An attacker could exploit this to possibly run arbitrary code as \nthe user running Firefox. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain \ntypes of documents. An attacker could exploit this to possibly run \narbitrary code as the user running Firefox. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman \ndiscovered several memory vulnerabilities. An attacker could exploit these \nto possibly run arbitrary code as the user running Firefox. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering code. \nAn attacker could exploit these to possibly run arbitrary code as the user \nrunning Firefox. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker could \nexploit these to possibly run arbitrary code as the user running Firefox. \n(CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of \ncertain DOM elements. An attacker could exploit this to possibly run \narbitrary code as the user running Firefox. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in \nFirefox's mChannel and mObserverList objects. An attacker could exploit \nthese to possibly run arbitrary code as the user running Firefox. \n(CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of the \nnsTreeSelection element. An attacker serving malicious content could \nexploit this to possibly run arbitrary code as the user running Firefox. \n(CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets. An \nattacker could use this to mimic interaction with form autocomplete \ncontrols and steal entries from the form history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol. This \ncould potentially allow an attacker to load arbitrary files that were \naccessible to the user running Firefox. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Firefox's XSLT generate-id() \nfunction. An attacker could possibly use this vulnerability to make other \nattacks more reliable. (CVE-2011-1202)\n", "cvss3": {}, "published": "2011-04-29T00:00:00", "type": "ubuntu", "title": "Firefox and Xulrunner vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0071", "CVE-2011-0078", "CVE-2011-0081", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0067", "CVE-2011-0065", "CVE-2011-0080", "CVE-2011-0070", "CVE-2011-0073", "CVE-2011-1202", "CVE-2011-0072", "CVE-2011-0077", "CVE-2011-0069", "CVE-2011-0066"], "modified": "2011-04-29T00:00:00", "id": "USN-1112-1", "href": "https://ubuntu.com/security/notices/USN-1112-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T13:13:37", "description": "A large number of security issues were discovered in the Gecko rendering \nengine. If a user were tricked into viewing a malicious website, a remote \nattacker could exploit a variety of issues related to web browser security, \nincluding cross-site scripting attacks, denial of service attacks, and \narbitrary code execution.\n", "cvss3": {}, "published": "2011-04-30T00:00:00", "type": "ubuntu", "title": "Xulrunner vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3776", "CVE-2011-0078", "CVE-2010-1585", "CVE-2011-0059", "CVE-2011-0065", "CVE-2011-0080", "CVE-2011-0077", "CVE-2011-0054", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0051", "CVE-2011-0062", "CVE-2011-0053", "CVE-2011-0073", "CVE-2011-0055", "CVE-2011-1202", "CVE-2011-0066", "CVE-2011-0058", "CVE-2011-0075", "CVE-2011-0072", "CVE-2011-0071", "CVE-2011-0057", "CVE-2011-0056", "CVE-2011-0074", "CVE-2011-0067", "CVE-2010-3778"], "modified": "2011-04-30T00:00:00", "id": "USN-1123-1", "href": "https://ubuntu.com/security/notices/USN-1123-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T13:13:38", "description": "Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted Mielczarek \ndiscovered multiple memory vulnerabilities. An attacker could exploit these \nto possibly run arbitrary code as the user running Firefox. (CVE-2011-0079)\n\nIt was discovered that there was a vulnerability in the memory handling of \ncertain types of content. An attacker could exploit this to possibly run \narbitrary code as the user running Firefox. (CVE-2011-0081)\n\nIt was discovered that Firefox incorrectly handled certain JavaScript \nrequests. An attacker could exploit this to possibly run arbitrary code as \nthe user running Firefox. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain \ntypes of documents. An attacker could exploit this to possibly run \narbitrary code as the user running Firefox. (CVE-2011-0070)\n\nChris Evans discovered a vulnerability in Firefox's XSLT generate-id() \nfunction. An attacker could possibly use this vulnerability to make other \nattacks more reliable. (CVE-2011-1202)\n", "cvss3": {}, "published": "2011-04-30T00:00:00", "type": "ubuntu", "title": "Firefox vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0081", "CVE-2011-0079", "CVE-2011-1202", "CVE-2011-0069", "CVE-2011-0070"], "modified": "2011-04-30T00:00:00", "id": "USN-1121-1", "href": "https://ubuntu.com/security/notices/USN-1121-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2022-02-27T11:57:18", "description": "**CentOS Errata and Security Advisory** CESA-2011:0471\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox. (CVE-2011-0080,\nCVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user visited a\nmalicious web page, it could possibly lead to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values for\nthe \"rows\" and \"cols\" attributes could trigger this flaw, possibly leading\nto arbitrary code execution with the privileges of the user running\nFirefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web page\nwith an iframe tag containing a specially-crafted source address could\ntrigger this flaw, possibly leading to arbitrary code execution with the\nprivileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee elements. A\nmalformed HTML document could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection element.\nMalformed content could cause Firefox to execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource:// protocol\nhandler. Malicious content could cause Firefox to access arbitrary files\naccessible to the user running Firefox. (CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n\"application/http-index-format\" documents. A malformed HTTP response could\ncause Firefox to execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript cross-domain\nrequests. If malicious content generated a large number of cross-domain\nJavaScript requests, it could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history information.\n(CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This function\nreturned the memory address of an object in memory, which could possibly be\nused by attackers to bypass address randomization protections.\n(CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.17. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.17, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2011-April/054379.html\nhttps://lists.centos.org/pipermail/centos-announce/2011-April/054380.html\nhttps://lists.centos.org/pipermail/centos-announce/2011-April/054389.html\nhttps://lists.centos.org/pipermail/centos-announce/2011-April/054390.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2011:0471", "cvss3": {}, "published": "2011-04-29T15:48:25", "type": "centos", "title": "firefox, xulrunner security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202"], "modified": "2011-04-29T21:10:44", "id": "CESA-2011:0471", "href": "https://lists.centos.org/pipermail/centos-announce/2011-April/054379.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-27T11:57:20", "description": "**CentOS Errata and Security Advisory** CESA-2011:0473\n\n\nSeaMonkey is an open source web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could possibly lead to arbitrary code\nexecution with the privileges of the user running SeaMonkey.\n(CVE-2011-0080)\n\nAn arbitrary memory write flaw was found in the way SeaMonkey handled\nout-of-memory conditions. If all memory was consumed when a user visited a\nmalicious web page, it could possibly lead to arbitrary code execution\nwith the privileges of the user running SeaMonkey. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way SeaMonkey handled the HTML\nframeset tag. A web page with a frameset tag containing large values for\nthe \"rows\" and \"cols\" attributes could trigger this flaw, possibly leading\nto arbitrary code execution with the privileges of the user running\nSeaMonkey. (CVE-2011-0077)\n\nA flaw was found in the way SeaMonkey handled the HTML iframe tag. A web\npage with an iframe tag containing a specially-crafted source address could\ntrigger this flaw, possibly leading to arbitrary code execution with the\nprivileges of the user running SeaMonkey. (CVE-2011-0075)\n\nA flaw was found in the way SeaMonkey displayed multiple marquee elements.\nA malformed HTML document could cause SeaMonkey to execute arbitrary code\nwith the privileges of the user running SeaMonkey. (CVE-2011-0074)\n\nA flaw was found in the way SeaMonkey handled the nsTreeSelection element.\nMalformed content could cause SeaMonkey to execute arbitrary code with the\nprivileges of the user running SeaMonkey. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way SeaMonkey appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause SeaMonkey to execute arbitrary code with\nthe privileges of the user running SeaMonkey. (CVE-2011-0072)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2011-April/054387.html\nhttps://lists.centos.org/pipermail/centos-announce/2011-April/054388.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2011:0473", "cvss3": {}, "published": "2011-04-29T20:53:41", "type": "centos", "title": "seamonkey security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080"], "modified": "2011-04-29T20:53:41", "id": "CESA-2011:0473", "href": "https://lists.centos.org/pipermail/centos-announce/2011-April/054387.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-27T11:57:19", "description": "**CentOS Errata and Security Advisory** CESA-2011:0474\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML content. An\nHTML mail message containing malicious content could possibly lead to\narbitrary code execution with the privileges of the user running\nThunderbird. (CVE-2011-0080)\n\nAn arbitrary memory write flaw was found in the way Thunderbird handled\nout-of-memory conditions. If all memory was consumed when a user viewed a\nmalicious HTML mail message, it could possibly lead to arbitrary code\nexecution with the privileges of the user running Thunderbird.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Thunderbird handled the HTML\nframeset tag. An HTML mail message with a frameset tag containing large\nvalues for the \"rows\" and \"cols\" attributes could trigger this flaw,\npossibly leading to arbitrary code execution with the privileges of the\nuser running Thunderbird. (CVE-2011-0077)\n\nA flaw was found in the way Thunderbird handled the HTML iframe tag. An\nHTML mail message with an iframe tag containing a specially-crafted source\naddress could trigger this flaw, possibly leading to arbitrary code\nexecution with the privileges of the user running Thunderbird.\n(CVE-2011-0075)\n\nA flaw was found in the way Thunderbird displayed multiple marquee\nelements. A malformed HTML mail message could cause Thunderbird to execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-0074)\n\nA flaw was found in the way Thunderbird handled the nsTreeSelection\nelement. Malformed content could cause Thunderbird to execute arbitrary\ncode with the privileges of the user running Thunderbird. (CVE-2011-0073)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2011-April/054381.html\nhttps://lists.centos.org/pipermail/centos-announce/2011-April/054382.html\nhttps://lists.centos.org/pipermail/centos-announce/2011-April/054383.html\nhttps://lists.centos.org/pipermail/centos-announce/2011-April/054384.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2011:0474", "cvss3": {}, "published": "2011-04-29T15:49:06", "type": "centos", "title": "thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080"], "modified": "2011-04-29T20:51:36", "id": "CESA-2011:0474", "href": "https://lists.centos.org/pipermail/centos-announce/2011-April/054381.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:38:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2011:0471 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881346", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881346", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2011:0471 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-April/017461.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881346\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:30:49 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\",\n \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\",\n \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\",\n \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:0471\");\n script_name(\"CentOS Update for firefox CESA-2011:0471 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could possibly lead to arbitrary code\n execution with the privileges of the user running Firefox. (CVE-2011-0080,\n CVE-2011-0081)\n\n An arbitrary memory write flaw was found in the way Firefox handled\n out-of-memory conditions. If all memory was consumed when a user visited a\n malicious web page, it could possibly lead to arbitrary code execution\n with the privileges of the user running Firefox. (CVE-2011-0078)\n\n An integer overflow flaw was found in the way Firefox handled the HTML\n frameset tag. A web page with a frameset tag containing large values for\n the 'rows' and 'cols' attributes could trigger this flaw, possibly leading\n to arbitrary code execution with the privileges of the user running\n Firefox. (CVE-2011-0077)\n\n A flaw was found in the way Firefox handled the HTML iframe tag. A web page\n with an iframe tag containing a specially-crafted source address could\n trigger this flaw, possibly leading to arbitrary code execution with the\n privileges of the user running Firefox. (CVE-2011-0075)\n\n A flaw was found in the way Firefox displayed multiple marquee elements. A\n malformed HTML document could cause Firefox to execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2011-0074)\n\n A flaw was found in the way Firefox handled the nsTreeSelection element.\n Malformed content could cause Firefox to execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2011-0073)\n\n A use-after-free flaw was found in the way Firefox appended frame and\n iframe elements to a DOM tree when the NoScript add-on was enabled.\n Malicious HTML content could cause Firefox to execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2011-0072)\n\n A directory traversal flaw was found in the Firefox resource:// protocol\n handler. Malicious content could cause Firefox to access arbitrary files\n accessible to the user running Firefox. (CVE-2011-0071)\n\n A double free flaw was found in the way Firefox handled\n 'application/http-index-format' documents. A malformed HTTP response could\n cause Firefox to execute arbitrary code with the privileges of the user\n running Firefox. (CVE-2011-0070)\n\n A flaw was found in the way Firefox handled certain JavaScript cross-domain\n requests. If malicious content generated a large number of cross-domain\n JavaScript reque ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.17~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.17~3.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.17~3.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:54", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1112-1", "cvss3": {}, "published": "2011-05-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for firefox USN-1112-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840640", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840640", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1112_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for firefox USN-1112-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1112-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840640\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1112-1\");\n script_cve_id(\"CVE-2011-0081\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0080\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0072\", \"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0073\", \"CVE-2011-0067\", \"CVE-2011-0071\", \"CVE-2011-1202\");\n script_name(\"Ubuntu Update for firefox USN-1112-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|9\\.10|10\\.10|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1112-1\");\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 10.10,\n Ubuntu 10.04 LTS,\n Ubuntu 9.10,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that there was a vulnerability in the memory handling of\n certain types of content. An attacker could exploit this to possibly run\n arbitrary code as the user running Firefox. (CVE-2011-0081)\n\n It was discovered that Firefox incorrectly handled certain JavaScript\n requests. An attacker could exploit this to possibly run arbitrary code as\n the user running Firefox. (CVE-2011-0069)\n\n Ian Beer discovered a vulnerability in the memory handling of a certain\n types of documents. An attacker could exploit this to possibly run\n arbitrary code as the user running Firefox. (CVE-2011-0070)\n\n Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman\n discovered several memory vulnerabilities. An attacker could exploit these\n to possibly run arbitrary code as the user running Firefox. (CVE-2011-0080)\n\n Aki Helin discovered multiple vulnerabilities in the HTML rendering code.\n An attacker could exploit these to possibly run arbitrary code as the user\n running Firefox. (CVE-2011-0074, CVE-2011-0075)\n\n Ian Beer discovered multiple overflow vulnerabilities. An attacker could\n exploit these to possibly run arbitrary code as the user running Firefox.\n (CVE-2011-0077, CVE-2011-0078)\n\n Martin Barbella discovered a memory vulnerability in the handling of\n certain DOM elements. An attacker could exploit this to possibly run\n arbitrary code as the user running Firefox. (CVE-2011-0072)\n\n It was discovered that there were use-after-free vulnerabilities in\n Firefox's mChannel and mObserverList objects. An attacker could exploit\n these to possibly run arbitrary code as the user running Firefox.\n (CVE-2011-0065, CVE-2011-0066)\n\n It was discovered that there was a vulnerability in the handling of the\n nsTreeSelection element. An attacker serving malicious content could\n exploit this to possibly run arbitrary code as the user running Firefox.\n (CVE-2011-0073)\n\n Paul Stone discovered a vulnerability in the handling of Java applets. An\n attacker could use this to mimic interaction with form autocomplete\n controls and steal entries from the form history. (CVE-2011-0067)\n\n Soroush Dalili discovered a vulnerability in the resource: protocol. This\n could potentially allow an attacker to load arbitrary files that were\n accessible to the user running Firefox. (CVE-2011-0071)\n\n Chris Evans discovered a vulnerability in Firefox's XSLT generate-id()\n function. An attacker could possibly use this vulnerability to make other\n attacks more reliable. (CVE-2011-1202)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.6.17+build3+nobinonly-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.2\", ver:\"1.9.2.17+build3+nobinonly-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.6.17+build3+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.2\", ver:\"1.9.2.17+build3+nobinonly-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.6.17+build3+nobinonly-0ubuntu0.10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.2\", ver:\"1.9.2.17+build3+nobinonly-0ubuntu0.10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.6.17+build3+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-1.9.2\", ver:\"1.9.2.17+build3+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:41", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2011:0471 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880561", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880561", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2011:0471 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-April/017470.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880561\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:0471\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\",\n \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\",\n \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_name(\"CentOS Update for firefox CESA-2011:0471 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 4\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could possibly lead to arbitrary code\n execution with the privileges of the user running Firefox. (CVE-2011-0080,\n CVE-2011-0081)\n\n An arbitrary memory write flaw was found in the way Firefox handled\n out-of-memory conditions. If all memory was consumed when a user visited a\n malicious web page, it could possibly lead to arbitrary code execution\n with the privileges of the user running Firefox. (CVE-2011-0078)\n\n An integer overflow flaw was found in the way Firefox handled the HTML\n frameset tag. A web page with a frameset tag containing large values for\n the 'rows' and 'cols' attributes could trigger this flaw, possibly leading\n to arbitrary code execution with the privileges of the user running\n Firefox. (CVE-2011-0077)\n\n A flaw was found in the way Firefox handled the HTML iframe tag. A web page\n with an iframe tag containing a specially-crafted source address could\n trigger this flaw, possibly leading to arbitrary code execution with the\n privileges of the user running Firefox. (CVE-2011-0075)\n\n A flaw was found in the way Firefox displayed multiple marquee elements. A\n malformed HTML document could cause Firefox to execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2011-0074)\n\n A flaw was found in the way Firefox handled the nsTreeSelection element.\n Malformed content could cause Firefox to execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2011-0073)\n\n A use-after-free flaw was found in the way Firefox appended frame and\n iframe elements to a DOM tree when the NoScript add-on was enabled.\n Malicious HTML content could cause Firefox to execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2011-0072)\n\n A directory traversal flaw was found in the Firefox resource:// protocol\n handler. Malicious content could cause Firefox to access arbitrary files\n accessible to the user running Firefox. (CVE-2011-0071)\n\n A double free flaw was found in the way Firefox handled\n 'application/http-index-format' documents. A malformed HTTP response could\n cause Firefox to execute arbitrary code with the privileges of the user\n running Firefox. (CVE-2011-0070)\n\n A flaw was found in the way Firefox handled certain JavaScript cross-domain\n requests. If malicious content generated a large number of cross-domain\n JavaScript reque ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.17~2.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2011:0471 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880513", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880513", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2011:0471 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-April/017460.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880513\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:0471\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\",\n \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\",\n \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\",\n \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_name(\"CentOS Update for firefox CESA-2011:0471 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 5\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could possibly lead to arbitrary code\n execution with the privileges of the user running Firefox. (CVE-2011-0080,\n CVE-2011-0081)\n\n An arbitrary memory write flaw was found in the way Firefox handled\n out-of-memory conditions. If all memory was consumed when a user visited a\n malicious web page, it could possibly lead to arbitrary code execution\n with the privileges of the user running Firefox. (CVE-2011-0078)\n\n An integer overflow flaw was found in the way Firefox handled the HTML\n frameset tag. A web page with a frameset tag containing large values for\n the 'rows' and 'cols' attributes could trigger this flaw, possibly leading\n to arbitrary code execution with the privileges of the user running\n Firefox. (CVE-2011-0077)\n\n A flaw was found in the way Firefox handled the HTML iframe tag. A web page\n with an iframe tag containing a specially-crafted source address could\n trigger this flaw, possibly leading to arbitrary code execution with the\n privileges of the user running Firefox. (CVE-2011-0075)\n\n A flaw was found in the way Firefox displayed multiple marquee elements. A\n malformed HTML document could cause Firefox to execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2011-0074)\n\n A flaw was found in the way Firefox handled the nsTreeSelection element.\n Malformed content could cause Firefox to execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2011-0073)\n\n A use-after-free flaw was found in the way Firefox appended frame and\n iframe elements to a DOM tree when the NoScript add-on was enabled.\n Malicious HTML content could cause Firefox to execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2011-0072)\n\n A directory traversal flaw was found in the Firefox resource:// protocol\n handler. Malicious content could cause Firefox to access arbitrary files\n accessible to the user running Firefox. (CVE-2011-0071)\n\n A double free flaw was found in the way Firefox handled\n 'application/http-index-format' documents. A malformed HTTP response could\n cause Firefox to execute arbitrary code with the privileges of the user\n running Firefox. (CVE-2011-0070)\n\n A flaw was found in the way Firefox handled certain JavaScript cross-domain\n requests. If malicious content generated a large number of cross-domain\n JavaScript reque ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.17~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.17~3.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.2.17~3.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:25", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1122-2", "cvss3": {}, "published": "2011-05-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-1122-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0077", "CVE-2011-1202", "CVE-2011-0071", "CVE-2011-0080", "CVE-2011-0073", "CVE-2011-0066", "CVE-2011-0065", "CVE-2011-0081", "CVE-2011-0075", "CVE-2011-0074", "CVE-2011-0069", "CVE-2011-0078", "CVE-2011-0070", "CVE-2011-0067", "CVE-2011-0072"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840650", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840650", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1122_2.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for thunderbird USN-1122-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1122-2/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840650\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1122-2\");\n script_cve_id(\"CVE-2011-0081\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0080\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0072\", \"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0073\", \"CVE-2011-0067\", \"CVE-2011-0071\", \"CVE-2011-1202\");\n script_name(\"Ubuntu Update for thunderbird USN-1122-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.04\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1122-2\");\n script_tag(name:\"affected\", value:\"thunderbird on Ubuntu 11.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"USN-1122-1 fixed vulnerabilities in Thunderbird for Lucid and Maverick.\n This update provides the corresponding fixes for Natty.\n\n Original advisory details:\n\n It was discovered that there was a vulnerability in the memory handling of\n certain types of content. An attacker could exploit this to possibly run\n arbitrary code as the user running Thunderbird. (CVE-2011-0081)\n\n It was discovered that Thunderbird incorrectly handled certain JavaScript\n requests. If JavaScript were enabled, an attacker could exploit this to\n possibl
SeaMonkey < 2.0.14 Multiple Vulnerabilities
