{"id": "SL_20101209_FIREFOX_ON_SL4_X.NASL", "bulletinFamily": "scanner", "title": "Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64", "description": "Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-3766, CVE-2010-3767, CVE-2010-3772,\nCVE-2010-3776, CVE-2010-3777)\n\nA flaw was found in the way Firefox handled malformed JavaScript. A\nwebsite with an object containing malicious JavaScript could cause\nFirefox to execute that JavaScript with the privileges of the user\nrunning Firefox. (CVE-2010-3771)\n\nThis update adds support for the Sanitiser for OpenType (OTS) library\nto Firefox. This library helps prevent potential exploits in malformed\nOpenType fonts by verifying the font file prior to use.\n(CVE-2010-3768)\n\nA flaw was found in the way Firefox loaded Java LiveConnect scripts.\nMalicious web content could load a Java LiveConnect script in a way\nthat would result in the plug-in object having elevated privileges,\nallowing it to execute Java code with the privileges of the user\nrunning Firefox. (CVE-2010-3775)\n\nIt was found that the fix for CVE-2010-0179 was incomplete when the\nFirebug add-on was used. If a user visited a website containing\nmalicious JavaScript while the Firebug add-on was enabled, it could\ncause Firefox to execute arbitrary JavaScript with the privileges of\nthe user running Firefox. (CVE-2010-3773)\n\nA flaw was found in the way Firefox presented the location bar to\nusers. A malicious website could trick a user into thinking they are\nvisiting the site reported by the location bar, when the page is\nactually content controlled by an attacker. (CVE-2010-3774)\n\nA cross-site scripting (XSS) flaw was found in the Firefox\nx-mac-arabic, x-mac-farsi, and x-mac-hebrew character encodings.\nCertain characters were converted to angle brackets when displayed. If\nserver-side script filtering missed these cases, it could result in\nFirefox executing JavaScript code with the permissions of a different\nwebsite. (CVE-2010-3770)\n\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.", "published": "2012-08-01T00:00:00", "modified": "2012-08-01T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/60916", "reporter": "This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?fc99153d"], "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3774", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-0179", "CVE-2010-3766"], "type": "nessus", "lastseen": "2021-01-17T13:45:19", "edition": 24, "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "redhat", "idList": ["RHSA-2010:0966"]}, {"type": "centos", "idList": ["CESA-2010:0966"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310862722", "OPENVAS:1361412562310862730", "OPENVAS:862728", "OPENVAS:862719", "OPENVAS:1361412562310862725", "OPENVAS:862734", "OPENVAS:1361412562310870367", "OPENVAS:1361412562310862723", "OPENVAS:881398", "OPENVAS:862724"]}, {"type": "nessus", "idList": ["UBUNTU_USN-1019-1.NASL", "MANDRIVA_MDVSA-2010-251.NASL", "FEDORA_2010-18773.NASL", "ORACLELINUX_ELSA-2010-0966.NASL", "SUSE_11_1_MOZILLATHUNDERBIRD-101213.NASL", "REDHAT-RHSA-2010-0966.NASL", "CENTOS_RHSA-2010-0966.NASL", "MOZILLA_FIREFOX_3613.NASL", "SUSE_11_MOZILLAFIREFOX-101213.NASL", "FEDORA_2010-18775.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0966"]}, {"type": "fedora", "idList": ["FEDORA:045E511068E", "FEDORA:6B423110D43", "FEDORA:F18AD10F97D", "FEDORA:73DC6110D47", "FEDORA:86D4E110D54", "FEDORA:7B8BA110D4F", "FEDORA:E6B7D10F8AC", "FEDORA:0092510F9EE", "FEDORA:ED13910F927", "FEDORA:0EDD011073F"]}, {"type": "ubuntu", "idList": ["USN-1019-1"]}, {"type": "suse", "idList": ["SUSE-SA:2011:003"]}, {"type": "freebsd", "idList": ["1D8FF4A2-0445-11E0-8E32-000F20797EDE"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11286"]}, {"type": "debian", "idList": ["DEBIAN:BSA-013:BDF29"]}], "modified": "2021-01-17T13:45:19", "rev": 2}, "score": {"value": 8.4, "vector": "NONE", "modified": "2021-01-17T13:45:19", "rev": 2}, "vulnersScore": 8.4}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60916);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0179\", \"CVE-2010-3766\", \"CVE-2010-3767\", \"CVE-2010-3768\", \"CVE-2010-3770\", \"CVE-2010-3771\", \"CVE-2010-3772\", \"CVE-2010-3773\", \"CVE-2010-3774\", \"CVE-2010-3775\", \"CVE-2010-3776\", \"CVE-2010-3777\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-3766, CVE-2010-3767, CVE-2010-3772,\nCVE-2010-3776, CVE-2010-3777)\n\nA flaw was found in the way Firefox handled malformed JavaScript. A\nwebsite with an object containing malicious JavaScript could cause\nFirefox to execute that JavaScript with the privileges of the user\nrunning Firefox. (CVE-2010-3771)\n\nThis update adds support for the Sanitiser for OpenType (OTS) library\nto Firefox. This library helps prevent potential exploits in malformed\nOpenType fonts by verifying the font file prior to use.\n(CVE-2010-3768)\n\nA flaw was found in the way Firefox loaded Java LiveConnect scripts.\nMalicious web content could load a Java LiveConnect script in a way\nthat would result in the plug-in object having elevated privileges,\nallowing it to execute Java code with the privileges of the user\nrunning Firefox. (CVE-2010-3775)\n\nIt was found that the fix for CVE-2010-0179 was incomplete when the\nFirebug add-on was used. If a user visited a website containing\nmalicious JavaScript while the Firebug add-on was enabled, it could\ncause Firefox to execute arbitrary JavaScript with the privileges of\nthe user running Firefox. (CVE-2010-3773)\n\nA flaw was found in the way Firefox presented the location bar to\nusers. A malicious website could trick a user into thinking they are\nvisiting the site reported by the location bar, when the page is\nactually content controlled by an attacker. (CVE-2010-3774)\n\nA cross-site scripting (XSS) flaw was found in the Firefox\nx-mac-arabic, x-mac-farsi, and x-mac-hebrew character encodings.\nCertain characters were converted to angle brackets when displayed. If\nserver-side script filtering missed these cases, it could result in\nFirefox executing JavaScript code with the permissions of a different\nwebsite. (CVE-2010-3770)\n\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1012&L=scientific-linux-errata&T=0&P=926\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fc99153d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected firefox, xulrunner and / or xulrunner-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"firefox-3.6.13-3.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"firefox-3.6.13-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-1.9.2.13-3.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-devel-1.9.2.13-3.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Scientific Linux Local Security Checks", "pluginID": "60916", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "scheme": null}

{"redhat": [{"lastseen": "2019-08-13T18:45:46", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0179", "CVE-2010-3766", "CVE-2010-3767", "CVE-2010-3768", "CVE-2010-3770", "CVE-2010-3771", "CVE-2010-3772", "CVE-2010-3773", "CVE-2010-3774", "CVE-2010-3775", "CVE-2010-3776", "CVE-2010-3777"], "description": "Mozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-3766, CVE-2010-3767, CVE-2010-3772, CVE-2010-3776,\nCVE-2010-3777)\n\nA flaw was found in the way Firefox handled malformed JavaScript. A website\nwith an object containing malicious JavaScript could cause Firefox to\nexecute that JavaScript with the privileges of the user running Firefox.\n(CVE-2010-3771)\n\nThis update adds support for the Sanitiser for OpenType (OTS) library to\nFirefox. This library helps prevent potential exploits in malformed\nOpenType fonts by verifying the font file prior to use. (CVE-2010-3768)\n\nA flaw was found in the way Firefox loaded Java LiveConnect scripts.\nMalicious web content could load a Java LiveConnect script in a way that\nwould result in the plug-in object having elevated privileges, allowing it\nto execute Java code with the privileges of the user running Firefox.\n(CVE-2010-3775)\n\nIt was found that the fix for CVE-2010-0179 was incomplete when the Firebug\nadd-on was used. If a user visited a website containing malicious\nJavaScript while the Firebug add-on was enabled, it could cause Firefox to\nexecute arbitrary JavaScript with the privileges of the user running\nFirefox. (CVE-2010-3773)\n\nA flaw was found in the way Firefox presented the location bar to users. A\nmalicious website could trick a user into thinking they are visiting the\nsite reported by the location bar, when the page is actually content\ncontrolled by an attacker. (CVE-2010-3774)\n\nA cross-site scripting (XSS) flaw was found in the Firefox x-mac-arabic,\nx-mac-farsi, and x-mac-hebrew character encodings. Certain characters were\nconverted to angle brackets when displayed. If server-side script filtering\nmissed these cases, it could result in Firefox executing JavaScript code\nwith the permissions of a different website. (CVE-2010-3770)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.13. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.13, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n", "modified": "2018-06-06T20:24:12", "published": "2010-12-09T05:00:00", "id": "RHSA-2010:0966", "href": "https://access.redhat.com/errata/RHSA-2010:0966", "type": "redhat", "title": "(RHSA-2010:0966) Critical: firefox security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:25:32", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3774", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-0179", "CVE-2010-3766"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0966\n\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-3766, CVE-2010-3767, CVE-2010-3772, CVE-2010-3776,\nCVE-2010-3777)\n\nA flaw was found in the way Firefox handled malformed JavaScript. A website\nwith an object containing malicious JavaScript could cause Firefox to\nexecute that JavaScript with the privileges of the user running Firefox.\n(CVE-2010-3771)\n\nThis update adds support for the Sanitiser for OpenType (OTS) library to\nFirefox. This library helps prevent potential exploits in malformed\nOpenType fonts by verifying the font file prior to use. (CVE-2010-3768)\n\nA flaw was found in the way Firefox loaded Java LiveConnect scripts.\nMalicious web content could load a Java LiveConnect script in a way that\nwould result in the plug-in object having elevated privileges, allowing it\nto execute Java code with the privileges of the user running Firefox.\n(CVE-2010-3775)\n\nIt was found that the fix for CVE-2010-0179 was incomplete when the Firebug\nadd-on was used. If a user visited a website containing malicious\nJavaScript while the Firebug add-on was enabled, it could cause Firefox to\nexecute arbitrary JavaScript with the privileges of the user running\nFirefox. (CVE-2010-3773)\n\nA flaw was found in the way Firefox presented the location bar to users. A\nmalicious website could trick a user into thinking they are visiting the\nsite reported by the location bar, when the page is actually content\ncontrolled by an attacker. (CVE-2010-3774)\n\nA cross-site scripting (XSS) flaw was found in the Firefox x-mac-arabic,\nx-mac-farsi, and x-mac-hebrew character encodings. Certain characters were\nconverted to angle brackets when displayed. If server-side script filtering\nmissed these cases, it could result in Firefox executing JavaScript code\nwith the permissions of a different website. (CVE-2010-3770)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.13. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.13, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-January/029265.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-January/029266.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0966.html", "edition": 3, "modified": "2011-01-27T08:54:21", "published": "2011-01-27T08:53:21", "href": "http://lists.centos.org/pipermail/centos-announce/2011-January/029265.html", "id": "CESA-2010:0966", "title": "firefox security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-12T10:08:28", "description": "Update to new upstream Firefox version 3.6.13, fixing multiple\nsecurity issues detailed in the upstream advisories :\n\nhttp://www.mozilla.org/security/known-vulnerabilities/firefox36.html#f\nirefox3.6.13\n\nUpdate also includes all packages depending on gecko-libs rebuilt\nagainst new version of Firefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-12-12T00:00:00", "title": "Fedora 14 : firefox-3.6.13-1.fc14 / galeon-2.0.7-36.fc14.1 / gnome-python2-extras-2.25.3-26.fc14.1 / etc (2010-18773)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3774", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-0179", "CVE-2010-3766"], "modified": "2010-12-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xulrunner", "p-cpe:/a:fedoraproject:fedora:firefox", "p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed", "cpe:/o:fedoraproject:fedora:14", "p-cpe:/a:fedoraproject:fedora:gnome-python2-extras", "p-cpe:/a:fedoraproject:fedora:gnome-web-photo", "p-cpe:/a:fedoraproject:fedora:galeon", "p-cpe:/a:fedoraproject:fedora:mozvoikko"], "id": "FEDORA_2010-18773.NASL", "href": "https://www.tenable.com/plugins/nessus/51130", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-18773.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51130);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-0179\", \"CVE-2010-3766\", \"CVE-2010-3767\", \"CVE-2010-3768\", \"CVE-2010-3770\", \"CVE-2010-3771\", \"CVE-2010-3772\", \"CVE-2010-3773\", \"CVE-2010-3774\", \"CVE-2010-3775\", \"CVE-2010-3776\", \"CVE-2010-3777\");\n script_xref(name:\"FEDORA\", value:\"2010-18773\");\n\n script_name(english:\"Fedora 14 : firefox-3.6.13-1.fc14 / galeon-2.0.7-36.fc14.1 / gnome-python2-extras-2.25.3-26.fc14.1 / etc (2010-18773)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream Firefox version 3.6.13, fixing multiple\nsecurity issues detailed in the upstream advisories :\n\nhttp://www.mozilla.org/security/known-vulnerabilities/firefox36.html#f\nirefox3.6.13\n\nUpdate also includes all packages depending on gecko-libs rebuilt\nagainst new version of Firefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.13\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4c81664e\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=660408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=660415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=660417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=660419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=660420\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=660422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=660429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=660431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=660435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=660438\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=660439\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-December/052029.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1c525a34\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-December/052030.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0355bd09\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-December/052031.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?78d33b3f\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1ac95e28\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-December/052033.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2324f8b5\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-December/052034.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?66cc8e92\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-December/052035.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bbb73d46\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-web-photo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"firefox-3.6.13-1.fc14\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"galeon-2.0.7-36.fc14.1\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"gnome-python2-extras-2.25.3-26.fc14.1\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"gnome-web-photo-0.9-16.fc14.1\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"mozvoikko-1.0-17.fc14.1\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"perl-Gtk2-MozEmbed-0.08-6.fc14.22\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"xulrunner-1.9.2.13-1.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / galeon / gnome-python2-extras / gnome-web-photo / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:08:37", "description": "Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-3766, CVE-2010-3767, CVE-2010-3772,\nCVE-2010-3776, CVE-2010-3777)\n\nA flaw was found in the way Firefox handled malformed JavaScript. A\nwebsite with an object containing malicious JavaScript could cause\nFirefox to execute that JavaScript with the privileges of the user\nrunning Firefox. (CVE-2010-3771)\n\nThis update adds support for the Sanitiser for OpenType (OTS) library\nto Firefox. This library helps prevent potential exploits in malformed\nOpenType fonts by verifying the font file prior to use.\n(CVE-2010-3768)\n\nA flaw was found in the way Firefox loaded Java LiveConnect scripts.\nMalicious web content could load a Java LiveConnect script in a way\nthat would result in the plug-in object having elevated privileges,\nallowing it to execute Java code with the privileges of the user\nrunning Firefox. (CVE-2010-3775)\n\nIt was found that the fix for CVE-2010-0179 was incomplete when the\nFirebug add-on was used. If a user visited a website containing\nmalicious JavaScript while the Firebug add-on was enabled, it could\ncause Firefox to execute arbitrary JavaScript with the privileges of\nthe user running Firefox. (CVE-2010-3773)\n\nA flaw was found in the way Firefox presented the location bar to\nusers. A malicious website could trick a user into thinking they are\nvisiting the site reported by the location bar, when the page is\nactually content controlled by an attacker. (CVE-2010-3774)\n\nA cross-site scripting (XSS) flaw was found in the Firefox\nx-mac-arabic, x-mac-farsi, and x-mac-hebrew character encodings.\nCertain characters were converted to angle brackets when displayed. If\nserver-side script filtering missed these cases, it could result in\nFirefox executing JavaScript code with the permissions of a different\nwebsite. (CVE-2010-3770)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.13. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.13, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 28, "published": "2010-12-10T00:00:00", "title": "RHEL 4 / 5 / 6 : firefox (RHSA-2010:0966)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3774", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-0179", "CVE-2010-3766"], "modified": "2010-12-10T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xulrunner", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xulrunner-devel", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "REDHAT-RHSA-2010-0966.NASL", "href": "https://www.tenable.com/plugins/nessus/51107", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0966. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51107);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3766\", \"CVE-2010-3767\", \"CVE-2010-3768\", \"CVE-2010-3770\", \"CVE-2010-3771\", \"CVE-2010-3772\", \"CVE-2010-3773\", \"CVE-2010-3774\", \"CVE-2010-3775\", \"CVE-2010-3776\", \"CVE-2010-3777\");\n script_bugtraq_id(45314, 45322, 45324, 45326, 45352, 45354);\n script_xref(name:\"RHSA\", value:\"2010:0966\");\n\n script_name(english:\"RHEL 4 / 5 / 6 : firefox (RHSA-2010:0966)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-3766, CVE-2010-3767, CVE-2010-3772,\nCVE-2010-3776, CVE-2010-3777)\n\nA flaw was found in the way Firefox handled malformed JavaScript. A\nwebsite with an object containing malicious JavaScript could cause\nFirefox to execute that JavaScript with the privileges of the user\nrunning Firefox. (CVE-2010-3771)\n\nThis update adds support for the Sanitiser for OpenType (OTS) library\nto Firefox. This library helps prevent potential exploits in malformed\nOpenType fonts by verifying the font file prior to use.\n(CVE-2010-3768)\n\nA flaw was found in the way Firefox loaded Java LiveConnect scripts.\nMalicious web content could load a Java LiveConnect script in a way\nthat would result in the plug-in object having elevated privileges,\nallowing it to execute Java code with the privileges of the user\nrunning Firefox. (CVE-2010-3775)\n\nIt was found that the fix for CVE-2010-0179 was incomplete when the\nFirebug add-on was used. If a user visited a website containing\nmalicious JavaScript while the Firebug add-on was enabled, it could\ncause Firefox to execute arbitrary JavaScript with the privileges of\nthe user running Firefox. (CVE-2010-3773)\n\nA flaw was found in the way Firefox presented the location bar to\nusers. A malicious website could trick a user into thinking they are\nvisiting the site reported by the location bar, when the page is\nactually content controlled by an attacker. (CVE-2010-3774)\n\nA cross-site scripting (XSS) flaw was found in the Firefox\nx-mac-arabic, x-mac-farsi, and x-mac-hebrew character encodings.\nCertain characters were converted to angle brackets when displayed. If\nserver-side script filtering missed these cases, it could result in\nFirefox executing JavaScript code with the permissions of a different\nwebsite. (CVE-2010-3770)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.13. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.13, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3766\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3771\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3777\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ab0bbddd\"\n );\n # http://code.google.com/p/ots/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/khaledhosny/ots\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0966\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0966\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"firefox-3.6.13-3.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-3.6.13-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-1.9.2.13-3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-devel-1.9.2.13-3.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"firefox-3.6.13-2.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"firefox-3.6.13-2.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"firefox-3.6.13-2.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"firefox-debuginfo-3.6.13-2.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"firefox-debuginfo-3.6.13-2.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"firefox-debuginfo-3.6.13-2.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-1.9.2.13-3.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-debuginfo-1.9.2.13-3.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-devel-1.9.2.13-3.el6_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo / xulrunner / xulrunner-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:26:48", "description": "Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-3766, CVE-2010-3767, CVE-2010-3772,\nCVE-2010-3776, CVE-2010-3777)\n\nA flaw was found in the way Firefox handled malformed JavaScript. A\nwebsite with an object containing malicious JavaScript could cause\nFirefox to execute that JavaScript with the privileges of the user\nrunning Firefox. (CVE-2010-3771)\n\nThis update adds support for the Sanitiser for OpenType (OTS) library\nto Firefox. This library helps prevent potential exploits in malformed\nOpenType fonts by verifying the font file prior to use.\n(CVE-2010-3768)\n\nA flaw was found in the way Firefox loaded Java LiveConnect scripts.\nMalicious web content could load a Java LiveConnect script in a way\nthat would result in the plug-in object having elevated privileges,\nallowing it to execute Java code with the privileges of the user\nrunning Firefox. (CVE-2010-3775)\n\nIt was found that the fix for CVE-2010-0179 was incomplete when the\nFirebug add-on was used. If a user visited a website containing\nmalicious JavaScript while the Firebug add-on was enabled, it could\ncause Firefox to execute arbitrary JavaScript with the privileges of\nthe user running Firefox. (CVE-2010-3773)\n\nA flaw was found in the way Firefox presented the location bar to\nusers. A malicious website could trick a user into thinking they are\nvisiting the site reported by the location bar, when the page is\nactually content controlled by an attacker. (CVE-2010-3774)\n\nA cross-site scripting (XSS) flaw was found in the Firefox\nx-mac-arabic, x-mac-farsi, and x-mac-hebrew character encodings.\nCertain characters were converted to angle brackets when displayed. If\nserver-side script filtering missed these cases, it could result in\nFirefox executing JavaScript code with the permissions of a different\nwebsite. (CVE-2010-3770)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.13. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.13, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 26, "published": "2011-01-28T00:00:00", "title": "CentOS 4 : firefox (CESA-2010:0966)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3774", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-0179", "CVE-2010-3766"], "modified": "2011-01-28T00:00:00", "cpe": ["cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:firefox"], "id": "CENTOS_RHSA-2010-0966.NASL", "href": "https://www.tenable.com/plugins/nessus/51777", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0966 and \n# CentOS Errata and Security Advisory 2010:0966 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51777);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-3766\", \"CVE-2010-3767\", \"CVE-2010-3768\", \"CVE-2010-3770\", \"CVE-2010-3771\", \"CVE-2010-3772\", \"CVE-2010-3773\", \"CVE-2010-3774\", \"CVE-2010-3775\", \"CVE-2010-3776\", \"CVE-2010-3777\");\n script_bugtraq_id(45314, 45322, 45324, 45326, 45352, 45354);\n script_xref(name:\"RHSA\", value:\"2010:0966\");\n\n script_name(english:\"CentOS 4 : firefox (CESA-2010:0966)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-3766, CVE-2010-3767, CVE-2010-3772,\nCVE-2010-3776, CVE-2010-3777)\n\nA flaw was found in the way Firefox handled malformed JavaScript. A\nwebsite with an object containing malicious JavaScript could cause\nFirefox to execute that JavaScript with the privileges of the user\nrunning Firefox. (CVE-2010-3771)\n\nThis update adds support for the Sanitiser for OpenType (OTS) library\nto Firefox. This library helps prevent potential exploits in malformed\nOpenType fonts by verifying the font file prior to use.\n(CVE-2010-3768)\n\nA flaw was found in the way Firefox loaded Java LiveConnect scripts.\nMalicious web content could load a Java LiveConnect script in a way\nthat would result in the plug-in object having elevated privileges,\nallowing it to execute Java code with the privileges of the user\nrunning Firefox. (CVE-2010-3775)\n\nIt was found that the fix for CVE-2010-0179 was incomplete when the\nFirebug add-on was used. If a user visited a website containing\nmalicious JavaScript while the Firebug add-on was enabled, it could\ncause Firefox to execute arbitrary JavaScript with the privileges of\nthe user running Firefox. (CVE-2010-3773)\n\nA flaw was found in the way Firefox presented the location bar to\nusers. A malicious website could trick a user into thinking they are\nvisiting the site reported by the location bar, when the page is\nactually content controlled by an attacker. (CVE-2010-3774)\n\nA cross-site scripting (XSS) flaw was found in the Firefox\nx-mac-arabic, x-mac-farsi, and x-mac-hebrew character encodings.\nCertain characters were converted to angle brackets when displayed. If\nserver-side script filtering missed these cases, it could result in\nFirefox executing JavaScript code with the permissions of a different\nwebsite. (CVE-2010-3770)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.13. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.13, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-January/017227.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?975b288e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-January/017228.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e1af65ee\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"firefox-3.6.13-3.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"firefox-3.6.13-3.el4.centos\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:08:28", "description": "Update to new upstream Firefox version 3.6.13, fixing multiple\nsecurity issues detailed in the upstream advisories :\n\nhttp://www.mozilla.org/security/known-vulnerabilities/firefox36.html#f\nirefox3.6.13\n\nUpdate also includes all packages depending on gecko-libs rebuilt\nagainst new version of Firefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-12-12T00:00:00", "title": "Fedora 13 : firefox-3.6.13-1.fc13 / galeon-2.0.7-36.fc13 / gnome-python2-extras-2.25.3-25.fc13 / etc (2010-18775)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3774", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-0179", "CVE-2010-3766"], "modified": "2010-12-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xulrunner", "p-cpe:/a:fedoraproject:fedora:firefox", "p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed", "cpe:/o:fedoraproject:fedora:13", "p-cpe:/a:fedoraproject:fedora:gnome-python2-extras", "p-cpe:/a:fedoraproject:fedora:gnome-web-photo", "p-cpe:/a:fedoraproject:fedora:galeon", "p-cpe:/a:fedoraproject:fedora:mozvoikko"], "id": "FEDORA_2010-18775.NASL", "href": "https://www.tenable.com/plugins/nessus/51131", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-18775.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51131);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-0179\", \"CVE-2010-3766\", \"CVE-2010-3767\", \"CVE-2010-3768\", \"CVE-2010-3770\", \"CVE-2010-3771\", \"CVE-2010-3772\", \"CVE-2010-3773\", \"CVE-2010-3774\", \"CVE-2010-3775\", \"CVE-2010-3776\", \"CVE-2010-3777\");\n script_xref(name:\"FEDORA\", value:\"2010-18775\");\n\n script_name(english:\"Fedora 13 : firefox-3.6.13-1.fc13 / galeon-2.0.7-36.fc13 / gnome-python2-extras-2.25.3-25.fc13 / etc (2010-18775)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream Firefox version 3.6.13, fixing multiple\nsecurity issues detailed in the upstream advisories :\n\nhttp://www.mozilla.org/security/known-vulnerabilities/firefox36.html#f\nirefox3.6.13\n\nUpdate also includes all packages depending on gecko-libs rebuilt\nagainst new version of Firefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.13\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4c81664e\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=660408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=660415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=660417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=660419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=660420\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=660422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=660429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=660431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=660435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=660438\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=660439\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-December/052019.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9e29b859\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-December/052020.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42e7275c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-December/052021.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a918a1e7\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?191cabf8\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-December/052023.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e808f0c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-December/052024.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?060ea4c5\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-December/052025.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?488935df\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-web-photo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"firefox-3.6.13-1.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"galeon-2.0.7-36.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"gnome-python2-extras-2.25.3-25.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"gnome-web-photo-0.9-15.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"mozvoikko-1.0-17.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"perl-Gtk2-MozEmbed-0.08-6.fc13.20\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"xulrunner-1.9.2.13-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / galeon / gnome-python2-extras / gnome-web-photo / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:45:31", "description": "From Red Hat Security Advisory 2010:0966 :\n\nUpdated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-3766, CVE-2010-3767, CVE-2010-3772,\nCVE-2010-3776, CVE-2010-3777)\n\nA flaw was found in the way Firefox handled malformed JavaScript. A\nwebsite with an object containing malicious JavaScript could cause\nFirefox to execute that JavaScript with the privileges of the user\nrunning Firefox. (CVE-2010-3771)\n\nThis update adds support for the Sanitiser for OpenType (OTS) library\nto Firefox. This library helps prevent potential exploits in malformed\nOpenType fonts by verifying the font file prior to use.\n(CVE-2010-3768)\n\nA flaw was found in the way Firefox loaded Java LiveConnect scripts.\nMalicious web content could load a Java LiveConnect script in a way\nthat would result in the plug-in object having elevated privileges,\nallowing it to execute Java code with the privileges of the user\nrunning Firefox. (CVE-2010-3775)\n\nIt was found that the fix for CVE-2010-0179 was incomplete when the\nFirebug add-on was used. If a user visited a website containing\nmalicious JavaScript while the Firebug add-on was enabled, it could\ncause Firefox to execute arbitrary JavaScript with the privileges of\nthe user running Firefox. (CVE-2010-3773)\n\nA flaw was found in the way Firefox presented the location bar to\nusers. A malicious website could trick a user into thinking they are\nvisiting the site reported by the location bar, when the page is\nactually content controlled by an attacker. (CVE-2010-3774)\n\nA cross-site scripting (XSS) flaw was found in the Firefox\nx-mac-arabic, x-mac-farsi, and x-mac-hebrew character encodings.\nCertain characters were converted to angle brackets when displayed. If\nserver-side script filtering missed these cases, it could result in\nFirefox executing JavaScript code with the permissions of a different\nwebsite. (CVE-2010-3770)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.13. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.13, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 24, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 / 5 / 6 : firefox (ELSA-2010-0966)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3774", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-0179", "CVE-2010-3766"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:xulrunner", "p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:xulrunner-devel"], "id": "ORACLELINUX_ELSA-2010-0966.NASL", "href": "https://www.tenable.com/plugins/nessus/68156", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0966 and \n# Oracle Linux Security Advisory ELSA-2010-0966 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68156);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3766\", \"CVE-2010-3767\", \"CVE-2010-3768\", \"CVE-2010-3770\", \"CVE-2010-3771\", \"CVE-2010-3772\", \"CVE-2010-3773\", \"CVE-2010-3774\", \"CVE-2010-3775\", \"CVE-2010-3776\", \"CVE-2010-3777\");\n script_bugtraq_id(45314, 45322, 45324, 45326, 45352, 45354);\n script_xref(name:\"RHSA\", value:\"2010:0966\");\n\n script_name(english:\"Oracle Linux 4 / 5 / 6 : firefox (ELSA-2010-0966)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0966 :\n\nUpdated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-3766, CVE-2010-3767, CVE-2010-3772,\nCVE-2010-3776, CVE-2010-3777)\n\nA flaw was found in the way Firefox handled malformed JavaScript. A\nwebsite with an object containing malicious JavaScript could cause\nFirefox to execute that JavaScript with the privileges of the user\nrunning Firefox. (CVE-2010-3771)\n\nThis update adds support for the Sanitiser for OpenType (OTS) library\nto Firefox. This library helps prevent potential exploits in malformed\nOpenType fonts by verifying the font file prior to use.\n(CVE-2010-3768)\n\nA flaw was found in the way Firefox loaded Java LiveConnect scripts.\nMalicious web content could load a Java LiveConnect script in a way\nthat would result in the plug-in object having elevated privileges,\nallowing it to execute Java code with the privileges of the user\nrunning Firefox. (CVE-2010-3775)\n\nIt was found that the fix for CVE-2010-0179 was incomplete when the\nFirebug add-on was used. If a user visited a website containing\nmalicious JavaScript while the Firebug add-on was enabled, it could\ncause Firefox to execute arbitrary JavaScript with the privileges of\nthe user running Firefox. (CVE-2010-3773)\n\nA flaw was found in the way Firefox presented the location bar to\nusers. A malicious website could trick a user into thinking they are\nvisiting the site reported by the location bar, when the page is\nactually content controlled by an attacker. (CVE-2010-3774)\n\nA cross-site scripting (XSS) flaw was found in the Firefox\nx-mac-arabic, x-mac-farsi, and x-mac-hebrew character encodings.\nCertain characters were converted to angle brackets when displayed. If\nserver-side script filtering missed these cases, it could result in\nFirefox executing JavaScript code with the permissions of a different\nwebsite. (CVE-2010-3770)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.13. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.13, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-December/001763.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-December/001765.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-February/001850.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"firefox-3.6.13-3.0.1.el4\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"firefox-3.6.13-2.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-1.9.2.13-3.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-devel-1.9.2.13-3.0.1.el5\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"firefox-3.6.13-2.0.1.el6_0\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xulrunner-1.9.2.13-3.0.1.el6_0\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xulrunner-devel-1.9.2.13-3.0.1.el6_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner / xulrunner-devel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:49:26", "description": "The installed version of Firefox 3.6 is earlier than 3.6.13. Such\nversions are potentially affected by multiple vulnerabilities :\n\n - Multiple memory corruption issues could lead to\n arbitrary code execution. (MFSA 2010-74)\n \n - On the Windows platform, when 'document.write()' is \n called with a very long string, a buffer overflow could\n be triggered. (MFSA 2010-75)\n\n - A privilege escalation vulnerability exists with\n 'window.open' and the '<isindex>' element. \n (MFSA 2010-76)\n\n - Arbitrary code execution is possible when using HTML\n tags inside a XUL tree. (MFSA 2010-77)\n\n - Downloadable fonts could expose vulnerabilities in the\n underlying OS font code. (MFSA 2010-78)\n\n - A Java security bypass vulnerability exists when \n LiveConnect is loaded via a 'data:' URL meta refresh. \n (MFSA 2010-79)\n\n - A use-after-free error exists with nsDOMAttribute\n MutationObserver. (MFSA 2010-80)\n\n - An integer overflow exists in NewIdArray. (MFSA 2010-81)\n\n - It is possible to circumvent the fix for CVE-2010-0179.\n (MFSA 2010-82)\n \n - It is possible to spoof SSL in the location bar using\n the network error page. (MFSA 2010-83)\n\n - A cross-site scripting hazard exists in multiple\n character encodings. (MFSA 2010-84)", "edition": 25, "published": "2010-12-10T00:00:00", "title": "Firefox 3.6 < 3.6.13 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3774", "CVE-2010-3769", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-0179", "CVE-2010-3766"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_3613.NASL", "href": "https://www.tenable.com/plugins/nessus/51121", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51121);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\"CVE-2010-3766\", \"CVE-2010-3767\", \"CVE-2010-3768\", \"CVE-2010-3769\", \n \"CVE-2010-3770\", \"CVE-2010-3771\", \"CVE-2010-3772\", \"CVE-2010-3773\", \n \"CVE-2010-3774\", \"CVE-2010-3775\", \"CVE-2010-3776\", \"CVE-2010-3777\");\n script_bugtraq_id(\n 45314,\n 45324,\n 45326,\n 45345,\n 45346,\n 45347,\n 45348,\n 45351,\n 45352,\n 45353,\n 45354,\n 45355\n );\n script_xref(name:\"Secunia\", value:\"42517\");\n\n script_name(english:\"Firefox 3.6 < 3.6.13 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox 3.6 is earlier than 3.6.13. Such\nversions are potentially affected by multiple vulnerabilities :\n\n - Multiple memory corruption issues could lead to\n arbitrary code execution. (MFSA 2010-74)\n \n - On the Windows platform, when 'document.write()' is \n called with a very long string, a buffer overflow could\n be triggered. (MFSA 2010-75)\n\n - A privilege escalation vulnerability exists with\n 'window.open' and the '<isindex>' element. \n (MFSA 2010-76)\n\n - Arbitrary code execution is possible when using HTML\n tags inside a XUL tree. (MFSA 2010-77)\n\n - Downloadable fonts could expose vulnerabilities in the\n underlying OS font code. (MFSA 2010-78)\n\n - A Java security bypass vulnerability exists when \n LiveConnect is loaded via a 'data:' URL meta refresh. \n (MFSA 2010-79)\n\n - A use-after-free error exists with nsDOMAttribute\n MutationObserver. (MFSA 2010-80)\n\n - An integer overflow exists in NewIdArray. (MFSA 2010-81)\n\n - It is possible to circumvent the fix for CVE-2010-0179.\n (MFSA 2010-82)\n \n - It is possible to spoof SSL in the location bar using\n the network error page. (MFSA 2010-83)\n\n - A cross-site scripting hazard exists in multiple\n character encodings. (MFSA 2010-84)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?de9e67fa\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-74/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-75/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-76/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-77/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-78/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-79/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-80/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-81/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-82/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-83/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-84/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4c81664e\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 3.6.13 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\"); \n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'3.6.13', min:'3.6', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:53:00", "description": "Security issues were identified and fixed in firefox :\n\nSecurity researchers Yosuke Hasegawa and Masatoshi Kimura reported\nthat the x-mac-arabic, x-mac-farsi and x-mac-hebrew character\nencodings are vulnerable to XSS attacks due to some characters being\nconverted to angle brackets when displayed by the rendering engine.\nSites using these character encodings would thus be potentially\nvulnerable to script injection attacks if their script filtering code\nfails to strip out these specific characters (CVE-2010-3770).\n\nGoogle security researcher Michal Zalewski reported that when a window\nwas opened to a site resulting in a network or certificate error page,\nthe opening site could access the document inside the opened window\nand inject arbitrary content. An attacker could use this bug to spoof\nthe location bar and trick a user into thinking they were on a\ndifferent site than they actually were (CVE-2010-3774).\n\nMozilla security researcher moz_bug_r_a4 reported that the fix for\nCVE-2010-0179 could be circumvented permitting the execution of\narbitrary JavaScript with chrome privileges (CVE-2010-3773).\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day\nInitiative that JavaScript arrays were vulnerable to an integer\noverflow vulnerability. The report demonstrated that an array could be\nconstructed containing a very large number of items such that when\nmemory was allocated to store the array items, the integer value used\nto calculate the buffer size would overflow resulting in too small a\nbuffer being allocated. Subsequent use of the array object could then\nresult in data being written past the end of the buffer and causing\nmemory corruption (CVE-2010-3767).\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day\nInitiative that a nsDOMAttribute node can be modified without\ninforming the iterator object responsible for various DOM traversals.\nThis flaw could lead to a inconsistent state where the iterator points\nto an object it believes is part of the DOM but actually points to\nsome other object. If such an object had been deleted and its memory\nreclaimed by the system, then the iterator could be used to call into\nattacker-controlled memory (CVE-2010-3766).\n\nSecurity researcher Gregory Fleischer reported that when a Java\nLiveConnect script was loaded via a data: URL which redirects via a\nmeta refresh, then the resulting plugin object was created with the\nwrong security principal and thus received elevated privileges such as\nthe abilities to read local files, launch processes, and create\nnetwork connections (CVE-2010-3775).\n\nMozilla added the OTS font sanitizing library to prevent downloadable\nfonts from exposing vulnerabilities in the underlying OS font code.\nThis library mitigates against several issues independently reported\nby Red Hat Security Response Team member Marc Schoenefeld and Mozilla\nsecurity researcher Christoph Diehl (CVE-2010-3768).\n\nSecurity researcher wushi of team509 reported that when a XUL tree had\nan HTML \\<div\\> element nested inside a \\<treechildren\\> element then\ncode attempting to display content in the XUL tree would incorrectly\ntreat the \\<div\\> element as a parent node to tree content underneath\nit resulting in incorrect indexes being calculated for the child\ncontent. These incorrect indexes were used in subsequent array\noperations which resulted in writing data past the end of an allocated\nbuffer. An attacker could use this issue to crash a victim's browser\nand run arbitrary code on their machine (CVE-2010-3772).\n\nSecurity researcher echo reported that a web page could open a window\nwith an about:blank location and then inject an \\<isindex\\> element\ninto that page which upon submission would redirect to a chrome:\ndocument. The effect of this defect was that the original page would\nwind up with a reference to a chrome-privileged object, the opened\nwindow, which could be leveraged for privilege escalation attacks\n(CVE-2010-3771).\n\nDirk Heinrich reported that on Windows platforms when document.write()\nwas called with a very long string a buffer overflow was caused in\nline breaking routines attempting to process the string for display.\nSuch cases triggered an invalid read past the end of an array causing\na crash which an attacker could potentially use to run arbitrary code\non a victim's computer (CVE-2010-3769).\n\nMozilla developers identified and fixed several memory safety bugs in\nthe browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code (CVE-2010-3776,\nCVE-2010-3777).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4\n90\n\nAdditionally, some packages which require so, have been rebuilt and\nare being provided as updates.\n\nUpdate :\n\nA mistake was done with the MDVSA-2010:251 and the MDVSA-2010:251-1\nadvisories where the localization files for firefox software was NOT\nupdated to the 3.6.13 version. The secteam wishes to apologise for the\nunfortunate mistake and also wishes everyone a great christmas.\n\nRegards // Santa Claus", "edition": 26, "published": "2010-12-10T00:00:00", "title": "Mandriva Linux Security Advisory : firefox (MDVSA-2010:251-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3774", "CVE-2010-3769", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-0179", "CVE-2010-3766"], "modified": "2010-12-10T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:firefox-zh_CN", "p-cpe:/a:mandriva:linux:firefox-sv_SE", "p-cpe:/a:mandriva:linux:firefox-sk", "p-cpe:/a:mandriva:linux:firefox-eu", "p-cpe:/a:mandriva:linux:firefox-oc", "p-cpe:/a:mandriva:linux:firefox-de", "p-cpe:/a:mandriva:linux:firefox-id", "p-cpe:/a:mandriva:linux:firefox-sl", "p-cpe:/a:mandriva:linux:firefox-es_ES", "p-cpe:/a:mandriva:linux:firefox-el", "p-cpe:/a:mandriva:linux:firefox-gl", "p-cpe:/a:mandriva:linux:firefox-fi", "p-cpe:/a:mandriva:linux:firefox-be", "p-cpe:/a:mandriva:linux:firefox-af", "p-cpe:/a:mandriva:linux:firefox-ja", "p-cpe:/a:mandriva:linux:firefox-ku", "p-cpe:/a:mandriva:linux:firefox-is", "p-cpe:/a:mandriva:linux:firefox-lv", "p-cpe:/a:mandriva:linux:firefox-pa_IN", "p-cpe:/a:mandriva:linux:firefox-tr", "p-cpe:/a:mandriva:linux:firefox-ga_IE", "p-cpe:/a:mandriva:linux:firefox-nl", "p-cpe:/a:mandriva:linux:firefox-lt", "p-cpe:/a:mandriva:linux:firefox-ro", "p-cpe:/a:mandriva:linux:firefox-it", "p-cpe:/a:mandriva:linux:firefox-fy", "p-cpe:/a:mandriva:linux:firefox-es_AR", "p-cpe:/a:mandriva:linux:firefox-bn", "p-cpe:/a:mandriva:linux:firefox-sq", "p-cpe:/a:mandriva:linux:firefox-ka", "p-cpe:/a:mandriva:linux:firefox-ru", "p-cpe:/a:mandriva:linux:firefox-fr", "p-cpe:/a:mandriva:linux:firefox-zh_TW", "p-cpe:/a:mandriva:linux:firefox-te", "p-cpe:/a:mandriva:linux:firefox-eo", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:firefox-mk", "p-cpe:/a:mandriva:linux:firefox-ca", "p-cpe:/a:mandriva:linux:firefox-bg", "p-cpe:/a:mandriva:linux:firefox-et", "p-cpe:/a:mandriva:linux:firefox-si", "p-cpe:/a:mandriva:linux:firefox-pt_PT", "p-cpe:/a:mandriva:linux:firefox-cy", "p-cpe:/a:mandriva:linux:firefox-ko", "p-cpe:/a:mandriva:linux:firefox-nb_NO", "p-cpe:/a:mandriva:linux:firefox-uk", "p-cpe:/a:mandriva:linux:firefox-kn", "p-cpe:/a:mandriva:linux:firefox-ar", "p-cpe:/a:mandriva:linux:firefox-nn_NO", "p-cpe:/a:mandriva:linux:firefox-pt_BR", "p-cpe:/a:mandriva:linux:firefox-da", "p-cpe:/a:mandriva:linux:firefox-hu", "p-cpe:/a:mandriva:linux:firefox-sr", "p-cpe:/a:mandriva:linux:firefox-pl", "p-cpe:/a:mandriva:linux:firefox-gu_IN", "p-cpe:/a:mandriva:linux:firefox-cs", "p-cpe:/a:mandriva:linux:firefox-hi", "p-cpe:/a:mandriva:linux:firefox-th", "p-cpe:/a:mandriva:linux:firefox-en_GB", "p-cpe:/a:mandriva:linux:firefox-mr", "p-cpe:/a:mandriva:linux:firefox-he"], "id": "MANDRIVA_MDVSA-2010-251.NASL", "href": "https://www.tenable.com/plugins/nessus/51106", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:251. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51106);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-0179\", \"CVE-2010-3766\", \"CVE-2010-3767\", \"CVE-2010-3768\", \"CVE-2010-3769\", \"CVE-2010-3770\", \"CVE-2010-3771\", \"CVE-2010-3772\", \"CVE-2010-3773\", \"CVE-2010-3774\", \"CVE-2010-3775\", \"CVE-2010-3776\", \"CVE-2010-3777\");\n script_bugtraq_id(45314, 45322, 45324, 45326, 45345, 45346, 45347, 45348, 45351, 45352, 45353, 45354, 45355);\n script_xref(name:\"MDVSA\", value:\"2010:251-2\");\n\n script_name(english:\"Mandriva Linux Security Advisory : firefox (MDVSA-2010:251-2)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security issues were identified and fixed in firefox :\n\nSecurity researchers Yosuke Hasegawa and Masatoshi Kimura reported\nthat the x-mac-arabic, x-mac-farsi and x-mac-hebrew character\nencodings are vulnerable to XSS attacks due to some characters being\nconverted to angle brackets when displayed by the rendering engine.\nSites using these character encodings would thus be potentially\nvulnerable to script injection attacks if their script filtering code\nfails to strip out these specific characters (CVE-2010-3770).\n\nGoogle security researcher Michal Zalewski reported that when a window\nwas opened to a site resulting in a network or certificate error page,\nthe opening site could access the document inside the opened window\nand inject arbitrary content. An attacker could use this bug to spoof\nthe location bar and trick a user into thinking they were on a\ndifferent site than they actually were (CVE-2010-3774).\n\nMozilla security researcher moz_bug_r_a4 reported that the fix for\nCVE-2010-0179 could be circumvented permitting the execution of\narbitrary JavaScript with chrome privileges (CVE-2010-3773).\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day\nInitiative that JavaScript arrays were vulnerable to an integer\noverflow vulnerability. The report demonstrated that an array could be\nconstructed containing a very large number of items such that when\nmemory was allocated to store the array items, the integer value used\nto calculate the buffer size would overflow resulting in too small a\nbuffer being allocated. Subsequent use of the array object could then\nresult in data being written past the end of the buffer and causing\nmemory corruption (CVE-2010-3767).\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day\nInitiative that a nsDOMAttribute node can be modified without\ninforming the iterator object responsible for various DOM traversals.\nThis flaw could lead to a inconsistent state where the iterator points\nto an object it believes is part of the DOM but actually points to\nsome other object. If such an object had been deleted and its memory\nreclaimed by the system, then the iterator could be used to call into\nattacker-controlled memory (CVE-2010-3766).\n\nSecurity researcher Gregory Fleischer reported that when a Java\nLiveConnect script was loaded via a data: URL which redirects via a\nmeta refresh, then the resulting plugin object was created with the\nwrong security principal and thus received elevated privileges such as\nthe abilities to read local files, launch processes, and create\nnetwork connections (CVE-2010-3775).\n\nMozilla added the OTS font sanitizing library to prevent downloadable\nfonts from exposing vulnerabilities in the underlying OS font code.\nThis library mitigates against several issues independently reported\nby Red Hat Security Response Team member Marc Schoenefeld and Mozilla\nsecurity researcher Christoph Diehl (CVE-2010-3768).\n\nSecurity researcher wushi of team509 reported that when a XUL tree had\nan HTML \\<div\\> element nested inside a \\<treechildren\\> element then\ncode attempting to display content in the XUL tree would incorrectly\ntreat the \\<div\\> element as a parent node to tree content underneath\nit resulting in incorrect indexes being calculated for the child\ncontent. These incorrect indexes were used in subsequent array\noperations which resulted in writing data past the end of an allocated\nbuffer. An attacker could use this issue to crash a victim's browser\nand run arbitrary code on their machine (CVE-2010-3772).\n\nSecurity researcher echo reported that a web page could open a window\nwith an about:blank location and then inject an \\<isindex\\> element\ninto that page which upon submission would redirect to a chrome:\ndocument. The effect of this defect was that the original page would\nwind up with a reference to a chrome-privileged object, the opened\nwindow, which could be leveraged for privilege escalation attacks\n(CVE-2010-3771).\n\nDirk Heinrich reported that on Windows platforms when document.write()\nwas called with a very long string a buffer overflow was caused in\nline breaking routines attempting to process the string for display.\nSuch cases triggered an invalid read past the end of an array causing\na crash which an attacker could potentially use to run arbitrary code\non a victim's computer (CVE-2010-3769).\n\nMozilla developers identified and fixed several memory safety bugs in\nthe browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code (CVE-2010-3776,\nCVE-2010-3777).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4\n90\n\nAdditionally, some packages which require so, have been rebuilt and\nare being provided as updates.\n\nUpdate :\n\nA mistake was done with the MDVSA-2010:251 and the MDVSA-2010:251-1\nadvisories where the localization files for firefox software was NOT\nupdated to the 3.6.13 version. The secteam wishes to apologise for the\nunfortunate mistake and also wishes everyone a great christmas.\n\nRegards // Santa Claus\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.13\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4c81664e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-en_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_AR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ga_IE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-gu_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nb_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nn_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-oc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pa_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pt_PT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sv_SE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-af-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ar-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-be-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-bg-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-bn-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ca-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-cs-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-cy-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-da-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-de-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-el-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-en_GB-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-eo-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-es_AR-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-es_ES-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-et-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-eu-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-fi-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-fr-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-fy-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ga_IE-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-gl-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-gu_IN-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-he-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-hi-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-hu-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-id-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-is-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-it-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ja-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ka-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-kn-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ko-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ku-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-lt-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-lv-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-mk-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-mr-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-nb_NO-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-nl-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-nn_NO-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-oc-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-pa_IN-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-pl-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-pt_BR-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-pt_PT-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ro-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ru-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-si-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-sk-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-sl-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-sq-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-sr-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-sv_SE-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-te-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-th-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-tr-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-uk-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-zh_CN-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-zh_TW-3.6.13-0.1mdv2010.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:34:07", "description": "Jesse Ruderman, Andreas Gal, Nils, Brian Hackett, and Igor Bukanov\ndiscovered several memory issues in the browser engine. An attacker\ncould exploit these to crash the browser or possibly run arbitrary\ncode as the user invoking the program. (CVE-2010-3776, CVE-2010-3777,\nCVE-2010-3778)\n\nIt was discovered that Firefox did not properly verify the about:blank\nlocation elements when it was opened via window.open(). An attacker\ncould exploit this to run arbitrary code with chrome privileges.\n(CVE-2010-3771)\n\nIt was discovered that Firefox did not properly handle &lt;div&gt;\nelements when processing a XUL tree. If a user were tricked into\nopening a malicious web page, an attacker could exploit this to crash\nthe browser or possibly run arbitrary code as the user invoking the\nprogram. (CVE-2010-3772)\n\nMarc Schoenefeld and Christoph Diehl discovered several problems when\nhandling downloadable fonts. The new OTS font sanitizing library was\nadded to mitigate these issues. (CVE-2010-3768)\n\nGregory Fleischer discovered that the Java LiveConnect script could be\nmade to run in the wrong security context. An attacker could exploit\nthis to read local files and run arbitrary code as the user invoking\nthe program. (CVE-2010-3775)\n\nSeveral problems were discovered in the JavaScript engine. If a user\nwere tricked into opening a malicious web page, an attacker could\nexploit this to crash the browser or possibly run arbitrary code as\nthe user invoking the program. (CVE-2010-3766, CVE-2010-3767,\nCVE-2010-3773)\n\nMichal Zalewski discovered that Firefox did not always properly handle\ndisplaying pages from network or certificate errors. An attacker could\nexploit this to spoof the location bar, such as in a phishing attack.\n(CVE-2010-3774)\n\nYosuke Hasegawa and Masatoshi Kimura discovered that several character\nencodings would have some characters converted to angle brackets. An\nattacker could utilize this to perform cross-site scripting attacks.\n(CVE-2010-3770).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2010-12-10T00:00:00", "title": "Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : firefox, firefox-{3.0,3.5}, xulrunner-1.9.{1,2} vulnerabilities (USN-1019-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3778", "CVE-2010-3774", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-3766"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:abrowser", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-dev", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2", "p-cpe:/a:canonical:ubuntu_linux:firefox-mozsymbols", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-testsuite", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-dbg", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-dev", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-testsuite-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-2-libthai", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-libthai", "p-cpe:/a:canonical:ubuntu_linux:abrowser-3.1", "p-cpe:/a:canonical:ubuntu_linux:firefox-branding", "p-cpe:/a:canonical:ubuntu_linux:abrowser-3.5-branding", "p-cpe:/a:canonical:ubuntu_linux:firefox-2-dbg", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-dbg", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-dev", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1", "p-cpe:/a:canonical:ubuntu_linux:firefox-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:abrowser-3.5", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-venkman", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.5", "p-cpe:/a:canonical:ubuntu_linux:firefox-2-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-testsuite", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-gnome-support", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-dbg", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support-dbg", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-branding", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-dbg", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.1", "cpe:/o:canonical:ubuntu_linux:10.10", "p-cpe:/a:canonical:ubuntu_linux:firefox-2-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-testsuite-dev", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:abrowser-branding", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-branding", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk", "p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso", "p-cpe:/a:canonical:ubuntu_linux:firefox-2-dev", "p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0-branding", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0", "p-cpe:/a:canonical:ubuntu_linux:firefox-dbg", "p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-branding", "p-cpe:/a:canonical:ubuntu_linux:firefox-2", "p-cpe:/a:canonical:ubuntu_linux:abrowser-3.1-branding", "p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9"], "id": "UBUNTU_USN-1019-1.NASL", "href": "https://www.tenable.com/plugins/nessus/51114", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1019-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51114);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-3766\", \"CVE-2010-3767\", \"CVE-2010-3768\", \"CVE-2010-3770\", \"CVE-2010-3771\", \"CVE-2010-3772\", \"CVE-2010-3773\", \"CVE-2010-3774\", \"CVE-2010-3775\", \"CVE-2010-3776\", \"CVE-2010-3777\", \"CVE-2010-3778\");\n script_bugtraq_id(45314, 45322);\n script_xref(name:\"USN\", value:\"1019-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : firefox, firefox-{3.0,3.5}, xulrunner-1.9.{1,2} vulnerabilities (USN-1019-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jesse Ruderman, Andreas Gal, Nils, Brian Hackett, and Igor Bukanov\ndiscovered several memory issues in the browser engine. An attacker\ncould exploit these to crash the browser or possibly run arbitrary\ncode as the user invoking the program. (CVE-2010-3776, CVE-2010-3777,\nCVE-2010-3778)\n\nIt was discovered that Firefox did not properly verify the about:blank\nlocation elements when it was opened via window.open(). An attacker\ncould exploit this to run arbitrary code with chrome privileges.\n(CVE-2010-3771)\n\nIt was discovered that Firefox did not properly handle &lt;div&gt;\nelements when processing a XUL tree. If a user were tricked into\nopening a malicious web page, an attacker could exploit this to crash\nthe browser or possibly run arbitrary code as the user invoking the\nprogram. (CVE-2010-3772)\n\nMarc Schoenefeld and Christoph Diehl discovered several problems when\nhandling downloadable fonts. The new OTS font sanitizing library was\nadded to mitigate these issues. (CVE-2010-3768)\n\nGregory Fleischer discovered that the Java LiveConnect script could be\nmade to run in the wrong security context. An attacker could exploit\nthis to read local files and run arbitrary code as the user invoking\nthe program. (CVE-2010-3775)\n\nSeveral problems were discovered in the JavaScript engine. If a user\nwere tricked into opening a malicious web page, an attacker could\nexploit this to crash the browser or possibly run arbitrary code as\nthe user invoking the program. (CVE-2010-3766, CVE-2010-3767,\nCVE-2010-3773)\n\nMichal Zalewski discovered that Firefox did not always properly handle\ndisplaying pages from network or certificate errors. An attacker could\nexploit this to spoof the location bar, such as in a phishing attack.\n(CVE-2010-3774)\n\nYosuke Hasegawa and Masatoshi Kimura discovered that several character\nencodings would have some characters converted to angle brackets. An\nattacker could utilize this to perform cross-site scripting attacks.\n(CVE-2010-3770).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1019-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.1-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.5-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-2-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-2-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-2-libthai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-libthai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-mozsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-testsuite-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-testsuite-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|9\\.10|10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 9.10 / 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"abrowser\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"abrowser-branding\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0-dev\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0-gnome-support\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-branding\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-dbg\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-dev\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-gnome-support\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-gnome-support-dbg\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso-dev\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso-gnome-support\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-libthai\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk-dev\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk-gnome-support\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9.2-dbg\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9.2-dev\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9.2-gnome-support\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9.2-testsuite\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9.2-testsuite-dev\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-dev\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-3.0\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-3.0-branding\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-3.1\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-3.1-branding\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-3.5\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-3.5-branding\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-branding\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-2\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-2-dbg\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-2-dev\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-2-dom-inspector\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-2-gnome-support\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-2-libthai\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.0\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.0-branding\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.0-dev\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.0-dom-inspector\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.0-gnome-support\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.0-venkman\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.1\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.1-branding\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.1-dbg\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.1-dev\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.1-gnome-support\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.5\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.5-branding\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.5-dbg\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.5-dev\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.5-gnome-support\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-branding\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-dbg\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-dev\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-dom-inspector\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-gnome-support\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-gnome-support-dbg\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.1\", pkgver:\"1.9.1.16+build2+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.1-dbg\", pkgver:\"1.9.1.16+build2+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.1-dev\", pkgver:\"1.9.1.16+build2+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.1-gnome-support\", pkgver:\"1.9.1.16+build2+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.1-testsuite\", pkgver:\"1.9.1.16+build2+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.1-testsuite-dev\", pkgver:\"1.9.1.16+build2+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.2-dbg\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.2-dev\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.2-gnome-support\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.2-testsuite\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.2-testsuite-dev\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-dev\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"abrowser\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"abrowser-3.5\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"abrowser-3.5-branding\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"abrowser-branding\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-2\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-2-dbg\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-2-dev\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-2-dom-inspector\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-2-gnome-support\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-2-libthai\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-3.0\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-3.0-dev\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-3.0-gnome-support\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-3.5\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-3.5-branding\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-3.5-dbg\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-3.5-dev\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-3.5-gnome-support\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-branding\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-dbg\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-dev\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-gnome-support\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-gnome-support-dbg\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-mozsymbols\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9.2-dbg\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9.2-dev\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9.2-gnome-support\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9.2-testsuite\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9.2-testsuite-dev\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-dev\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"abrowser\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"abrowser-branding\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"firefox\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"firefox-branding\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"firefox-dbg\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"firefox-gnome-support\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"firefox-gnome-support-dbg\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"firefox-mozsymbols\", pkgver:\"3.6.13+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-1.9.2-dbg\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-1.9.2-dev\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-1.9.2-gnome-support\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-1.9.2-testsuite\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-1.9.2-testsuite-dev\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-dev\", pkgver:\"1.9.2.13+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"abrowser / abrowser-3.0 / abrowser-3.0-branding / abrowser-3.1 / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:08:08", "description": "Mozilla SeaMonkey 2.0 was updated to update 2.0.11 fixing several\nsecurity issues.\n\nMFSA 2010-74: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.\n\nJesee Ruderman, Andreas Gal, Nils, and Brian Hackett reported memory\nsafety problems that affected Firefox 3.6 and Firefox 3.5.\n(CVE-2010-3776) Igor Bukanov reported a memory safety problem that was\nfixed in Firefox 3.6 only. (CVE-2010-3777) Jesse Ruderman reported a\ncrash which affected Firefox 3.5 only. (CVE-2010-3778)\n\nMFSA 2010-75 / CVE-2010-3769: Dirk Heinrich reported that on Windows\nplatforms when document.write() was called with a very long string a\nbuffer overflow was caused in line breaking routines attempting to\nprocess the string for display. Such cases triggered an invalid read\npast the end of an array causing a crash which an attacker could\npotentially use to run arbitrary code on a victim's computer.\n\nMFSA 2010-76 / CVE-2010-3771: Security researcher echo reported that a\nweb page could open a window with an about:blank location and then\ninject an <isindex> element into that page which upon submission would\nredirect to a chrome: document. The effect of this defect was that the\noriginal page would wind up with a reference to a chrome-privileged\nobject, the opened window, which could be leveraged for privilege\nescalation attacks.\n\nMozilla security researcher moz_bug_r_a4 provided proof-of-concept\ncode demonstrating how the above vulnerability could be used to run\narbitrary code with chrome privileges.\n\nMFSA 2010-77 / CVE-2010-3772: Security researcher wushi of team509\nreported that when a XUL tree had an HTML <div> element nested inside\na <treechildren> element then code attempting to display content in\nthe XUL tree would incorrectly treat the <div> element as a parent\nnode to tree content underneath it resulting in incorrect indexes\nbeing calculated for the child content. These incorrect indexes were\nused in subsequent array operations which resulted in writing data\npast the end of an allocated buffer. An attacker could use this issue\nto crash a victim's browser and run arbitrary code on their machine.\n\nMFSA 2010-78 / CVE-2010-3768: Mozilla added the OTS font sanitizing\nlibrary to prevent downloadable fonts from exposing vulnerabilities in\nthe underlying OS font code. This library mitigates against several\nissues independently reported by Red Hat Security Response Team member\nMarc Schoenefeld and Mozilla security researcher Christoph Diehl.\n\nMFSA 2010-79 / CVE-2010-3775: Security researcher Gregory Fleischer\nreported that when a Java LiveConnect script was loaded via a data:\nURL which redirects via a meta refresh, then the resulting plugin\nobject was created with the wrong security principal and thus received\nelevated privileges such as the abilities to read local files, launch\nprocesses, and create network connections.\n\nMFSA 2010-80 / CVE-2010-3766: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative that a nsDOMAttribute node can\nbe modified without informing the iterator object responsible for\nvarious DOM traversals. This flaw could lead to a inconsistent state\nwhere the iterator points to an object it believes is part of the DOM\nbut actually points to some other object. If such an object had been\ndeleted and its memory reclaimed by the system, then the iterator\ncould be used to call into attacker-controlled memory.\n\nMFSA 2010-81 / CVE-2010-3767: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative that JavaScript arrays were\nvulnerable to an integer overflow vulnerability. The report\ndemonstrated that an array could be constructed containing a very\nlarge number of items such that when memory was allocated to store the\narray items, the integer value used to calculate the buffer size would\noverflow resulting in too small a buffer being allocated. Subsequent\nuse of the array object could then result in data being written past\nthe end of the buffer and causing memory corruption.\n\nMFSA 2010-82 / CVE-2010-3773: Mozilla security researcher moz_bug_r_a4\nreported that the fix for CVE-2010-0179 could be circumvented\npermitting the execution of arbitrary JavaScript with chrome\nprivileges.\n\nMFSA 2010-83 / CVE-2010-3774: Google security researcher Michal\nZalewski reported that when a window was opened to a site resulting in\na network or certificate error page, the opening site could access the\ndocument inside the opened window and inject arbitrary content. An\nattacker could use this bug to spoof the location bar and trick a user\ninto thinking they were on a different site than they actually were.\n\nMFSA 2010-84 / CVE-2010-3770: Security researchers Yosuke Hasegawa and\nMasatoshi Kimura reported that the x-mac-arabic, x-mac-farsi and\nx-mac-hebrew character encodings are vulnerable to XSS attacks due to\nsome characters being converted to angle brackets when displayed by\nthe rendering engine. Sites using these character encodings would thus\nbe potentially vulnerable to script injection attacks if their script\nfiltering code fails to strip out these specific characters.", "edition": 24, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : seamonkey (seamonkey-3690)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3778", "CVE-2010-3774", "CVE-2010-3769", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-0179", "CVE-2010-3766"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-irc", "cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:seamonkey"], "id": "SUSE_11_3_SEAMONKEY-101213.NASL", "href": "https://www.tenable.com/plugins/nessus/75735", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-3690.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75735);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0179\", \"CVE-2010-3766\", \"CVE-2010-3767\", \"CVE-2010-3768\", \"CVE-2010-3769\", \"CVE-2010-3770\", \"CVE-2010-3771\", \"CVE-2010-3772\", \"CVE-2010-3773\", \"CVE-2010-3774\", \"CVE-2010-3775\", \"CVE-2010-3776\", \"CVE-2010-3777\", \"CVE-2010-3778\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (seamonkey-3690)\");\n script_summary(english:\"Check for the seamonkey-3690 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey 2.0 was updated to update 2.0.11 fixing several\nsecurity issues.\n\nMFSA 2010-74: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.\n\nJesee Ruderman, Andreas Gal, Nils, and Brian Hackett reported memory\nsafety problems that affected Firefox 3.6 and Firefox 3.5.\n(CVE-2010-3776) Igor Bukanov reported a memory safety problem that was\nfixed in Firefox 3.6 only. (CVE-2010-3777) Jesse Ruderman reported a\ncrash which affected Firefox 3.5 only. (CVE-2010-3778)\n\nMFSA 2010-75 / CVE-2010-3769: Dirk Heinrich reported that on Windows\nplatforms when document.write() was called with a very long string a\nbuffer overflow was caused in line breaking routines attempting to\nprocess the string for display. Such cases triggered an invalid read\npast the end of an array causing a crash which an attacker could\npotentially use to run arbitrary code on a victim's computer.\n\nMFSA 2010-76 / CVE-2010-3771: Security researcher echo reported that a\nweb page could open a window with an about:blank location and then\ninject an <isindex> element into that page which upon submission would\nredirect to a chrome: document. The effect of this defect was that the\noriginal page would wind up with a reference to a chrome-privileged\nobject, the opened window, which could be leveraged for privilege\nescalation attacks.\n\nMozilla security researcher moz_bug_r_a4 provided proof-of-concept\ncode demonstrating how the above vulnerability could be used to run\narbitrary code with chrome privileges.\n\nMFSA 2010-77 / CVE-2010-3772: Security researcher wushi of team509\nreported that when a XUL tree had an HTML <div> element nested inside\na <treechildren> element then code attempting to display content in\nthe XUL tree would incorrectly treat the <div> element as a parent\nnode to tree content underneath it resulting in incorrect indexes\nbeing calculated for the child content. These incorrect indexes were\nused in subsequent array operations which resulted in writing data\npast the end of an allocated buffer. An attacker could use this issue\nto crash a victim's browser and run arbitrary code on their machine.\n\nMFSA 2010-78 / CVE-2010-3768: Mozilla added the OTS font sanitizing\nlibrary to prevent downloadable fonts from exposing vulnerabilities in\nthe underlying OS font code. This library mitigates against several\nissues independently reported by Red Hat Security Response Team member\nMarc Schoenefeld and Mozilla security researcher Christoph Diehl.\n\nMFSA 2010-79 / CVE-2010-3775: Security researcher Gregory Fleischer\nreported that when a Java LiveConnect script was loaded via a data:\nURL which redirects via a meta refresh, then the resulting plugin\nobject was created with the wrong security principal and thus received\nelevated privileges such as the abilities to read local files, launch\nprocesses, and create network connections.\n\nMFSA 2010-80 / CVE-2010-3766: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative that a nsDOMAttribute node can\nbe modified without informing the iterator object responsible for\nvarious DOM traversals. This flaw could lead to a inconsistent state\nwhere the iterator points to an object it believes is part of the DOM\nbut actually points to some other object. If such an object had been\ndeleted and its memory reclaimed by the system, then the iterator\ncould be used to call into attacker-controlled memory.\n\nMFSA 2010-81 / CVE-2010-3767: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative that JavaScript arrays were\nvulnerable to an integer overflow vulnerability. The report\ndemonstrated that an array could be constructed containing a very\nlarge number of items such that when memory was allocated to store the\narray items, the integer value used to calculate the buffer size would\noverflow resulting in too small a buffer being allocated. Subsequent\nuse of the array object could then result in data being written past\nthe end of the buffer and causing memory corruption.\n\nMFSA 2010-82 / CVE-2010-3773: Mozilla security researcher moz_bug_r_a4\nreported that the fix for CVE-2010-0179 could be circumvented\npermitting the execution of arbitrary JavaScript with chrome\nprivileges.\n\nMFSA 2010-83 / CVE-2010-3774: Google security researcher Michal\nZalewski reported that when a window was opened to a site resulting in\na network or certificate error page, the opening site could access the\ndocument inside the opened window and inject arbitrary content. An\nattacker could use this bug to spoof the location bar and trick a user\ninto thinking they were on a different site than they actually were.\n\nMFSA 2010-84 / CVE-2010-3770: Security researchers Yosuke Hasegawa and\nMasatoshi Kimura reported that the x-mac-arabic, x-mac-farsi and\nx-mac-hebrew character encodings are vulnerable to XSS attacks due to\nsome characters being converted to angle brackets when displayed by\nthe rendering engine. Sites using these character encodings would thus\nbe potentially vulnerable to script injection attacks if their script\nfiltering code fails to strip out these specific characters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=657016\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-2.0.11-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-dom-inspector-2.0.11-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-irc-2.0.11-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-translations-common-2.0.11-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-translations-other-2.0.11-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-venkman-2.0.11-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:05:27", "description": "Mozilla Thunderbird 3.0 was updated to update 3.0.11 fixing several\nsecurity issues.\n\nMFSA 2010-74: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.\n\nJesee Ruderman, Andreas Gal, Nils, and Brian Hackett reported memory\nsafety problems that affected Firefox 3.6 and Firefox 3.5.\n(CVE-2010-3776) Igor Bukanov reported a memory safety problem that was\nfixed in Firefox 3.6 only. (CVE-2010-3777) Jesse Ruderman reported a\ncrash which affected Firefox 3.5 only. (CVE-2010-3778)\n\nMFSA 2010-75 / CVE-2010-3769: Dirk Heinrich reported that on Windows\nplatforms when document.write() was called with a very long string a\nbuffer overflow was caused in line breaking routines attempting to\nprocess the string for display. Such cases triggered an invalid read\npast the end of an array causing a crash which an attacker could\npotentially use to run arbitrary code on a victim's computer.\n\nMFSA 2010-76 / CVE-2010-3771: Security researcher echo reported that a\nweb page could open a window with an about:blank location and then\ninject an <isindex> element into that page which upon submission would\nredirect to a chrome: document. The effect of this defect was that the\noriginal page would wind up with a reference to a chrome-privileged\nobject, the opened window, which could be leveraged for privilege\nescalation attacks.\n\nMozilla security researcher moz_bug_r_a4 provided proof-of-concept\ncode demonstrating how the above vulnerability could be used to run\narbitrary code with chrome privileges.\n\nMFSA 2010-77 / CVE-2010-3772: Security researcher wushi of team509\nreported that when a XUL tree had an HTML <div> element nested inside\na <treechildren> element then code attempting to display content in\nthe XUL tree would incorrectly treat the <div> element as a parent\nnode to tree content underneath it resulting in incorrect indexes\nbeing calculated for the child content. These incorrect indexes were\nused in subsequent array operations which resulted in writing data\npast the end of an allocated buffer. An attacker could use this issue\nto crash a victim's browser and run arbitrary code on their machine.\n\nMFSA 2010-78 / CVE-2010-3768: Mozilla added the OTS font sanitizing\nlibrary to prevent downloadable fonts from exposing vulnerabilities in\nthe underlying OS font code. This library mitigates against several\nissues independently reported by Red Hat Security Response Team member\nMarc Schoenefeld and Mozilla security researcher Christoph Diehl.\n\nMFSA 2010-79 / CVE-2010-3775: Security researcher Gregory Fleischer\nreported that when a Java LiveConnect script was loaded via a data:\nURL which redirects via a meta refresh, then the resulting plugin\nobject was created with the wrong security principal and thus received\nelevated privileges such as the abilities to read local files, launch\nprocesses, and create network connections.\n\nMFSA 2010-80 / CVE-2010-3766: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative that a nsDOMAttribute node can\nbe modified without informing the iterator object responsible for\nvarious DOM traversals. This flaw could lead to a inconsistent state\nwhere the iterator points to an object it believes is part of the DOM\nbut actually points to some other object. If such an object had been\ndeleted and its memory reclaimed by the system, then the iterator\ncould be used to call into attacker-controlled memory.\n\nMFSA 2010-81 / CVE-2010-3767: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative that JavaScript arrays were\nvulnerable to an integer overflow vulnerability. The report\ndemonstrated that an array could be constructed containing a very\nlarge number of items such that when memory was allocated to store the\narray items, the integer value used to calculate the buffer size would\noverflow resulting in too small a buffer being allocated. Subsequent\nuse of the array object could then result in data being written past\nthe end of the buffer and causing memory corruption.\n\nMFSA 2010-82 / CVE-2010-3773: Mozilla security researcher moz_bug_r_a4\nreported that the fix for CVE-2010-0179 could be circumvented\npermitting the execution of arbitrary JavaScript with chrome\nprivileges.\n\nMFSA 2010-83 / CVE-2010-3774: Google security researcher Michal\nZalewski reported that when a window was opened to a site resulting in\na network or certificate error page, the opening site could access the\ndocument inside the opened window and inject arbitrary content. An\nattacker could use this bug to spoof the location bar and trick a user\ninto thinking they were on a different site than they actually were.\n\nMFSA 2010-84 / CVE-2010-3770: Security researchers Yosuke Hasegawa and\nMasatoshi Kimura reported that the x-mac-arabic, x-mac-farsi and\nx-mac-hebrew character encodings are vulnerable to XSS attacks due to\nsome characters being converted to angle brackets when displayed by\nthe rendering engine. Sites using these character encodings would thus\nbe potentially vulnerable to script injection attacks if their script\nfiltering code fails to strip out these specific characters.", "edition": 24, "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3687)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3778", "CVE-2010-3774", "CVE-2010-3769", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-0179", "CVE-2010-3766"], "modified": "2011-05-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:enigmail"], "id": "SUSE_11_2_MOZILLATHUNDERBIRD-101213.NASL", "href": "https://www.tenable.com/plugins/nessus/53773", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaThunderbird-3687.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53773);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0179\", \"CVE-2010-3766\", \"CVE-2010-3767\", \"CVE-2010-3768\", \"CVE-2010-3769\", \"CVE-2010-3770\", \"CVE-2010-3771\", \"CVE-2010-3772\", \"CVE-2010-3773\", \"CVE-2010-3774\", \"CVE-2010-3775\", \"CVE-2010-3776\", \"CVE-2010-3777\", \"CVE-2010-3778\");\n\n script_name(english:\"openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3687)\");\n script_summary(english:\"Check for the MozillaThunderbird-3687 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Thunderbird 3.0 was updated to update 3.0.11 fixing several\nsecurity issues.\n\nMFSA 2010-74: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.\n\nJesee Ruderman, Andreas Gal, Nils, and Brian Hackett reported memory\nsafety problems that affected Firefox 3.6 and Firefox 3.5.\n(CVE-2010-3776) Igor Bukanov reported a memory safety problem that was\nfixed in Firefox 3.6 only. (CVE-2010-3777) Jesse Ruderman reported a\ncrash which affected Firefox 3.5 only. (CVE-2010-3778)\n\nMFSA 2010-75 / CVE-2010-3769: Dirk Heinrich reported that on Windows\nplatforms when document.write() was called with a very long string a\nbuffer overflow was caused in line breaking routines attempting to\nprocess the string for display. Such cases triggered an invalid read\npast the end of an array causing a crash which an attacker could\npotentially use to run arbitrary code on a victim's computer.\n\nMFSA 2010-76 / CVE-2010-3771: Security researcher echo reported that a\nweb page could open a window with an about:blank location and then\ninject an <isindex> element into that page which upon submission would\nredirect to a chrome: document. The effect of this defect was that the\noriginal page would wind up with a reference to a chrome-privileged\nobject, the opened window, which could be leveraged for privilege\nescalation attacks.\n\nMozilla security researcher moz_bug_r_a4 provided proof-of-concept\ncode demonstrating how the above vulnerability could be used to run\narbitrary code with chrome privileges.\n\nMFSA 2010-77 / CVE-2010-3772: Security researcher wushi of team509\nreported that when a XUL tree had an HTML <div> element nested inside\na <treechildren> element then code attempting to display content in\nthe XUL tree would incorrectly treat the <div> element as a parent\nnode to tree content underneath it resulting in incorrect indexes\nbeing calculated for the child content. These incorrect indexes were\nused in subsequent array operations which resulted in writing data\npast the end of an allocated buffer. An attacker could use this issue\nto crash a victim's browser and run arbitrary code on their machine.\n\nMFSA 2010-78 / CVE-2010-3768: Mozilla added the OTS font sanitizing\nlibrary to prevent downloadable fonts from exposing vulnerabilities in\nthe underlying OS font code. This library mitigates against several\nissues independently reported by Red Hat Security Response Team member\nMarc Schoenefeld and Mozilla security researcher Christoph Diehl.\n\nMFSA 2010-79 / CVE-2010-3775: Security researcher Gregory Fleischer\nreported that when a Java LiveConnect script was loaded via a data:\nURL which redirects via a meta refresh, then the resulting plugin\nobject was created with the wrong security principal and thus received\nelevated privileges such as the abilities to read local files, launch\nprocesses, and create network connections.\n\nMFSA 2010-80 / CVE-2010-3766: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative that a nsDOMAttribute node can\nbe modified without informing the iterator object responsible for\nvarious DOM traversals. This flaw could lead to a inconsistent state\nwhere the iterator points to an object it believes is part of the DOM\nbut actually points to some other object. If such an object had been\ndeleted and its memory reclaimed by the system, then the iterator\ncould be used to call into attacker-controlled memory.\n\nMFSA 2010-81 / CVE-2010-3767: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative that JavaScript arrays were\nvulnerable to an integer overflow vulnerability. The report\ndemonstrated that an array could be constructed containing a very\nlarge number of items such that when memory was allocated to store the\narray items, the integer value used to calculate the buffer size would\noverflow resulting in too small a buffer being allocated. Subsequent\nuse of the array object could then result in data being written past\nthe end of the buffer and causing memory corruption.\n\nMFSA 2010-82 / CVE-2010-3773: Mozilla security researcher moz_bug_r_a4\nreported that the fix for CVE-2010-0179 could be circumvented\npermitting the execution of arbitrary JavaScript with chrome\nprivileges.\n\nMFSA 2010-83 / CVE-2010-3774: Google security researcher Michal\nZalewski reported that when a window was opened to a site resulting in\na network or certificate error page, the opening site could access the\ndocument inside the opened window and inject arbitrary content. An\nattacker could use this bug to spoof the location bar and trick a user\ninto thinking they were on a different site than they actually were.\n\nMFSA 2010-84 / CVE-2010-3770: Security researchers Yosuke Hasegawa and\nMasatoshi Kimura reported that the x-mac-arabic, x-mac-farsi and\nx-mac-hebrew character encodings are vulnerable to XSS attacks due to\nsome characters being converted to angle brackets when displayed by\nthe rendering engine. Sites using these character encodings would thus\nbe potentially vulnerable to script injection attacks if their script\nfiltering code fails to strip out these specific characters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=657016\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaThunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaThunderbird-3.0.11-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaThunderbird-devel-3.0.11-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaThunderbird-translations-common-3.0.11-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaThunderbird-translations-other-3.0.11-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"enigmail-1.0.1-3.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2018-01-23T13:05:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3774", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-0179", "CVE-2010-3766"], "description": "Check for the Version of firefox", "modified": "2018-01-23T00:00:00", "published": "2010-12-28T00:00:00", "id": "OPENVAS:1361412562310862724", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862724", "type": "openvas", "title": "Fedora Update for firefox FEDORA-2010-18773", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for firefox FEDORA-2010-18773\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"firefox on Fedora 14\";\ntag_insight = \"Mozilla Firefox is an open-source web browser, designed for standards\n compliance, performance and portability.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052029.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862724\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-28 07:11:56 +0100 (Tue, 28 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-18773\");\n script_cve_id(\"CVE-2010-3766\", \"CVE-2010-3767\", \"CVE-2010-3768\", \"CVE-2010-3770\", \"CVE-2010-3771\", \"CVE-2010-3772\", \"CVE-2010-3773\", \"CVE-2010-0179\", \"CVE-2010-3774\", \"CVE-2010-3775\", \"CVE-2010-3776\", \"CVE-2010-3777\");\n script_name(\"Fedora Update for firefox FEDORA-2010-18773\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.13~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:32:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3774", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-0179", "CVE-2010-3766"], "description": "Check for the Version of galeon", "modified": "2017-12-21T00:00:00", "published": "2010-12-28T00:00:00", "id": "OPENVAS:862733", "href": "http://plugins.openvas.org/nasl.php?oid=862733", "type": "openvas", "title": "Fedora Update for galeon FEDORA-2010-18773", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for galeon FEDORA-2010-18773\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"galeon on Fedora 14\";\ntag_insight = \"Galeon is a web browser built around Gecko (Mozilla's rendering\n engine) and Necko (Mozilla's networking engine). It's a GNOME web\n browser, designed to take advantage of as many GNOME technologies as\n makes sense. Galeon was written to do just one thing - browse the web.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html\");\n script_id(862733);\n script_version(\"$Revision: 8205 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-28 07:11:56 +0100 (Tue, 28 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-18773\");\n script_cve_id(\"CVE-2010-3766\", \"CVE-2010-3767\", \"CVE-2010-3768\", \"CVE-2010-3770\", \"CVE-2010-3771\", \"CVE-2010-3772\", \"CVE-2010-3773\", \"CVE-2010-0179\", \"CVE-2010-3774\", \"CVE-2010-3775\", \"CVE-2010-3776\", \"CVE-2010-3777\");\n script_name(\"Fedora Update for galeon FEDORA-2010-18773\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of galeon\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"galeon\", rpm:\"galeon~2.0.7~36.fc14.1\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-26T11:06:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3774", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-0179", "CVE-2010-3766"], "description": "Check for the Version of xulrunner", "modified": "2018-01-25T00:00:00", "published": "2010-12-28T00:00:00", "id": "OPENVAS:1361412562310862727", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862727", "type": "openvas", "title": "Fedora Update for xulrunner FEDORA-2010-18773", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xulrunner FEDORA-2010-18773\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xulrunner on Fedora 14\";\ntag_insight = \"XULRunner provides the XUL Runtime environment for Gecko applications.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052035.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862727\");\n script_version(\"$Revision: 8528 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 08:57:36 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-28 07:11:56 +0100 (Tue, 28 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-18773\");\n script_cve_id(\"CVE-2010-3766\", \"CVE-2010-3767\", \"CVE-2010-3768\", \"CVE-2010-3770\", \"CVE-2010-3771\", \"CVE-2010-3772\", \"CVE-2010-3773\", \"CVE-2010-0179\", \"CVE-2010-3774\", \"CVE-2010-3775\", \"CVE-2010-3776\", \"CVE-2010-3777\");\n script_name(\"Fedora Update for xulrunner FEDORA-2010-18773\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xulrunner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.13~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:57:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3774", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-0179", "CVE-2010-3766"], "description": "Check for the Version of firefox", "modified": "2017-12-28T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:881398", "href": "http://plugins.openvas.org/nasl.php?oid=881398", "type": "openvas", "title": "CentOS Update for firefox CESA-2010:0966 centos4 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2010:0966 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2010-3766, CVE-2010-3767, CVE-2010-3772, CVE-2010-3776,\n CVE-2010-3777)\n\n A flaw was found in the way Firefox handled malformed JavaScript. A website\n with an object containing malicious JavaScript could cause Firefox to\n execute that JavaScript with the privileges of the user running Firefox.\n (CVE-2010-3771)\n\n This update adds support for the Sanitiser for OpenType (OTS) library to\n Firefox. This library helps prevent potential exploits in malformed\n OpenType fonts by verifying the font file prior to use. (CVE-2010-3768)\n\n A flaw was found in the way Firefox loaded Java LiveConnect scripts.\n Malicious web content could load a Java LiveConnect script in a way that\n would result in the plug-in object having elevated privileges, allowing it\n to execute Java code with the privileges of the user running Firefox.\n (CVE-2010-3775)\n\n It was found that the fix for CVE-2010-0179 was incomplete when the Firebug\n add-on was used. If a user visited a website containing malicious\n JavaScript while the Firebug add-on was enabled, it could cause Firefox to\n execute arbitrary JavaScript with the privileges of the user running\n Firefox. (CVE-2010-3773)\n\n A flaw was found in the way Firefox presented the location bar to users. A\n malicious website could trick a user into thinking they are visiting the\n site reported by the location bar, when the page is actually content\n controlled by an attacker. (CVE-2010-3774)\n\n A cross-site scripting (XSS) flaw was found in the Firefox x-mac-arabic,\n x-mac-farsi, and x-mac-hebrew character encodings. Certain characters were\n converted to angle brackets when displayed. If server-side script filtering\n missed these cases, it could result in Firefox executing JavaScript code\n with the permissions of a different website. (CVE-2010-3770)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 3.6.13. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n\n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 3.6.13, which corrects these issues. After installing the\n update, Firefox must be restarted for the changes to take effect.\";\n\ntag_affected = \"firefox on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-January/017228.html\");\n script_id(881398);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:43:42 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-3766\", \"CVE-2010-3767\", \"CVE-2010-3768\", \"CVE-2010-3770\",\n \"CVE-2010-3771\", \"CVE-2010-3772\", \"CVE-2010-3773\", \"CVE-2010-3774\",\n \"CVE-2010-3775\", \"CVE-2010-3776\", \"CVE-2010-3777\", \"CVE-2010-0179\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0966\");\n script_name(\"CentOS Update for firefox CESA-2010:0966 centos4 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.13~3.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:32:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3774", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-0179", "CVE-2010-3766"], "description": "Check for the Version of xulrunner", "modified": "2017-12-21T00:00:00", "published": "2010-12-28T00:00:00", "id": "OPENVAS:862723", "href": "http://plugins.openvas.org/nasl.php?oid=862723", "type": "openvas", "title": "Fedora Update for xulrunner FEDORA-2010-18775", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xulrunner FEDORA-2010-18775\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xulrunner on Fedora 13\";\ntag_insight = \"XULRunner provides the XUL Runtime environment for Gecko applications.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052021.html\");\n script_id(862723);\n script_version(\"$Revision: 8205 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-28 07:11:56 +0100 (Tue, 28 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-18775\");\n script_cve_id(\"CVE-2010-3766\", \"CVE-2010-3767\", \"CVE-2010-3768\", \"CVE-2010-3770\", \"CVE-2010-3771\", \"CVE-2010-3772\", \"CVE-2010-3773\", \"CVE-2010-0179\", \"CVE-2010-3774\", \"CVE-2010-3775\", \"CVE-2010-3776\", \"CVE-2010-3777\");\n script_name(\"Fedora Update for xulrunner FEDORA-2010-18775\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xulrunner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.13~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3774", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-0179", "CVE-2010-3766"], "description": "Check for the Version of gnome-web-photo", "modified": "2017-12-25T00:00:00", "published": "2010-12-28T00:00:00", "id": "OPENVAS:862725", "href": "http://plugins.openvas.org/nasl.php?oid=862725", "type": "openvas", "title": "Fedora Update for gnome-web-photo FEDORA-2010-18773", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-web-photo FEDORA-2010-18773\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-web-photo on Fedora 14\";\ntag_insight = \"gnome-web-photo contains a thumbnailer that will be used by GNOME applications,\n including the file manager, to generate screenshots of web pages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052031.html\");\n script_id(862725);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-28 07:11:56 +0100 (Tue, 28 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-18773\");\n script_cve_id(\"CVE-2010-3766\", \"CVE-2010-3767\", \"CVE-2010-3768\", \"CVE-2010-3770\", \"CVE-2010-3771\", \"CVE-2010-3772\", \"CVE-2010-3773\", \"CVE-2010-0179\", \"CVE-2010-3774\", \"CVE-2010-3775\", \"CVE-2010-3776\", \"CVE-2010-3777\");\n script_name(\"Fedora Update for gnome-web-photo FEDORA-2010-18773\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnome-web-photo\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-web-photo\", rpm:\"gnome-web-photo~0.9~16.fc14.1\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3774", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-0179", "CVE-2010-3766"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881398", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881398", "type": "openvas", "title": "CentOS Update for firefox CESA-2010:0966 centos4 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2010:0966 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-January/017228.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881398\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:43:42 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-3766\", \"CVE-2010-3767\", \"CVE-2010-3768\", \"CVE-2010-3770\",\n \"CVE-2010-3771\", \"CVE-2010-3772\", \"CVE-2010-3773\", \"CVE-2010-3774\",\n \"CVE-2010-3775\", \"CVE-2010-3776\", \"CVE-2010-3777\", \"CVE-2010-0179\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2010:0966\");\n script_name(\"CentOS Update for firefox CESA-2010:0966 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 4\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2010-3766, CVE-2010-3767, CVE-2010-3772, CVE-2010-3776,\n CVE-2010-3777)\n\n A flaw was found in the way Firefox handled malformed JavaScript. A website\n with an object containing malicious JavaScript could cause Firefox to\n execute that JavaScript with the privileges of the user running Firefox.\n (CVE-2010-3771)\n\n This update adds support for the Sanitiser for OpenType (OTS) library to\n Firefox. This library helps prevent potential exploits in malformed\n OpenType fonts by verifying the font file prior to use. (CVE-2010-3768)\n\n A flaw was found in the way Firefox loaded Java LiveConnect scripts.\n Malicious web content could load a Java LiveConnect script in a way that\n would result in the plug-in object having elevated privileges, allowing it\n to execute Java code with the privileges of the user running Firefox.\n (CVE-2010-3775)\n\n It was found that the fix for CVE-2010-0179 was incomplete when the Firebug\n add-on was used. If a user visited a website containing malicious\n JavaScript while the Firebug add-on was enabled, it could cause Firefox to\n execute arbitrary JavaScript with the privileges of the user running\n Firefox. (CVE-2010-3773)\n\n A flaw was found in the way Firefox presented the location bar to users. A\n malicious website could trick a user into thinking they are visiting the\n site reported by the location bar, when the page is actually content\n controlled by an attacker. (CVE-2010-3774)\n\n A cross-site scripting (XSS) flaw was found in the Firefox x-mac-arabic,\n x-mac-farsi, and x-mac-hebrew character encodings. Certain characters were\n converted to angle brackets when displayed. If server-side script filtering\n missed these cases, it could result in Firefox executing JavaScript code\n with the permissions of a different website. (CVE-2010-3770)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 3.6.13. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n\n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 3.6.13, which corrects these issues. After installing the\n update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.13~3.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:53:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3774", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-0179", "CVE-2010-3766"], "description": "Check for the Version of mozvoikko", "modified": "2018-01-01T00:00:00", "published": "2010-12-28T00:00:00", "id": "OPENVAS:1361412562310862722", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862722", "type": "openvas", "title": "Fedora Update for mozvoikko FEDORA-2010-18775", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mozvoikko FEDORA-2010-18775\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mozvoikko on Fedora 13\";\ntag_insight = \"This is mozvoikko, an extension for Mozilla programs for using the Finnish\n spell-checker Voikko.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052019.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862722\");\n script_version(\"$Revision: 8266 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 08:28:32 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-28 07:11:56 +0100 (Tue, 28 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-18775\");\n script_cve_id(\"CVE-2010-3766\", \"CVE-2010-3767\", \"CVE-2010-3768\", \"CVE-2010-3770\", \"CVE-2010-3771\", \"CVE-2010-3772\", \"CVE-2010-3773\", \"CVE-2010-0179\", \"CVE-2010-3774\", \"CVE-2010-3775\", \"CVE-2010-3776\", \"CVE-2010-3777\");\n script_name(\"Fedora Update for mozvoikko FEDORA-2010-18775\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mozvoikko\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"mozvoikko\", rpm:\"mozvoikko~1.0~17.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-18T10:58:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3774", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-0179", "CVE-2010-3766"], "description": "Check for the Version of firefox", "modified": "2017-12-18T00:00:00", "published": "2010-12-28T00:00:00", "id": "OPENVAS:862732", "href": "http://plugins.openvas.org/nasl.php?oid=862732", "type": "openvas", "title": "Fedora Update for firefox FEDORA-2010-18775", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for firefox FEDORA-2010-18775\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"firefox on Fedora 13\";\ntag_insight = \"Mozilla Firefox is an open-source web browser, designed for standards\n compliance, performance and portability.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052023.html\");\n script_id(862732);\n script_version(\"$Revision: 8153 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-28 07:11:56 +0100 (Tue, 28 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-18775\");\n script_cve_id(\"CVE-2010-3766\", \"CVE-2010-3767\", \"CVE-2010-3768\", \"CVE-2010-3770\", \"CVE-2010-3771\", \"CVE-2010-3772\", \"CVE-2010-3773\", \"CVE-2010-0179\", \"CVE-2010-3774\", \"CVE-2010-3775\", \"CVE-2010-3776\", \"CVE-2010-3777\");\n script_name(\"Fedora Update for firefox FEDORA-2010-18775\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.13~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-08T11:43:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3774", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-0179", "CVE-2010-3766"], "description": "Check for the Version of gnome-web-photo", "modified": "2017-12-07T00:00:00", "published": "2010-12-28T00:00:00", "id": "OPENVAS:862734", "href": "http://plugins.openvas.org/nasl.php?oid=862734", "type": "openvas", "title": "Fedora Update for gnome-web-photo FEDORA-2010-18775", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-web-photo FEDORA-2010-18775\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-web-photo on Fedora 13\";\ntag_insight = \"gnome-web-photo contains a thumbnailer that will be used by GNOME applications,\n including the file manager, to generate screenshots of web pages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052024.html\");\n script_id(862734);\n script_version(\"$Revision: 8032 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 15:40:57 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-28 07:11:56 +0100 (Tue, 28 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-18775\");\n script_cve_id(\"CVE-2010-3766\", \"CVE-2010-3767\", \"CVE-2010-3768\", \"CVE-2010-3770\", \"CVE-2010-3771\", \"CVE-2010-3772\", \"CVE-2010-3773\", \"CVE-2010-0179\", \"CVE-2010-3774\", \"CVE-2010-3775\", \"CVE-2010-3776\", \"CVE-2010-3777\");\n script_name(\"Fedora Update for gnome-web-photo FEDORA-2010-18775\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnome-web-photo\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-web-photo\", rpm:\"gnome-web-photo~0.9~15.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:24", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3774", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-3766"], "description": " \nfirefox:\r\n \n[3.6.13-1.0.1.el6_0]\r\n- Added firefox-oracle-default-prefs.js and removed firefox-redhat-default-prefs.js\r\n [bugz 11762]\r\n \n[3.6.13-2]\r\n- Update to 3.6.13 build3\r\n \n[3.6.13-1]\r\n- Update to 3.6.13\r\n \n[3.6.12-1]\r\n- Update to 3.6.12\r\n \n[3.6.11-1]\r\n- Update to 3.6.11\r\n \nxulrunner:\r\n \n[1.9.2.13-3.0.1.el6_0]\r\n- Added xulrunner-oracle-default-prefs.js and removed the corresponding\r\n RedHat one. Bug#11487\r\n \n[1.9.2.13-3]\r\n- Update to 1.9.2.13 build3\r\n \n[1.9.2.13-2]\r\n- Update to 1.9.2.13 build2\r\n \n[1.9.2.13-1]\r\n- Update to 1.9.2.13\r\n \n[1.9.2.12-1]\r\n- Update to 1.9.2.12\r\n \n[1.9.2.11-1]\r\n- Update to 1.9.2.1", "edition": 4, "modified": "2010-12-10T00:00:00", "published": "2010-12-10T00:00:00", "id": "ELSA-2010-0966", "href": "http://linux.oracle.com/errata/ELSA-2010-0966.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3766", "CVE-2010-3767", "CVE-2010-3768", "CVE-2010-3770", "CVE-2010-3771", "CVE-2010-3772", "CVE-2010-3773", "CVE-2010-3774", "CVE-2010-3775", "CVE-2010-3776", "CVE-2010-3777"], "description": "The gnome-python-extra package contains the source packages for additional Python bindings for GNOME. It should be used together with gnome-python. ", "modified": "2010-12-10T20:25:42", "published": "2010-12-10T20:25:42", "id": "FEDORA:0C4571106F9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: gnome-python2-extras-2.25.3-25.fc13", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3766", "CVE-2010-3767", "CVE-2010-3768", "CVE-2010-3770", "CVE-2010-3771", "CVE-2010-3772", "CVE-2010-3773", "CVE-2010-3774", "CVE-2010-3775", "CVE-2010-3776", "CVE-2010-3777"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. ", "modified": "2010-12-10T20:25:42", "published": "2010-12-10T20:25:42", "id": "FEDORA:ED13910F927", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: firefox-3.6.13-1.fc13", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3766", "CVE-2010-3767", "CVE-2010-3768", "CVE-2010-3770", "CVE-2010-3771", "CVE-2010-3772", "CVE-2010-3773", "CVE-2010-3774", "CVE-2010-3775", "CVE-2010-3776", "CVE-2010-3777"], "description": "This is mozvoikko, an extension for Mozilla programs for using the Finnish spell-checker Voikko. ", "modified": "2010-12-10T20:27:49", "published": "2010-12-10T20:27:49", "id": "FEDORA:73DC6110D47", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: mozvoikko-1.0-17.fc14.1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3766", "CVE-2010-3767", "CVE-2010-3768", "CVE-2010-3770", "CVE-2010-3771", "CVE-2010-3772", "CVE-2010-3773", "CVE-2010-3774", "CVE-2010-3775", "CVE-2010-3776", "CVE-2010-3777"], "description": "XULRunner provides the XUL Runtime environment for Gecko applications. ", "modified": "2010-12-10T20:27:49", "published": "2010-12-10T20:27:49", "id": "FEDORA:6B423110D43", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: xulrunner-1.9.2.13-1.fc14", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3766", "CVE-2010-3767", "CVE-2010-3768", "CVE-2010-3770", "CVE-2010-3771", "CVE-2010-3772", "CVE-2010-3773", "CVE-2010-3774", "CVE-2010-3775", "CVE-2010-3776", "CVE-2010-3777"], "description": "The gnome-python-extra package contains the source packages for additional Python bindings for GNOME. It should be used together with gnome-python. ", "modified": "2010-12-10T20:27:49", "published": "2010-12-10T20:27:49", "id": "FEDORA:83DAC110D53", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: gnome-python2-extras-2.25.3-26.fc14.1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3766", "CVE-2010-3767", "CVE-2010-3768", "CVE-2010-3770", "CVE-2010-3771", "CVE-2010-3772", "CVE-2010-3773", "CVE-2010-3774", "CVE-2010-3775", "CVE-2010-3776", "CVE-2010-3777"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. ", "modified": "2010-12-10T20:27:49", "published": "2010-12-10T20:27:49", "id": "FEDORA:7127C110D45", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: firefox-3.6.13-1.fc14", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3766", "CVE-2010-3767", "CVE-2010-3768", "CVE-2010-3770", "CVE-2010-3771", "CVE-2010-3772", "CVE-2010-3773", "CVE-2010-3774", "CVE-2010-3775", "CVE-2010-3776", "CVE-2010-3777"], "description": "Galeon is a web browser built around Gecko (Mozilla's rendering engine) and Necko (Mozilla's networking engine). It's a GNOME web browser, designed to take advantage of as many GNOME technologies as makes sense. Galeon was written to do just one thing - browse the web. ", "modified": "2010-12-10T20:25:42", "published": "2010-12-10T20:25:42", "id": "FEDORA:0EDD011073F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: galeon-2.0.7-36.fc13", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3766", "CVE-2010-3767", "CVE-2010-3768", "CVE-2010-3770", "CVE-2010-3771", "CVE-2010-3772", "CVE-2010-3773", "CVE-2010-3774", "CVE-2010-3775", "CVE-2010-3776", "CVE-2010-3777"], "description": "gnome-web-photo contains a thumbnailer that will be used by GNOME applicati ons, including the file manager, to generate screenshots of web pages. ", "modified": "2010-12-10T20:27:49", "published": "2010-12-10T20:27:49", "id": "FEDORA:7B8BA110D4F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: gnome-web-photo-0.9-16.fc14.1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3766", "CVE-2010-3767", "CVE-2010-3768", "CVE-2010-3770", "CVE-2010-3771", "CVE-2010-3772", "CVE-2010-3773", "CVE-2010-3774", "CVE-2010-3775", "CVE-2010-3776", "CVE-2010-3777"], "description": "Galeon is a web browser built around Gecko (Mozilla's rendering engine) and Necko (Mozilla's networking engine). It's a GNOME web browser, designed to take advantage of as many GNOME technologies as makes sense. Galeon was written to do just one thing - browse the web. ", "modified": "2010-12-10T20:27:49", "published": "2010-12-10T20:27:49", "id": "FEDORA:86D4E110D54", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: galeon-2.0.7-36.fc14.1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3766", "CVE-2010-3767", "CVE-2010-3768", "CVE-2010-3770", "CVE-2010-3771", "CVE-2010-3772", "CVE-2010-3773", "CVE-2010-3774", "CVE-2010-3775", "CVE-2010-3776", "CVE-2010-3777"], "description": "This module allows you to use the Mozilla embedding widget from Perl. ", "modified": "2010-12-10T20:25:42", "published": "2010-12-10T20:25:42", "id": "FEDORA:045E511068E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: perl-Gtk2-MozEmbed-0.08-6.fc13.20", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T01:45:47", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3778", "CVE-2010-3774", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-3766"], "description": "Jesse Ruderman, Andreas Gal, Nils, Brian Hackett, and Igor Bukanov \ndiscovered several memory issues in the browser engine. An attacker could \nexploit these to crash the browser or possibly run arbitrary code as the \nuser invoking the program. (CVE-2010-3776, CVE-2010-3777, CVE-2010-3778)\n\nIt was discovered that Firefox did not properly verify the about:blank \nlocation elements when it was opened via window.open(). An attacker could \nexploit this to run arbitrary code with chrome privileges. (CVE-2010-3771)\n\nIt was discovered that Firefox did not properly handle &lt;div&gt; elements \nwhen processing a XUL tree. If a user were tricked into opening a malicious \nweb page, an attacker could exploit this to crash the browser or possibly \nrun arbitrary code as the user invoking the program. (CVE-2010-3772)\n\nMarc Schoenefeld and Christoph Diehl discovered several problems when \nhandling downloadable fonts. The new OTS font sanitizing library was added \nto mitigate these issues. (CVE-2010-3768)\n\nGregory Fleischer discovered that the Java LiveConnect script could be made \nto run in the wrong security context. An attacker could exploit this to \nread local files and run arbitrary code as the user invoking the program. \n(CVE-2010-3775)\n\nSeveral problems were discovered in the JavaScript engine. If a user were \ntricked into opening a malicious web page, an attacker could exploit this to \ncrash the browser or possibly run arbitrary code as the user invoking the \nprogram. (CVE-2010-3766, CVE-2010-3767, CVE-2010-3773)\n\nMichal Zalewski discovered that Firefox did not always properly handle \ndisplaying pages from network or certificate errors. An attacker could \nexploit this to spoof the location bar, such as in a phishing attack. \n(CVE-2010-3774)\n\nYosuke Hasegawa and Masatoshi Kimura discovered that several character \nencodings would have some characters converted to angle brackets. An \nattacker could utilize this to perform cross-site scripting attacks. \n(CVE-2010-3770)", "edition": 5, "modified": "2010-12-09T00:00:00", "published": "2010-12-09T00:00:00", "id": "USN-1019-1", "href": "https://ubuntu.com/security/notices/USN-1019-1", "title": "Firefox and Xulrunner vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:37:04", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3778", "CVE-2010-3774", "CVE-2010-3769", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-0179", "CVE-2010-3766"], "description": "Mozilla Firefox was updated to update 3.6.13 to fix several security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2011-01-05T11:25:44", "published": "2011-01-05T11:25:44", "id": "SUSE-SA:2011:003", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html", "type": "suse", "title": "remote code execution in MozillaFirefox,MozillaThunderbird,Seamonkey", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:03", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3778", "CVE-2010-3774", "CVE-2010-3769", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-3766"], "description": "\nThe Mozilla Project reports:\n\nMFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)\nMFSA 2010-75 Buffer overflow while line breaking after document.write with long string\nMFSA 2010-76 Chrome privilege escalation with window.open and isindex element\nMFSA 2010-77 Crash and remote code execution using HTML tags inside a XUL tree\nMFSA 2010-78 Add support for OTS font sanitizer\nMFSA 2010-79 Java security bypass from LiveConnect loaded via data: URL meta refresh\nMFSA 2010-80 Use-after-free error with nsDOMAttribute MutationObserver\nMFSA 2010-81 Integer overflow vulnerability in NewIdArray\nMFSA 2010-82 Incomplete fix for CVE-2010-0179\nMFSA 2010-83 Location bar SSL spoofing using network error page\nMFSA 2010-84 XSS hazard in multiple character encodings\n\n", "edition": 4, "modified": "2010-12-09T00:00:00", "published": "2010-12-09T00:00:00", "id": "1D8FF4A2-0445-11E0-8E32-000F20797EDE", "href": "https://vuxml.freebsd.org/freebsd/1d8ff4a2-0445-11e0-8e32-000f20797ede.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:39", "bulletinFamily": "software", "cvelist": ["CVE-2010-3772", "CVE-2010-3777", "CVE-2010-3778", "CVE-2010-3774", "CVE-2010-3769", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-3766"], "description": "Multiple memory corruptions, buffer overflows, vode execution protection bypass, privilege escalation, etc.", "edition": 1, "modified": "2010-12-10T00:00:00", "published": "2010-12-10T00:00:00", "id": "SECURITYVULNS:VULN:11286", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11286", "title": "Mozilla Firefox / Thinderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:12:51", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3772", "CVE-2010-3778", "CVE-2010-3774", "CVE-2010-3769", "CVE-2010-3773", "CVE-2010-3768", "CVE-2010-3776", "CVE-2010-3775", "CVE-2010-3767", "CVE-2010-3771", "CVE-2010-3770", "CVE-2010-0179", "CVE-2010-3766"], "description": "Mike Hommey uploaded new packages for iceweasel which fixed the\nfollowing security problems:\n\nCVE-2010-3776\n Multiple unspecified vulnerabilities in the browser engine in Mozilla\n Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before\n 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow\n remote attackers to cause a denial of service (memory corruption and\n application crash) or possibly execute arbitrary code via unknown\n vectors.\nCVE-2010-3778\n Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16,\n Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote\n attackers to cause a denial of service (memory corruption and\n application crash) or possibly execute arbitrary code via unknown\n vectors.\nCVE-2010-3769\n The line-breaking implementation in Mozilla Firefox before 3.5.16 and\n 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7,\n and SeaMonkey before 2.0.11 on Windows does not properly handle long\n strings, which allows remote attackers to execute arbitrary code via a\n crafted document.write call that triggers a buffer over-read.\nCVE-2010-3771\n Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey\n before 2.0.11, does not properly handle injection of an ISINDEX\n element into an about:blank page, which allows remote attackers to\n execute arbitrary JavaScript code with chrome privileges via vectors\n related to redirection to a chrome: URI.\nCVE-2010-3772\n Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey\n before 2.0.11, does not properly calculate index values for certain\n child content in a XUL tree, which allows remote attackers to execute\n arbitrary code via vectors involving a DIV element within a\n treechildren element.\nCVE-2010-3768\n Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird\n before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do\n not properly validate downloadable fonts before use within an\n operating system&#x27;s font implementation, which allows remote attackers\n to execute arbitrary code via vectors related to @font-face Cascading\n Style Sheets (CSS) rules.\nCVE-2010-3775\n Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey\n before 2.0.11, does not properly handle certain redirections involving\n data: URLs and Java LiveConnect scripts, which allows remote attackers\n to start processes, read arbitrary local files, and establish network\n connections via vectors involving a refresh value in the http-equiv\n attribute of a META element.\nCVE-2010-3766\n Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and\n 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote\n attackers to execute arbitrary code via vectors involving a change to\n an nsDOMAttribute node.\nCVE-2010-3767\n Integer overflow in the NewIdArray function in Mozilla Firefox before\n 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows\n remote attackers to execute arbitrary code via a JavaScript array with\n many elements.\nCVE-2010-3773\n Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey\n before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on\n is used, does not properly handle interaction between the\n XMLHttpRequestSpy object and chrome privileged objects, which allows\n remote attackers to execute arbitrary JavaScript via a crafted HTTP\n response. NOTE: this vulnerability exists because of an incomplete fix\n for CVE-2010-0179.\nCVE-2010-3774\n The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h\n in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and\n SeaMonkey before 2.0.11, does not properly handle (1) about:neterror\n and (2) about:certerror pages, which allows remote attackers to spoof\n the location bar via a crafted web site.\nCVE-2010-3770\n Multiple cross-site scripting (XSS) vulnerabilities in the rendering\n engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and\n SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary\n web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3)\n x-mac-hebrew characters.\n\nFor the lenny-backports distribution the problems have been fixed in\nversion 3.5.16-3~bpo50+1.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.19-7.\n\nFor the upcoming stable version (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 3.5.15-1.\n\nFor the experimental distribution, these problems have been fixed in\nversion 3.6.13-1.\n\nUpgrade instructions\n--------------------\n\nIf you don&#x27;t use pinning (see [1]) you have to update the package\nmanually via &quot;apt-get -t lenny-backports install &lt;packagelist&gt;&quot; with\nthe packagelist of your installed packages affected by this update.\n[1] &lt;http://backports.debian.org/Instructions&gt;\n\nWe recommend to pin (in /etc/apt/preferences) the backports repository to\n200 so that new versions of installed backports will be installed\nautomatically. \n\n Package: *\n Pin: release a=lenny-backports\n Pin-Priority: 200\n\n", "edition": 3, "modified": "2011-01-03T06:30:25", "published": "2011-01-03T06:30:25", "id": "DEBIAN:BSA-013:BDF29", "href": "https://lists.debian.org/debian-backports-announce/2011/debian-backports-announce-201101/msg00000.html", "title": "[BSA-013] Security Update for iceweasel", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}