{"id": "SUSE_11_4_SEAMONKEY-110819.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)", "description": "Mozilla SeaMonkey suite was updated to version 2.3.\n\nThe update fixes bugs and security issues. Following security issues were fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla Foundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation Security Advisory 2011-33\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Miscellaneous memory safety hazards (rv:4.0) Mozilla identified and fixed several memory safety bugs in the browser engine used in SeaMonkey 2.2 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.\n\nAral Yaman reported a WebGL crash which affected SeaMonkey 2.2.\n(CVE-2011-2989)\n\nVivekanand Bolajwar reported a JavaScript crash which affected SeaMonkey 2.2. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg reader which affected SeaMonkey 2.2. (CVE-2011-2992)\n\nMozilla developers and community members Robert Kaiser, Jesse Ruderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory safety issues which affected SeaMonkey 2.2. (CVE-2011-2985)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Unsigned scripts can call script inside signed JAR\n\nRafael Gieschke reported that unsigned JavaScript could call into script inside a signed JAR thereby inheriting the identity of the site that signed the JAR as well as any permissions that a user had granted the signed JAR. (CVE-2011-2993)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 String crash using WebGL shaders\n\nMichael Jordon of Context IS reported that an overly long shader program could cause a buffer overrun and crash in a string class used to store the shader source code. (CVE-2011-2988)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Heap overflow in ANGLE library\n\nMichael Jordon of Context IS reported a potentially exploitable heap overflow in the ANGLE library used by Mozilla's WebGL implementation.\n(CVE-2011-2987)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Crash in SVGTextElement.getCharNumAtPosition()\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day Initiative that a SVG text manipulation routine contained a dangling pointer vulnerability. (CVE-2011-0084)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Credential leakage using Content Security Policy reports\n\nMike Cardwell reported that Content Security Policy violation reports failed to strip out proxy authorization credentials from the list of request headers. Daniel Veditz reported that redirecting to a website with Content Security Policy resulted in the incorrect resolution of hosts in the constructed policy. (CVE-2011-2990)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Cross-origin data theft using canvas and Windows D2D\n\nnasalislarvatus3000 reported that when using Windows D2D hardware acceleration, image data from one domain could be inserted into a canvas and read by a different domain. (CVE-2011-2986)", "published": "2014-06-13T00:00:00", "modified": "2018-11-20T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=76020", "reporter": "Tenable", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2011-33/", "https://bugzilla.novell.com/show_bug.cgi?id=712224", "https://lists.opensuse.org/opensuse-updates/2011-08/msg00039.html"], "cvelist": ["CVE-2011-2993", "CVE-2011-2986", "CVE-2011-2990", "CVE-2011-2989", "CVE-2011-0084", "CVE-2011-2992", "CVE-2011-2988", "CVE-2011-2985", "CVE-2011-2987", "CVE-2011-2991"], "type": "nessus", "lastseen": "2019-02-21T01:21:53", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey"], "cvelist": ["CVE-2011-2993", "CVE-2011-2986", "CVE-2011-2990", "CVE-2011-2989", "CVE-2011-0084", "CVE-2011-2992", "CVE-2011-2988", "CVE-2011-2985", "CVE-2011-2987", "CVE-2011-2991"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Mozilla SeaMonkey suite was updated to version 2.3.\n\nThe update fixes bugs and security issues. Following security issues were fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla Foundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation Security Advisory 2011-33\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Miscellaneous memory safety hazards (rv:4.0) Mozilla identified and fixed several memory safety bugs in the browser engine used in SeaMonkey 2.2 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.\n\nAral Yaman reported a WebGL crash which affected SeaMonkey 2.2.\n(CVE-2011-2989)\n\nVivekanand Bolajwar reported a JavaScript crash which affected SeaMonkey 2.2. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg reader which affected SeaMonkey 2.2. (CVE-2011-2992)\n\nMozilla developers and community members Robert Kaiser, Jesse Ruderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory safety issues which affected SeaMonkey 2.2. (CVE-2011-2985)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Unsigned scripts can call script inside signed JAR\n\nRafael Gieschke reported that unsigned JavaScript could call into script inside a signed JAR thereby inheriting the identity of the site that signed the JAR as well as any permissions that a user had granted the signed JAR. (CVE-2011-2993)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 String crash using WebGL shaders\n\nMichael Jordon of Context IS reported that an overly long shader program could cause a buffer overrun and crash in a string class used to store the shader source code. (CVE-2011-2988)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Heap overflow in ANGLE library\n\nMichael Jordon of Context IS reported a potentially exploitable heap overflow in the ANGLE library used by Mozilla's WebGL implementation.\n(CVE-2011-2987)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Crash in SVGTextElement.getCharNumAtPosition()\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day Initiative that a SVG text manipulation routine contained a dangling pointer vulnerability. (CVE-2011-0084)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Credential leakage using Content Security Policy reports\n\nMike Cardwell reported that Content Security Policy violation reports failed to strip out proxy authorization credentials from the list of request headers. Daniel Veditz reported that redirecting to a website with Content Security Policy resulted in the incorrect resolution of hosts in the constructed policy. (CVE-2011-2990)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Cross-origin data theft using canvas and Windows D2D\n\nnasalislarvatus3000 reported that when using Windows D2D hardware acceleration, image data from one domain could be inserted into a canvas and read by a different domain. (CVE-2011-2986)", "edition": 5, "enchantments": {"score": {"value": 10.0, "vector": "NONE"}}, "hash": "b514336ed87c139eb3baa0285fb0ed864957a1f41187044cf1b3c16327714075", "hashmap": [{"hash": "70a9b2c19470ad133f7baf702d66ea8a", "key": "cpe"}, {"hash": "8d36d556f1501ef2b45f3c9484a454d6", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "778cedf558783a5667ff2da3835ce04c", "key": "title"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "4f6a5e3c9fe06c5f526bb15c5e4d0f76", "key": "href"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "2c6e7bf0ceef79ad323ad36c03ac74db", "key": "cvelist"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "1865261413c3db59730e6f4c15d45b87", "key": "modified"}, {"hash": "32cd7a38abfd5a4d1742970e1f0baf31", "key": "pluginID"}, {"hash": "1d7d879cdef5ec9b0da5ebf52913646b", "key": "references"}, {"hash": "d35d7c6ea474c84177ab997c5470eefe", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=76020", "id": "SUSE_11_4_SEAMONKEY-110819.NASL", "lastseen": "2018-09-01T23:41:45", "modified": "2018-08-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "76020", "published": "2014-06-13T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=712224", "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html", "http://lists.opensuse.org/opensuse-updates/2011-08/msg00039.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-5024.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76020);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/08/13 14:32:39\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2985\", \"CVE-2011-2986\", \"CVE-2011-2987\", \"CVE-2011-2988\", \"CVE-2011-2989\", \"CVE-2011-2990\", \"CVE-2011-2991\", \"CVE-2011-2992\", \"CVE-2011-2993\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)\");\n script_summary(english:\"Check for the seamonkey-5024 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey suite was updated to version 2.3.\n\nThe update fixes bugs and security issues. Following security issues\nwere fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla\nFoundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation\nSecurity Advisory 2011-33\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Miscellaneous\nmemory safety hazards (rv:4.0) Mozilla identified and fixed several\nmemory safety bugs in the browser engine used in SeaMonkey 2.2 and\nother Mozilla-based products. Some of these bugs showed evidence of\nmemory corruption under certain circumstances, and we presume that\nwith enough effort at least some of these could be exploited to run\narbitrary code.\n\nAral Yaman reported a WebGL crash which affected SeaMonkey 2.2.\n(CVE-2011-2989)\n\nVivekanand Bolajwar reported a JavaScript crash which affected\nSeaMonkey 2.2. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg\nreader which affected SeaMonkey 2.2. (CVE-2011-2992)\n\nMozilla developers and community members Robert Kaiser, Jesse\nRuderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn\nWargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory\nsafety issues which affected SeaMonkey 2.2. (CVE-2011-2985)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Unsigned scripts\ncan call script inside signed JAR\n\nRafael Gieschke reported that unsigned JavaScript could call into\nscript inside a signed JAR thereby inheriting the identity of the site\nthat signed the JAR as well as any permissions that a user had granted\nthe signed JAR. (CVE-2011-2993)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 String crash using\nWebGL shaders\n\nMichael Jordon of Context IS reported that an overly long shader\nprogram could cause a buffer overrun and crash in a string class used\nto store the shader source code. (CVE-2011-2988)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Heap overflow in\nANGLE library\n\nMichael Jordon of Context IS reported a potentially exploitable heap\noverflow in the ANGLE library used by Mozilla's WebGL implementation.\n(CVE-2011-2987)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Crash in\nSVGTextElement.getCharNumAtPosition()\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day\nInitiative that a SVG text manipulation routine contained a dangling\npointer vulnerability. (CVE-2011-0084)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Credential leakage\nusing Content Security Policy reports\n\nMike Cardwell reported that Content Security Policy violation reports\nfailed to strip out proxy authorization credentials from the list of\nrequest headers. Daniel Veditz reported that redirecting to a website\nwith Content Security Policy resulted in the incorrect resolution of\nhosts in the constructed policy. (CVE-2011-2990)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Cross-origin data\ntheft using canvas and Windows D2D\n\nnasalislarvatus3000 reported that when using Windows D2D hardware\nacceleration, image data from one domain could be inserted into a\ncanvas and read by a different domain. (CVE-2011-2986)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2011-08/msg00039.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-33.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712224\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debuginfo-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debugsource-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-dom-inspector-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-irc-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-common-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-other-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-venkman-2.3-2.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "title": "openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["references", "modified", "sourceData"], "edition": 5, "lastseen": "2018-09-01T23:41:45"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey"], "cvelist": ["CVE-2011-2993", "CVE-2011-2986", "CVE-2011-2990", "CVE-2011-2989", "CVE-2011-0084", "CVE-2011-2992", "CVE-2011-2988", "CVE-2011-2985", "CVE-2011-2987", "CVE-2011-2991"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Mozilla SeaMonkey suite was updated to version 2.3.\n\nThe update fixes bugs and security issues. Following security issues were fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla Foundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation Security Advisory 2011-33\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Miscellaneous memory safety hazards (rv:4.0) Mozilla identified and fixed several memory safety bugs in the browser engine used in SeaMonkey 2.2 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.\n\nAral Yaman reported a WebGL crash which affected SeaMonkey 2.2.\n(CVE-2011-2989)\n\nVivekanand Bolajwar reported a JavaScript crash which affected SeaMonkey 2.2. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg reader which affected SeaMonkey 2.2. (CVE-2011-2992)\n\nMozilla developers and community members Robert Kaiser, Jesse Ruderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory safety issues which affected SeaMonkey 2.2. (CVE-2011-2985)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Unsigned scripts can call script inside signed JAR\n\nRafael Gieschke reported that unsigned JavaScript could call into script inside a signed JAR thereby inheriting the identity of the site that signed the JAR as well as any permissions that a user had granted the signed JAR. (CVE-2011-2993)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 String crash using WebGL shaders\n\nMichael Jordon of Context IS reported that an overly long shader program could cause a buffer overrun and crash in a string class used to store the shader source code. (CVE-2011-2988)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Heap overflow in ANGLE library\n\nMichael Jordon of Context IS reported a potentially exploitable heap overflow in the ANGLE library used by Mozilla's WebGL implementation.\n(CVE-2011-2987)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Crash in SVGTextElement.getCharNumAtPosition()\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day Initiative that a SVG text manipulation routine contained a dangling pointer vulnerability. (CVE-2011-0084)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Credential leakage using Content Security Policy reports\n\nMike Cardwell reported that Content Security Policy violation reports failed to strip out proxy authorization credentials from the list of request headers. Daniel Veditz reported that redirecting to a website with Content Security Policy resulted in the incorrect resolution of hosts in the constructed policy. (CVE-2011-2990)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Cross-origin data theft using canvas and Windows D2D\n\nnasalislarvatus3000 reported that when using Windows D2D hardware acceleration, image data from one domain could be inserted into a canvas and read by a different domain. (CVE-2011-2986)", "edition": 3, "enchantments": {"score": {"value": 10.0, "vector": "NONE"}}, "hash": "b514336ed87c139eb3baa0285fb0ed864957a1f41187044cf1b3c16327714075", "hashmap": [{"hash": "70a9b2c19470ad133f7baf702d66ea8a", "key": "cpe"}, {"hash": "8d36d556f1501ef2b45f3c9484a454d6", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "778cedf558783a5667ff2da3835ce04c", "key": "title"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "4f6a5e3c9fe06c5f526bb15c5e4d0f76", "key": "href"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "2c6e7bf0ceef79ad323ad36c03ac74db", "key": "cvelist"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "1865261413c3db59730e6f4c15d45b87", "key": "modified"}, {"hash": "32cd7a38abfd5a4d1742970e1f0baf31", "key": "pluginID"}, {"hash": "1d7d879cdef5ec9b0da5ebf52913646b", "key": "references"}, {"hash": "d35d7c6ea474c84177ab997c5470eefe", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=76020", "id": "SUSE_11_4_SEAMONKEY-110819.NASL", "lastseen": "2018-08-15T15:15:00", "modified": "2018-08-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "76020", "published": "2014-06-13T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=712224", "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html", "http://lists.opensuse.org/opensuse-updates/2011-08/msg00039.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-5024.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76020);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/08/13 14:32:39\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2985\", \"CVE-2011-2986\", \"CVE-2011-2987\", \"CVE-2011-2988\", \"CVE-2011-2989\", \"CVE-2011-2990\", \"CVE-2011-2991\", \"CVE-2011-2992\", \"CVE-2011-2993\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)\");\n script_summary(english:\"Check for the seamonkey-5024 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey suite was updated to version 2.3.\n\nThe update fixes bugs and security issues. Following security issues\nwere fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla\nFoundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation\nSecurity Advisory 2011-33\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Miscellaneous\nmemory safety hazards (rv:4.0) Mozilla identified and fixed several\nmemory safety bugs in the browser engine used in SeaMonkey 2.2 and\nother Mozilla-based products. Some of these bugs showed evidence of\nmemory corruption under certain circumstances, and we presume that\nwith enough effort at least some of these could be exploited to run\narbitrary code.\n\nAral Yaman reported a WebGL crash which affected SeaMonkey 2.2.\n(CVE-2011-2989)\n\nVivekanand Bolajwar reported a JavaScript crash which affected\nSeaMonkey 2.2. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg\nreader which affected SeaMonkey 2.2. (CVE-2011-2992)\n\nMozilla developers and community members Robert Kaiser, Jesse\nRuderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn\nWargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory\nsafety issues which affected SeaMonkey 2.2. (CVE-2011-2985)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Unsigned scripts\ncan call script inside signed JAR\n\nRafael Gieschke reported that unsigned JavaScript could call into\nscript inside a signed JAR thereby inheriting the identity of the site\nthat signed the JAR as well as any permissions that a user had granted\nthe signed JAR. (CVE-2011-2993)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 String crash using\nWebGL shaders\n\nMichael Jordon of Context IS reported that an overly long shader\nprogram could cause a buffer overrun and crash in a string class used\nto store the shader source code. (CVE-2011-2988)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Heap overflow in\nANGLE library\n\nMichael Jordon of Context IS reported a potentially exploitable heap\noverflow in the ANGLE library used by Mozilla's WebGL implementation.\n(CVE-2011-2987)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Crash in\nSVGTextElement.getCharNumAtPosition()\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day\nInitiative that a SVG text manipulation routine contained a dangling\npointer vulnerability. (CVE-2011-0084)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Credential leakage\nusing Content Security Policy reports\n\nMike Cardwell reported that Content Security Policy violation reports\nfailed to strip out proxy authorization credentials from the list of\nrequest headers. Daniel Veditz reported that redirecting to a website\nwith Content Security Policy resulted in the incorrect resolution of\nhosts in the constructed policy. (CVE-2011-2990)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Cross-origin data\ntheft using canvas and Windows D2D\n\nnasalislarvatus3000 reported that when using Windows D2D hardware\nacceleration, image data from one domain could be inserted into a\ncanvas and read by a different domain. (CVE-2011-2986)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2011-08/msg00039.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-33.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712224\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debuginfo-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debugsource-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-dom-inspector-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-irc-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-common-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-other-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-venkman-2.3-2.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "title": "openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-15T15:15:00"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey"], "cvelist": ["CVE-2011-2993", "CVE-2011-2986", "CVE-2011-2990", "CVE-2011-2989", "CVE-2011-0084", "CVE-2011-2992", "CVE-2011-2988", "CVE-2011-2985", "CVE-2011-2987", "CVE-2011-2991"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Mozilla SeaMonkey suite was updated to version 2.3.\n\nThe update fixes bugs and security issues. Following security issues\nwere fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla\nFoundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation\nSecurity Advisory 2011-33\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Miscellaneous\nmemory safety hazards (rv:4.0) Mozilla identified and fixed several\nmemory safety bugs in the browser engine used in SeaMonkey 2.2 and\nother Mozilla-based products. Some of these bugs showed evidence of\nmemory corruption under certain circumstances, and we presume that\nwith enough effort at least some of these could be exploited to run\narbitrary code.\n\nAral Yaman reported a WebGL crash which affected SeaMonkey 2.2.\n(CVE-2011-2989)\n\nVivekanand Bolajwar reported a JavaScript crash which affected\nSeaMonkey 2.2. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg\nreader which affected SeaMonkey 2.2. (CVE-2011-2992)\n\nMozilla developers and community members Robert Kaiser, Jesse\nRuderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn\nWargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory\nsafety issues which affected SeaMonkey 2.2. (CVE-2011-2985)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Unsigned scripts\ncan call script inside signed JAR\n\nRafael Gieschke reported that unsigned JavaScript could call into\nscript inside a signed JAR thereby inheriting the identity of the site\nthat signed the JAR as well as any permissions that a user had granted\nthe signed JAR. (CVE-2011-2993)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 String crash using\nWebGL shaders\n\nMichael Jordon of Context IS reported that an overly long shader\nprogram could cause a buffer overrun and crash in a string class used\nto store the shader source code. (CVE-2011-2988)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Heap overflow in\nANGLE library\n\nMichael Jordon of Context IS reported a potentially exploitable heap\noverflow in the ANGLE library used by Mozilla's WebGL implementation.\n(CVE-2011-2987)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Crash in\nSVGTextElement.getCharNumAtPosition()\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day\nInitiative that a SVG text manipulation routine contained a dangling\npointer vulnerability. (CVE-2011-0084)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Credential leakage\nusing Content Security Policy reports\n\nMike Cardwell reported that Content Security Policy violation reports\nfailed to strip out proxy authorization credentials from the list of\nrequest headers. Daniel Veditz reported that redirecting to a website\nwith Content Security Policy resulted in the incorrect resolution of\nhosts in the constructed policy. (CVE-2011-2990)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Cross-origin data\ntheft using canvas and Windows D2D\n\nnasalislarvatus3000 reported that when using Windows D2D hardware\nacceleration, image data from one domain could be inserted into a\ncanvas and read by a different domain. (CVE-2011-2986)", "edition": 8, "enchantments": {"dependencies": {"modified": "2019-01-16T20:19:10", "references": [{"idList": ["ZDI-11-270"], "type": "zdi"}, {"idList": ["SUSE-SA:2011:037", "OPENSUSE-SU-2011:0957-2", "OPENSUSE-SU-2011:0957-1"], "type": "suse"}, {"idList": ["USN-1185-1", "USN-1184-1", "USN-1192-3", "USN-1192-2", "USN-1192-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-2296-1:1BC31", "DEBIAN:DSA-2295-1:07B34", "DEBIAN:DSA-2297-1:5713C"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:11874", "SECURITYVULNS:DOC:26883"], "type": "securityvulns"}, {"idList": ["834591A9-C82F-11E0-897D-6C626DD55A41"], "type": "freebsd"}, {"idList": ["SSV:20867"], "type": "seebug"}, {"idList": ["CESA-2011:1164"], "type": "centos"}, {"idList": ["OPENVAS:1361412562310863443", "OPENVAS:863443", "OPENVAS:1361412562310840777", "OPENVAS:1361412562310863440", "OPENVAS:863424", "OPENVAS:840777", "OPENVAS:1361412562310840723", "OPENVAS:1361412562310840724", "OPENVAS:840724", "OPENVAS:840723"], "type": "openvas"}, {"idList": ["ORACLELINUX_ELSA-2011-1166.NASL", "SUSE_11_3_SEAMONKEY-110819.NASL", "UBUNTU_USN-1192-2.NASL", "SEAMONKEY_23.NASL", "MOZILLA_THUNDERBIRD_60.NASL", "UBUNTU_USN-1192-3.NASL", "SUSE_11_4_MOZILLAFIREFOX-110819.NASL", "MOZILLA_FIREFOX_60.NASL", "FREEBSD_PKG_834591A9C82F11E0897D6C626DD55A41.NASL", "UBUNTU_USN-1192-1.NASL"], "type": "nessus"}, {"idList": ["RHSA-2011:1164", "RHSA-2011:1166"], "type": "redhat"}, {"idList": ["ELSA-2011-1166", "ELSA-2011-1164"], "type": "oraclelinux"}, {"idList": ["CVE-2011-2993", "CVE-2011-2986", "CVE-2011-2990", "CVE-2011-2989", "CVE-2011-0084", "CVE-2011-2992", "CVE-2011-2988", "CVE-2011-2985", "CVE-2011-2987", "CVE-2011-2991"], "type": "cve"}]}, "score": {"value": 10.0, "vector": "NONE"}}, "hash": "72826c640de44e83cbf3ed948f5097e999ecd715b780fef4cbb04abf53f9d790", "hashmap": [{"hash": "70a9b2c19470ad133f7baf702d66ea8a", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e145933baf60ff34e77ad35c77d74478", "key": "modified"}, {"hash": "778cedf558783a5667ff2da3835ce04c", "key": "title"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "4f6a5e3c9fe06c5f526bb15c5e4d0f76", "key": "href"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e571ca4f779389af29ee66c346b773c6", "key": "sourceData"}, {"hash": "e8ee0be18e0147dfee3d1ff039416c74", "key": "description"}, {"hash": "2c6e7bf0ceef79ad323ad36c03ac74db", "key": "cvelist"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "caacbb90a5147e5efb3ff4ec965f90da", "key": "references"}, {"hash": "32cd7a38abfd5a4d1742970e1f0baf31", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=76020", "id": "SUSE_11_4_SEAMONKEY-110819.NASL", "lastseen": "2019-01-16T20:19:10", "modified": "2018-11-20T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "76020", "published": "2014-06-13T00:00:00", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2011-33/", "https://bugzilla.novell.com/show_bug.cgi?id=712224", "https://lists.opensuse.org/opensuse-updates/2011-08/msg00039.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-5024.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76020);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/20 11:04:17\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2985\", \"CVE-2011-2986\", \"CVE-2011-2987\", \"CVE-2011-2988\", \"CVE-2011-2989\", \"CVE-2011-2990\", \"CVE-2011-2991\", \"CVE-2011-2992\", \"CVE-2011-2993\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)\");\n script_summary(english:\"Check for the seamonkey-5024 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey suite was updated to version 2.3.\n\nThe update fixes bugs and security issues. Following security issues\nwere fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla\nFoundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation\nSecurity Advisory 2011-33\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Miscellaneous\nmemory safety hazards (rv:4.0) Mozilla identified and fixed several\nmemory safety bugs in the browser engine used in SeaMonkey 2.2 and\nother Mozilla-based products. Some of these bugs showed evidence of\nmemory corruption under certain circumstances, and we presume that\nwith enough effort at least some of these could be exploited to run\narbitrary code.\n\nAral Yaman reported a WebGL crash which affected SeaMonkey 2.2.\n(CVE-2011-2989)\n\nVivekanand Bolajwar reported a JavaScript crash which affected\nSeaMonkey 2.2. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg\nreader which affected SeaMonkey 2.2. (CVE-2011-2992)\n\nMozilla developers and community members Robert Kaiser, Jesse\nRuderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn\nWargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory\nsafety issues which affected SeaMonkey 2.2. (CVE-2011-2985)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Unsigned scripts\ncan call script inside signed JAR\n\nRafael Gieschke reported that unsigned JavaScript could call into\nscript inside a signed JAR thereby inheriting the identity of the site\nthat signed the JAR as well as any permissions that a user had granted\nthe signed JAR. (CVE-2011-2993)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 String crash using\nWebGL shaders\n\nMichael Jordon of Context IS reported that an overly long shader\nprogram could cause a buffer overrun and crash in a string class used\nto store the shader source code. (CVE-2011-2988)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Heap overflow in\nANGLE library\n\nMichael Jordon of Context IS reported a potentially exploitable heap\noverflow in the ANGLE library used by Mozilla's WebGL implementation.\n(CVE-2011-2987)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Crash in\nSVGTextElement.getCharNumAtPosition()\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day\nInitiative that a SVG text manipulation routine contained a dangling\npointer vulnerability. (CVE-2011-0084)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Credential leakage\nusing Content Security Policy reports\n\nMike Cardwell reported that Content Security Policy violation reports\nfailed to strip out proxy authorization credentials from the list of\nrequest headers. Daniel Veditz reported that redirecting to a website\nwith Content Security Policy resulted in the incorrect resolution of\nhosts in the constructed policy. (CVE-2011-2990)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Cross-origin data\ntheft using canvas and Windows D2D\n\nnasalislarvatus3000 reported that when using Windows D2D hardware\nacceleration, image data from one domain could be inserted into a\ncanvas and read by a different domain. (CVE-2011-2986)\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-33.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00039.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debuginfo-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debugsource-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-dom-inspector-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-irc-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-common-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-other-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-venkman-2.3-2.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "title": "openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 8, "lastseen": "2019-01-16T20:19:10"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey"], "cvelist": ["CVE-2011-2993", "CVE-2011-2986", "CVE-2011-2990", "CVE-2011-2989", "CVE-2011-0084", "CVE-2011-2992", "CVE-2011-2988", "CVE-2011-2985", "CVE-2011-2987", "CVE-2011-2991"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Mozilla SeaMonkey suite was updated to version 2.3.\n\nThe update fixes bugs and security issues. Following security issues were fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla Foundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation Security Advisory 2011-33\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Miscellaneous memory safety hazards (rv:4.0) Mozilla identified and fixed several memory safety bugs in the browser engine used in SeaMonkey 2.2 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.\n\nAral Yaman reported a WebGL crash which affected SeaMonkey 2.2.\n(CVE-2011-2989)\n\nVivekanand Bolajwar reported a JavaScript crash which affected SeaMonkey 2.2. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg reader which affected SeaMonkey 2.2. (CVE-2011-2992)\n\nMozilla developers and community members Robert Kaiser, Jesse Ruderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory safety issues which affected SeaMonkey 2.2. (CVE-2011-2985)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Unsigned scripts can call script inside signed JAR\n\nRafael Gieschke reported that unsigned JavaScript could call into script inside a signed JAR thereby inheriting the identity of the site that signed the JAR as well as any permissions that a user had granted the signed JAR. (CVE-2011-2993)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 String crash using WebGL shaders\n\nMichael Jordon of Context IS reported that an overly long shader program could cause a buffer overrun and crash in a string class used to store the shader source code. (CVE-2011-2988)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Heap overflow in ANGLE library\n\nMichael Jordon of Context IS reported a potentially exploitable heap overflow in the ANGLE library used by Mozilla's WebGL implementation.\n(CVE-2011-2987)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Crash in SVGTextElement.getCharNumAtPosition()\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day Initiative that a SVG text manipulation routine contained a dangling pointer vulnerability. (CVE-2011-0084)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Credential leakage using Content Security Policy reports\n\nMike Cardwell reported that Content Security Policy violation reports failed to strip out proxy authorization credentials from the list of request headers. Daniel Veditz reported that redirecting to a website with Content Security Policy resulted in the incorrect resolution of hosts in the constructed policy. (CVE-2011-2990)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Cross-origin data theft using canvas and Windows D2D\n\nnasalislarvatus3000 reported that when using Windows D2D hardware acceleration, image data from one domain could be inserted into a canvas and read by a different domain. (CVE-2011-2986)", "edition": 4, "enchantments": {"score": {"value": 10.0, "vector": "NONE"}}, "hash": "c5e98fb236fda64af49d535a6f89b99a5607d40405fdd0128a3a1d8feabc7cd0", "hashmap": [{"hash": "70a9b2c19470ad133f7baf702d66ea8a", "key": "cpe"}, {"hash": "8d36d556f1501ef2b45f3c9484a454d6", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "778cedf558783a5667ff2da3835ce04c", "key": "title"}, {"hash": "4f6a5e3c9fe06c5f526bb15c5e4d0f76", "key": "href"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "2c6e7bf0ceef79ad323ad36c03ac74db", "key": "cvelist"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "1865261413c3db59730e6f4c15d45b87", "key": "modified"}, {"hash": "32cd7a38abfd5a4d1742970e1f0baf31", "key": "pluginID"}, {"hash": "1d7d879cdef5ec9b0da5ebf52913646b", "key": "references"}, {"hash": "d35d7c6ea474c84177ab997c5470eefe", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=76020", "id": "SUSE_11_4_SEAMONKEY-110819.NASL", "lastseen": "2018-08-30T19:36:31", "modified": "2018-08-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "76020", "published": "2014-06-13T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=712224", "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html", "http://lists.opensuse.org/opensuse-updates/2011-08/msg00039.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-5024.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76020);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/08/13 14:32:39\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2985\", \"CVE-2011-2986\", \"CVE-2011-2987\", \"CVE-2011-2988\", \"CVE-2011-2989\", \"CVE-2011-2990\", \"CVE-2011-2991\", \"CVE-2011-2992\", \"CVE-2011-2993\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)\");\n script_summary(english:\"Check for the seamonkey-5024 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey suite was updated to version 2.3.\n\nThe update fixes bugs and security issues. Following security issues\nwere fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla\nFoundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation\nSecurity Advisory 2011-33\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Miscellaneous\nmemory safety hazards (rv:4.0) Mozilla identified and fixed several\nmemory safety bugs in the browser engine used in SeaMonkey 2.2 and\nother Mozilla-based products. Some of these bugs showed evidence of\nmemory corruption under certain circumstances, and we presume that\nwith enough effort at least some of these could be exploited to run\narbitrary code.\n\nAral Yaman reported a WebGL crash which affected SeaMonkey 2.2.\n(CVE-2011-2989)\n\nVivekanand Bolajwar reported a JavaScript crash which affected\nSeaMonkey 2.2. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg\nreader which affected SeaMonkey 2.2. (CVE-2011-2992)\n\nMozilla developers and community members Robert Kaiser, Jesse\nRuderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn\nWargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory\nsafety issues which affected SeaMonkey 2.2. (CVE-2011-2985)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Unsigned scripts\ncan call script inside signed JAR\n\nRafael Gieschke reported that unsigned JavaScript could call into\nscript inside a signed JAR thereby inheriting the identity of the site\nthat signed the JAR as well as any permissions that a user had granted\nthe signed JAR. (CVE-2011-2993)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 String crash using\nWebGL shaders\n\nMichael Jordon of Context IS reported that an overly long shader\nprogram could cause a buffer overrun and crash in a string class used\nto store the shader source code. (CVE-2011-2988)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Heap overflow in\nANGLE library\n\nMichael Jordon of Context IS reported a potentially exploitable heap\noverflow in the ANGLE library used by Mozilla's WebGL implementation.\n(CVE-2011-2987)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Crash in\nSVGTextElement.getCharNumAtPosition()\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day\nInitiative that a SVG text manipulation routine contained a dangling\npointer vulnerability. (CVE-2011-0084)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Credential leakage\nusing Content Security Policy reports\n\nMike Cardwell reported that Content Security Policy violation reports\nfailed to strip out proxy authorization credentials from the list of\nrequest headers. Daniel Veditz reported that redirecting to a website\nwith Content Security Policy resulted in the incorrect resolution of\nhosts in the constructed policy. (CVE-2011-2990)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Cross-origin data\ntheft using canvas and Windows D2D\n\nnasalislarvatus3000 reported that when using Windows D2D hardware\nacceleration, image data from one domain could be inserted into a\ncanvas and read by a different domain. (CVE-2011-2986)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2011-08/msg00039.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-33.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712224\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debuginfo-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debugsource-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-dom-inspector-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-irc-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-common-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-other-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-venkman-2.3-2.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "title": "openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:36:31"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey"], "cvelist": ["CVE-2011-2993", "CVE-2011-2986", "CVE-2011-2990", "CVE-2011-2989", "CVE-2011-0084", "CVE-2011-2992", "CVE-2011-2988", "CVE-2011-2985", "CVE-2011-2987", "CVE-2011-2991"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Mozilla SeaMonkey suite was updated to version 2.3.\n\nThe update fixes bugs and security issues. Following security issues were fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla Foundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation Security Advisory 2011-33\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Miscellaneous memory safety hazards (rv:4.0) Mozilla identified and fixed several memory safety bugs in the browser engine used in SeaMonkey 2.2 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.\n\nAral Yaman reported a WebGL crash which affected SeaMonkey 2.2.\n(CVE-2011-2989)\n\nVivekanand Bolajwar reported a JavaScript crash which affected SeaMonkey 2.2. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg reader which affected SeaMonkey 2.2. (CVE-2011-2992)\n\nMozilla developers and community members Robert Kaiser, Jesse Ruderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory safety issues which affected SeaMonkey 2.2. (CVE-2011-2985)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Unsigned scripts can call script inside signed JAR\n\nRafael Gieschke reported that unsigned JavaScript could call into script inside a signed JAR thereby inheriting the identity of the site that signed the JAR as well as any permissions that a user had granted the signed JAR. (CVE-2011-2993)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 String crash using WebGL shaders\n\nMichael Jordon of Context IS reported that an overly long shader program could cause a buffer overrun and crash in a string class used to store the shader source code. (CVE-2011-2988)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Heap overflow in ANGLE library\n\nMichael Jordon of Context IS reported a potentially exploitable heap overflow in the ANGLE library used by Mozilla's WebGL implementation.\n(CVE-2011-2987)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Crash in SVGTextElement.getCharNumAtPosition()\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day Initiative that a SVG text manipulation routine contained a dangling pointer vulnerability. (CVE-2011-0084)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Credential leakage using Content Security Policy reports\n\nMike Cardwell reported that Content Security Policy violation reports failed to strip out proxy authorization credentials from the list of request headers. Daniel Veditz reported that redirecting to a website with Content Security Policy resulted in the incorrect resolution of hosts in the constructed policy. (CVE-2011-2990)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Cross-origin data theft using canvas and Windows D2D\n\nnasalislarvatus3000 reported that when using Windows D2D hardware acceleration, image data from one domain could be inserted into a canvas and read by a different domain. (CVE-2011-2986)", "edition": 6, "enchantments": {"score": {"value": 10.0, "vector": "NONE"}}, "hash": "4004016bdd8510590074914733a91622c4882cc18cdb21b81fab76812c41c143", "hashmap": [{"hash": "70a9b2c19470ad133f7baf702d66ea8a", "key": "cpe"}, {"hash": "8d36d556f1501ef2b45f3c9484a454d6", "key": "description"}, {"hash": "c54060ec61af47ff0cce5ca9500b509f", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "778cedf558783a5667ff2da3835ce04c", "key": "title"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "4f6a5e3c9fe06c5f526bb15c5e4d0f76", "key": "href"}, {"hash": "1fbd5461488d444c6e97017844ac27ec", "key": "sourceData"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "2c6e7bf0ceef79ad323ad36c03ac74db", "key": "cvelist"}, {"hash": "3c764d4cf584f9ded7aa4dcca57c78ff", "key": "modified"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "32cd7a38abfd5a4d1742970e1f0baf31", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=76020", "id": "SUSE_11_4_SEAMONKEY-110819.NASL", "lastseen": "2018-11-13T16:50:25", "modified": "2018-11-10T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "76020", "published": "2014-06-13T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=712224", "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html", "https://lists.opensuse.org/opensuse-updates/2011-08/msg00039.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-5024.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76020);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/10 11:50:00\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2985\", \"CVE-2011-2986\", \"CVE-2011-2987\", \"CVE-2011-2988\", \"CVE-2011-2989\", \"CVE-2011-2990\", \"CVE-2011-2991\", \"CVE-2011-2992\", \"CVE-2011-2993\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)\");\n script_summary(english:\"Check for the seamonkey-5024 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey suite was updated to version 2.3.\n\nThe update fixes bugs and security issues. Following security issues\nwere fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla\nFoundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation\nSecurity Advisory 2011-33\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Miscellaneous\nmemory safety hazards (rv:4.0) Mozilla identified and fixed several\nmemory safety bugs in the browser engine used in SeaMonkey 2.2 and\nother Mozilla-based products. Some of these bugs showed evidence of\nmemory corruption under certain circumstances, and we presume that\nwith enough effort at least some of these could be exploited to run\narbitrary code.\n\nAral Yaman reported a WebGL crash which affected SeaMonkey 2.2.\n(CVE-2011-2989)\n\nVivekanand Bolajwar reported a JavaScript crash which affected\nSeaMonkey 2.2. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg\nreader which affected SeaMonkey 2.2. (CVE-2011-2992)\n\nMozilla developers and community members Robert Kaiser, Jesse\nRuderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn\nWargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory\nsafety issues which affected SeaMonkey 2.2. (CVE-2011-2985)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Unsigned scripts\ncan call script inside signed JAR\n\nRafael Gieschke reported that unsigned JavaScript could call into\nscript inside a signed JAR thereby inheriting the identity of the site\nthat signed the JAR as well as any permissions that a user had granted\nthe signed JAR. (CVE-2011-2993)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 String crash using\nWebGL shaders\n\nMichael Jordon of Context IS reported that an overly long shader\nprogram could cause a buffer overrun and crash in a string class used\nto store the shader source code. (CVE-2011-2988)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Heap overflow in\nANGLE library\n\nMichael Jordon of Context IS reported a potentially exploitable heap\noverflow in the ANGLE library used by Mozilla's WebGL implementation.\n(CVE-2011-2987)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Crash in\nSVGTextElement.getCharNumAtPosition()\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day\nInitiative that a SVG text manipulation routine contained a dangling\npointer vulnerability. (CVE-2011-0084)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Credential leakage\nusing Content Security Policy reports\n\nMike Cardwell reported that Content Security Policy violation reports\nfailed to strip out proxy authorization credentials from the list of\nrequest headers. Daniel Veditz reported that redirecting to a website\nwith Content Security Policy resulted in the incorrect resolution of\nhosts in the constructed policy. (CVE-2011-2990)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Cross-origin data\ntheft using canvas and Windows D2D\n\nnasalislarvatus3000 reported that when using Windows D2D hardware\nacceleration, image data from one domain could be inserted into a\ncanvas and read by a different domain. (CVE-2011-2986)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-33.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00039.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debuginfo-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debugsource-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-dom-inspector-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-irc-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-common-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-other-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-venkman-2.3-2.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "title": "openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["references", "modified", "sourceData"], "edition": 6, "lastseen": "2018-11-13T16:50:25"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey"], "cvelist": ["CVE-2011-2993", "CVE-2011-2986", "CVE-2011-2990", "CVE-2011-2989", "CVE-2011-0084", "CVE-2011-2992", "CVE-2011-2988", "CVE-2011-2985", "CVE-2011-2987", "CVE-2011-2991"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Mozilla SeaMonkey suite was updated to version 2.3.\n\nThe update fixes bugs and security issues. Following security issues were fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla Foundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation Security Advisory 2011-33\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Miscellaneous memory safety hazards (rv:4.0) Mozilla identified and fixed several memory safety bugs in the browser engine used in SeaMonkey 2.2 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.\n\nAral Yaman reported a WebGL crash which affected SeaMonkey 2.2.\n(CVE-2011-2989)\n\nVivekanand Bolajwar reported a JavaScript crash which affected SeaMonkey 2.2. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg reader which affected SeaMonkey 2.2. (CVE-2011-2992)\n\nMozilla developers and community members Robert Kaiser, Jesse Ruderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory safety issues which affected SeaMonkey 2.2. (CVE-2011-2985)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Unsigned scripts can call script inside signed JAR\n\nRafael Gieschke reported that unsigned JavaScript could call into script inside a signed JAR thereby inheriting the identity of the site that signed the JAR as well as any permissions that a user had granted the signed JAR. (CVE-2011-2993)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 String crash using WebGL shaders\n\nMichael Jordon of Context IS reported that an overly long shader program could cause a buffer overrun and crash in a string class used to store the shader source code. (CVE-2011-2988)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Heap overflow in ANGLE library\n\nMichael Jordon of Context IS reported a potentially exploitable heap overflow in the ANGLE library used by Mozilla's WebGL implementation.\n(CVE-2011-2987)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Crash in SVGTextElement.getCharNumAtPosition()\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day Initiative that a SVG text manipulation routine contained a dangling pointer vulnerability. (CVE-2011-0084)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Credential leakage using Content Security Policy reports\n\nMike Cardwell reported that Content Security Policy violation reports failed to strip out proxy authorization credentials from the list of request headers. Daniel Veditz reported that redirecting to a website with Content Security Policy resulted in the incorrect resolution of hosts in the constructed policy. (CVE-2011-2990)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Cross-origin data theft using canvas and Windows D2D\n\nnasalislarvatus3000 reported that when using Windows D2D hardware acceleration, image data from one domain could be inserted into a canvas and read by a different domain. (CVE-2011-2986)", "edition": 7, "enchantments": {"score": {"value": 10.0, "vector": "NONE"}}, "hash": "23794e3e126a581234e296e5f7b95bbd45e2136853416c926c231dc47756c56c", "hashmap": [{"hash": "70a9b2c19470ad133f7baf702d66ea8a", "key": "cpe"}, {"hash": "8d36d556f1501ef2b45f3c9484a454d6", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e145933baf60ff34e77ad35c77d74478", "key": "modified"}, {"hash": "778cedf558783a5667ff2da3835ce04c", "key": "title"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "4f6a5e3c9fe06c5f526bb15c5e4d0f76", "key": "href"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e571ca4f779389af29ee66c346b773c6", "key": "sourceData"}, {"hash": "2c6e7bf0ceef79ad323ad36c03ac74db", "key": "cvelist"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "caacbb90a5147e5efb3ff4ec965f90da", "key": "references"}, {"hash": "32cd7a38abfd5a4d1742970e1f0baf31", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=76020", "id": "SUSE_11_4_SEAMONKEY-110819.NASL", "lastseen": "2018-11-21T05:42:37", "modified": "2018-11-20T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "76020", "published": "2014-06-13T00:00:00", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2011-33/", "https://bugzilla.novell.com/show_bug.cgi?id=712224", "https://lists.opensuse.org/opensuse-updates/2011-08/msg00039.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-5024.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76020);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/20 11:04:17\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2985\", \"CVE-2011-2986\", \"CVE-2011-2987\", \"CVE-2011-2988\", \"CVE-2011-2989\", \"CVE-2011-2990\", \"CVE-2011-2991\", \"CVE-2011-2992\", \"CVE-2011-2993\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)\");\n script_summary(english:\"Check for the seamonkey-5024 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey suite was updated to version 2.3.\n\nThe update fixes bugs and security issues. Following security issues\nwere fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla\nFoundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation\nSecurity Advisory 2011-33\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Miscellaneous\nmemory safety hazards (rv:4.0) Mozilla identified and fixed several\nmemory safety bugs in the browser engine used in SeaMonkey 2.2 and\nother Mozilla-based products. Some of these bugs showed evidence of\nmemory corruption under certain circumstances, and we presume that\nwith enough effort at least some of these could be exploited to run\narbitrary code.\n\nAral Yaman reported a WebGL crash which affected SeaMonkey 2.2.\n(CVE-2011-2989)\n\nVivekanand Bolajwar reported a JavaScript crash which affected\nSeaMonkey 2.2. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg\nreader which affected SeaMonkey 2.2. (CVE-2011-2992)\n\nMozilla developers and community members Robert Kaiser, Jesse\nRuderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn\nWargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory\nsafety issues which affected SeaMonkey 2.2. (CVE-2011-2985)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Unsigned scripts\ncan call script inside signed JAR\n\nRafael Gieschke reported that unsigned JavaScript could call into\nscript inside a signed JAR thereby inheriting the identity of the site\nthat signed the JAR as well as any permissions that a user had granted\nthe signed JAR. (CVE-2011-2993)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 String crash using\nWebGL shaders\n\nMichael Jordon of Context IS reported that an overly long shader\nprogram could cause a buffer overrun and crash in a string class used\nto store the shader source code. (CVE-2011-2988)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Heap overflow in\nANGLE library\n\nMichael Jordon of Context IS reported a potentially exploitable heap\noverflow in the ANGLE library used by Mozilla's WebGL implementation.\n(CVE-2011-2987)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Crash in\nSVGTextElement.getCharNumAtPosition()\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day\nInitiative that a SVG text manipulation routine contained a dangling\npointer vulnerability. (CVE-2011-0084)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Credential leakage\nusing Content Security Policy reports\n\nMike Cardwell reported that Content Security Policy violation reports\nfailed to strip out proxy authorization credentials from the list of\nrequest headers. Daniel Veditz reported that redirecting to a website\nwith Content Security Policy resulted in the incorrect resolution of\nhosts in the constructed policy. (CVE-2011-2990)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Cross-origin data\ntheft using canvas and Windows D2D\n\nnasalislarvatus3000 reported that when using Windows D2D hardware\nacceleration, image data from one domain could be inserted into a\ncanvas and read by a different domain. (CVE-2011-2986)\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-33.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00039.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debuginfo-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debugsource-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-dom-inspector-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-irc-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-common-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-other-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-venkman-2.3-2.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "title": "openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 7, "lastseen": "2018-11-21T05:42:37"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2011-2993", "CVE-2011-2986", "CVE-2011-2990", "CVE-2011-2989", "CVE-2011-0084", "CVE-2011-2992", "CVE-2011-2988", "CVE-2011-2985", "CVE-2011-2987", "CVE-2011-2991"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Mozilla SeaMonkey suite was updated to version 2.3.\n\nThe update fixes bugs and security issues. Following security issues were fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla Foundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation Security Advisory 2011-33\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Miscellaneous memory safety hazards (rv:4.0) Mozilla identified and fixed several memory safety bugs in the browser engine used in SeaMonkey 2.2 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.\n\nAral Yaman reported a WebGL crash which affected SeaMonkey 2.2.\n(CVE-2011-2989)\n\nVivekanand Bolajwar reported a JavaScript crash which affected SeaMonkey 2.2. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg reader which affected SeaMonkey 2.2. (CVE-2011-2992)\n\nMozilla developers and community members Robert Kaiser, Jesse Ruderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory safety issues which affected SeaMonkey 2.2. (CVE-2011-2985)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Unsigned scripts can call script inside signed JAR\n\nRafael Gieschke reported that unsigned JavaScript could call into script inside a signed JAR thereby inheriting the identity of the site that signed the JAR as well as any permissions that a user had granted the signed JAR. (CVE-2011-2993)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 String crash using WebGL shaders\n\nMichael Jordon of Context IS reported that an overly long shader program could cause a buffer overrun and crash in a string class used to store the shader source code. (CVE-2011-2988)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Heap overflow in ANGLE library\n\nMichael Jordon of Context IS reported a potentially exploitable heap overflow in the ANGLE library used by Mozilla's WebGL implementation.\n(CVE-2011-2987)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Crash in SVGTextElement.getCharNumAtPosition()\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day Initiative that a SVG text manipulation routine contained a dangling pointer vulnerability. (CVE-2011-0084)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Credential leakage using Content Security Policy reports\n\nMike Cardwell reported that Content Security Policy violation reports failed to strip out proxy authorization credentials from the list of request headers. Daniel Veditz reported that redirecting to a website with Content Security Policy resulted in the incorrect resolution of hosts in the constructed policy. (CVE-2011-2990)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Cross-origin data theft using canvas and Windows D2D\n\nnasalislarvatus3000 reported that when using Windows D2D hardware acceleration, image data from one domain could be inserted into a canvas and read by a different domain. (CVE-2011-2986)", "edition": 1, "enchantments": {}, "hash": "0e16e25e172e0378ac00a579b22f9d977814a07eb2a7f77af2a783d7301d4f9f", "hashmap": [{"hash": "8d36d556f1501ef2b45f3c9484a454d6", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "778cedf558783a5667ff2da3835ce04c", "key": "title"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "4f6a5e3c9fe06c5f526bb15c5e4d0f76", "key": "href"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "db07b8b69518d53ffda09cc1bfbc4d63", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "2c6e7bf0ceef79ad323ad36c03ac74db", "key": "cvelist"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "c2ba3d2c2c7bd6dac08668eb28367f25", "key": "modified"}, {"hash": "32cd7a38abfd5a4d1742970e1f0baf31", "key": "pluginID"}, {"hash": "1d7d879cdef5ec9b0da5ebf52913646b", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=76020", "id": "SUSE_11_4_SEAMONKEY-110819.NASL", "lastseen": "2016-09-26T17:24:09", "modified": "2014-08-21T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.2", "pluginID": "76020", "published": "2014-06-13T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=712224", "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html", "http://lists.opensuse.org/opensuse-updates/2011-08/msg00039.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-5024.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76020);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2014/08/21 14:35:38 $\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2985\", \"CVE-2011-2986\", \"CVE-2011-2987\", \"CVE-2011-2988\", \"CVE-2011-2989\", \"CVE-2011-2990\", \"CVE-2011-2991\", \"CVE-2011-2992\", \"CVE-2011-2993\");\n script_osvdb_id(74581, 74588, 74589, 74590, 74591, 74592, 74593, 74594, 74595, 74596);\n\n script_name(english:\"openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)\");\n script_summary(english:\"Check for the seamonkey-5024 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey suite was updated to version 2.3.\n\nThe update fixes bugs and security issues. Following security issues\nwere fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla\nFoundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation\nSecurity Advisory 2011-33\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Miscellaneous\nmemory safety hazards (rv:4.0) Mozilla identified and fixed several\nmemory safety bugs in the browser engine used in SeaMonkey 2.2 and\nother Mozilla-based products. Some of these bugs showed evidence of\nmemory corruption under certain circumstances, and we presume that\nwith enough effort at least some of these could be exploited to run\narbitrary code.\n\nAral Yaman reported a WebGL crash which affected SeaMonkey 2.2.\n(CVE-2011-2989)\n\nVivekanand Bolajwar reported a JavaScript crash which affected\nSeaMonkey 2.2. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg\nreader which affected SeaMonkey 2.2. (CVE-2011-2992)\n\nMozilla developers and community members Robert Kaiser, Jesse\nRuderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn\nWargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory\nsafety issues which affected SeaMonkey 2.2. (CVE-2011-2985)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Unsigned scripts\ncan call script inside signed JAR\n\nRafael Gieschke reported that unsigned JavaScript could call into\nscript inside a signed JAR thereby inheriting the identity of the site\nthat signed the JAR as well as any permissions that a user had granted\nthe signed JAR. (CVE-2011-2993)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 String crash using\nWebGL shaders\n\nMichael Jordon of Context IS reported that an overly long shader\nprogram could cause a buffer overrun and crash in a string class used\nto store the shader source code. (CVE-2011-2988)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Heap overflow in\nANGLE library\n\nMichael Jordon of Context IS reported a potentially exploitable heap\noverflow in the ANGLE library used by Mozilla's WebGL implementation.\n(CVE-2011-2987)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Crash in\nSVGTextElement.getCharNumAtPosition()\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day\nInitiative that a SVG text manipulation routine contained a dangling\npointer vulnerability. (CVE-2011-0084)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Credential leakage\nusing Content Security Policy reports\n\nMike Cardwell reported that Content Security Policy violation reports\nfailed to strip out proxy authorization credentials from the list of\nrequest headers. Daniel Veditz reported that redirecting to a website\nwith Content Security Policy resulted in the incorrect resolution of\nhosts in the constructed policy. (CVE-2011-2990)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Cross-origin data\ntheft using canvas and Windows D2D\n\nnasalislarvatus3000 reported that when using Windows D2D hardware\nacceleration, image data from one domain could be inserted into a\ncanvas and read by a different domain. (CVE-2011-2986)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2011-08/msg00039.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-33.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712224\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debuginfo-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debugsource-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-dom-inspector-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-irc-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-common-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-other-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-venkman-2.3-2.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "title": "openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:09"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey"], "cvelist": ["CVE-2011-2993", "CVE-2011-2986", "CVE-2011-2990", "CVE-2011-2989", "CVE-2011-0084", "CVE-2011-2992", "CVE-2011-2988", "CVE-2011-2985", "CVE-2011-2987", "CVE-2011-2991"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Mozilla SeaMonkey suite was updated to version 2.3.\n\nThe update fixes bugs and security issues. Following security issues were fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla Foundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation Security Advisory 2011-33\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Miscellaneous memory safety hazards (rv:4.0) Mozilla identified and fixed several memory safety bugs in the browser engine used in SeaMonkey 2.2 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.\n\nAral Yaman reported a WebGL crash which affected SeaMonkey 2.2.\n(CVE-2011-2989)\n\nVivekanand Bolajwar reported a JavaScript crash which affected SeaMonkey 2.2. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg reader which affected SeaMonkey 2.2. (CVE-2011-2992)\n\nMozilla developers and community members Robert Kaiser, Jesse Ruderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory safety issues which affected SeaMonkey 2.2. (CVE-2011-2985)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Unsigned scripts can call script inside signed JAR\n\nRafael Gieschke reported that unsigned JavaScript could call into script inside a signed JAR thereby inheriting the identity of the site that signed the JAR as well as any permissions that a user had granted the signed JAR. (CVE-2011-2993)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 String crash using WebGL shaders\n\nMichael Jordon of Context IS reported that an overly long shader program could cause a buffer overrun and crash in a string class used to store the shader source code. (CVE-2011-2988)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Heap overflow in ANGLE library\n\nMichael Jordon of Context IS reported a potentially exploitable heap overflow in the ANGLE library used by Mozilla's WebGL implementation.\n(CVE-2011-2987)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Crash in SVGTextElement.getCharNumAtPosition()\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day Initiative that a SVG text manipulation routine contained a dangling pointer vulnerability. (CVE-2011-0084)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Credential leakage using Content Security Policy reports\n\nMike Cardwell reported that Content Security Policy violation reports failed to strip out proxy authorization credentials from the list of request headers. Daniel Veditz reported that redirecting to a website with Content Security Policy resulted in the incorrect resolution of hosts in the constructed policy. (CVE-2011-2990)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Cross-origin data theft using canvas and Windows D2D\n\nnasalislarvatus3000 reported that when using Windows D2D hardware acceleration, image data from one domain could be inserted into a canvas and read by a different domain. (CVE-2011-2986)", "edition": 2, "enchantments": {"score": {"value": 10.0, "vector": "NONE"}}, "hash": "c2e20fb24b61fe9981539b7b335759be5d1188b128ab2367f17aac25e9c2e92e", "hashmap": [{"hash": "70a9b2c19470ad133f7baf702d66ea8a", "key": "cpe"}, {"hash": "8d36d556f1501ef2b45f3c9484a454d6", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "778cedf558783a5667ff2da3835ce04c", "key": "title"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "4f6a5e3c9fe06c5f526bb15c5e4d0f76", "key": "href"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "db07b8b69518d53ffda09cc1bfbc4d63", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "2c6e7bf0ceef79ad323ad36c03ac74db", "key": "cvelist"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "c2ba3d2c2c7bd6dac08668eb28367f25", "key": "modified"}, {"hash": "32cd7a38abfd5a4d1742970e1f0baf31", "key": "pluginID"}, {"hash": "1d7d879cdef5ec9b0da5ebf52913646b", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=76020", "id": "SUSE_11_4_SEAMONKEY-110819.NASL", "lastseen": "2017-10-29T13:36:37", "modified": "2014-08-21T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "76020", "published": "2014-06-13T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=712224", "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html", "http://lists.opensuse.org/opensuse-updates/2011-08/msg00039.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-5024.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76020);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2014/08/21 14:35:38 $\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2985\", \"CVE-2011-2986\", \"CVE-2011-2987\", \"CVE-2011-2988\", \"CVE-2011-2989\", \"CVE-2011-2990\", \"CVE-2011-2991\", \"CVE-2011-2992\", \"CVE-2011-2993\");\n script_osvdb_id(74581, 74588, 74589, 74590, 74591, 74592, 74593, 74594, 74595, 74596);\n\n script_name(english:\"openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)\");\n script_summary(english:\"Check for the seamonkey-5024 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey suite was updated to version 2.3.\n\nThe update fixes bugs and security issues. Following security issues\nwere fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla\nFoundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation\nSecurity Advisory 2011-33\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Miscellaneous\nmemory safety hazards (rv:4.0) Mozilla identified and fixed several\nmemory safety bugs in the browser engine used in SeaMonkey 2.2 and\nother Mozilla-based products. Some of these bugs showed evidence of\nmemory corruption under certain circumstances, and we presume that\nwith enough effort at least some of these could be exploited to run\narbitrary code.\n\nAral Yaman reported a WebGL crash which affected SeaMonkey 2.2.\n(CVE-2011-2989)\n\nVivekanand Bolajwar reported a JavaScript crash which affected\nSeaMonkey 2.2. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg\nreader which affected SeaMonkey 2.2. (CVE-2011-2992)\n\nMozilla developers and community members Robert Kaiser, Jesse\nRuderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn\nWargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory\nsafety issues which affected SeaMonkey 2.2. (CVE-2011-2985)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Unsigned scripts\ncan call script inside signed JAR\n\nRafael Gieschke reported that unsigned JavaScript could call into\nscript inside a signed JAR thereby inheriting the identity of the site\nthat signed the JAR as well as any permissions that a user had granted\nthe signed JAR. (CVE-2011-2993)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 String crash using\nWebGL shaders\n\nMichael Jordon of Context IS reported that an overly long shader\nprogram could cause a buffer overrun and crash in a string class used\nto store the shader source code. (CVE-2011-2988)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Heap overflow in\nANGLE library\n\nMichael Jordon of Context IS reported a potentially exploitable heap\noverflow in the ANGLE library used by Mozilla's WebGL implementation.\n(CVE-2011-2987)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Crash in\nSVGTextElement.getCharNumAtPosition()\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day\nInitiative that a SVG text manipulation routine contained a dangling\npointer vulnerability. (CVE-2011-0084)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Credential leakage\nusing Content Security Policy reports\n\nMike Cardwell reported that Content Security Policy violation reports\nfailed to strip out proxy authorization credentials from the list of\nrequest headers. Daniel Veditz reported that redirecting to a website\nwith Content Security Policy resulted in the incorrect resolution of\nhosts in the constructed policy. (CVE-2011-2990)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Cross-origin data\ntheft using canvas and Windows D2D\n\nnasalislarvatus3000 reported that when using Windows D2D hardware\nacceleration, image data from one domain could be inserted into a\ncanvas and read by a different domain. (CVE-2011-2986)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2011-08/msg00039.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-33.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712224\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debuginfo-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debugsource-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-dom-inspector-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-irc-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-common-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-other-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-venkman-2.3-2.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "title": "openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:36:37"}], "edition": 9, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "70a9b2c19470ad133f7baf702d66ea8a"}, {"key": "cvelist", "hash": "2c6e7bf0ceef79ad323ad36c03ac74db"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "8d36d556f1501ef2b45f3c9484a454d6"}, {"key": "href", "hash": "4f6a5e3c9fe06c5f526bb15c5e4d0f76"}, {"key": "modified", "hash": "e145933baf60ff34e77ad35c77d74478"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "32cd7a38abfd5a4d1742970e1f0baf31"}, {"key": "published", "hash": "02fcc0c238d215158fbaabb854c5b3df"}, {"key": "references", "hash": "caacbb90a5147e5efb3ff4ec965f90da"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "e571ca4f779389af29ee66c346b773c6"}, {"key": "title", "hash": "778cedf558783a5667ff2da3835ce04c"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "23794e3e126a581234e296e5f7b95bbd45e2136853416c926c231dc47756c56c", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:840724", "OPENVAS:1361412562310840724", "OPENVAS:1361412562310840777", "OPENVAS:1361412562310840723", "OPENVAS:840777", "OPENVAS:840723", "OPENVAS:1361412562310863443", "OPENVAS:863436", "OPENVAS:863437", "OPENVAS:863440"]}, {"type": "nessus", "idList": ["UBUNTU_USN-1192-1.NASL", "UBUNTU_USN-1192-3.NASL", "MOZILLA_FIREFOX_60.NASL", "SEAMONKEY_23.NASL", "UBUNTU_USN-1192-2.NASL", "MOZILLA_THUNDERBIRD_60.NASL", "SUSE_11_3_SEAMONKEY-110819.NASL", "SUSE_11_4_MOZILLAFIREFOX-110819.NASL", "FREEBSD_PKG_834591A9C82F11E0897D6C626DD55A41.NASL", "OPENSUSE-2012-254.NASL"]}, {"type": "ubuntu", "idList": ["USN-1192-1", "USN-1192-2", "USN-1192-3", "USN-1184-1"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2011:0957-2", "OPENSUSE-SU-2011:0957-1", "SUSE-SA:2011:037"]}, {"type": "cve", "idList": ["CVE-2011-2989", "CVE-2011-2986", "CVE-2011-2990", "CVE-2011-2987", "CVE-2011-2991", "CVE-2011-2988", "CVE-2011-2993", "CVE-2011-2992", "CVE-2011-2985", "CVE-2011-0084"]}, {"type": "freebsd", "idList": ["834591A9-C82F-11E0-897D-6C626DD55A41"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11874", "SECURITYVULNS:DOC:26883"]}, {"type": "seebug", "idList": ["SSV:20867"]}, {"type": "zdi", "idList": ["ZDI-11-270"]}, {"type": "redhat", "idList": ["RHSA-2011:1166", "RHSA-2011:1164"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1166"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2297-1:5713C", "DEBIAN:BSA-046:D9C0C", "DEBIAN:DSA-2295-1:07B34"]}, {"type": "centos", "idList": ["CESA-2011:1164"]}], "modified": "2019-02-21T01:21:53"}, "score": {"value": 9.9, "vector": "NONE", "modified": "2019-02-21T01:21:53"}, "vulnersScore": 9.9}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-5024.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76020);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/20 11:04:17\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2985\", \"CVE-2011-2986\", \"CVE-2011-2987\", \"CVE-2011-2988\", \"CVE-2011-2989\", \"CVE-2011-2990\", \"CVE-2011-2991\", \"CVE-2011-2992\", \"CVE-2011-2993\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)\");\n script_summary(english:\"Check for the seamonkey-5024 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey suite was updated to version 2.3.\n\nThe update fixes bugs and security issues. Following security issues\nwere fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla\nFoundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation\nSecurity Advisory 2011-33\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Miscellaneous\nmemory safety hazards (rv:4.0) Mozilla identified and fixed several\nmemory safety bugs in the browser engine used in SeaMonkey 2.2 and\nother Mozilla-based products. Some of these bugs showed evidence of\nmemory corruption under certain circumstances, and we presume that\nwith enough effort at least some of these could be exploited to run\narbitrary code.\n\nAral Yaman reported a WebGL crash which affected SeaMonkey 2.2.\n(CVE-2011-2989)\n\nVivekanand Bolajwar reported a JavaScript crash which affected\nSeaMonkey 2.2. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg\nreader which affected SeaMonkey 2.2. (CVE-2011-2992)\n\nMozilla developers and community members Robert Kaiser, Jesse\nRuderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn\nWargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory\nsafety issues which affected SeaMonkey 2.2. (CVE-2011-2985)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Unsigned scripts\ncan call script inside signed JAR\n\nRafael Gieschke reported that unsigned JavaScript could call into\nscript inside a signed JAR thereby inheriting the identity of the site\nthat signed the JAR as well as any permissions that a user had granted\nthe signed JAR. (CVE-2011-2993)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 String crash using\nWebGL shaders\n\nMichael Jordon of Context IS reported that an overly long shader\nprogram could cause a buffer overrun and crash in a string class used\nto store the shader source code. (CVE-2011-2988)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Heap overflow in\nANGLE library\n\nMichael Jordon of Context IS reported a potentially exploitable heap\noverflow in the ANGLE library used by Mozilla's WebGL implementation.\n(CVE-2011-2987)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Crash in\nSVGTextElement.getCharNumAtPosition()\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day\nInitiative that a SVG text manipulation routine contained a dangling\npointer vulnerability. (CVE-2011-0084)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Credential leakage\nusing Content Security Policy reports\n\nMike Cardwell reported that Content Security Policy violation reports\nfailed to strip out proxy authorization credentials from the list of\nrequest headers. Daniel Veditz reported that redirecting to a website\nwith Content Security Policy resulted in the incorrect resolution of\nhosts in the constructed policy. (CVE-2011-2990)\n\ndbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Cross-origin data\ntheft using canvas and Windows D2D\n\nnasalislarvatus3000 reported that when using Windows D2D hardware\nacceleration, image data from one domain could be inserted into a\ncanvas and read by a different domain. (CVE-2011-2986)\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-33.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00039.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debuginfo-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debugsource-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-dom-inspector-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-irc-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-common-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-other-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-venkman-2.3-2.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "76020", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey"], "scheme": null}

{"nessus": [{"lastseen": "2019-02-21T01:15:17", "bulletinFamily": "scanner", "description": "Aral Yaman discovered a vulnerability in the WebGL engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2989)\n\nVivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman discovered a vulnerability in the Ogg reader. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2991)\n\nRobert Kaiser, Jesse Ruderman, Gary Kwong, Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob Clary, and Jonathan Watt discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2985)\n\nRafael Gieschke discovered that unsigned JavaScript could call into a script inside a signed JAR. This could allow an attacker to execute arbitrary code with the identity and permissions of the signed JAR.\n(CVE-2011-2993)\n\nMichael Jordon discovered that an overly long shader program could cause a buffer overrun. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2988)\n\nMichael Jordon discovered a heap overflow in the ANGLE library used in Firefox's WebGL implementation. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2987)\n\nIt was discovered that an SVG text manipulation routine contained a dangling pointer vulnerability. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-0084)\n\nMike Cardwell discovered that Content Security Policy violation reports failed to strip out proxy authorization credentials from the list of request headers. This could allow a malicious website to capture proxy authorization credentials. Daniel Veditz discovered that redirecting to a website with Content Security Policy resulted in the incorrect resolution of hosts in the constructed policy. This could allow a malicious website to circumvent the Content Security Policy of another website. (CVE-2011-2990).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-1192-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55898", "published": "2011-08-18T00:00:00", "title": "Ubuntu 11.04 : firefox vulnerabilities (USN-1192-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1192-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55898);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/12/01 13:19:06\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2985\", \"CVE-2011-2987\", \"CVE-2011-2988\", \"CVE-2011-2989\", \"CVE-2011-2990\", \"CVE-2011-2991\", \"CVE-2011-2992\", \"CVE-2011-2993\");\n script_xref(name:\"USN\", value:\"1192-1\");\n\n script_name(english:\"Ubuntu 11.04 : firefox vulnerabilities (USN-1192-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Aral Yaman discovered a vulnerability in the WebGL engine. An attacker\ncould potentially use this to crash Firefox or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2011-2989)\n\nVivekanand Bolajwar discovered a vulnerability in the JavaScript\nengine. An attacker could potentially use this to crash Firefox or\nexecute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman discovered a vulnerability in the Ogg\nreader. An attacker could potentially use this to crash Firefox or\nexecute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2011-2991)\n\nRobert Kaiser, Jesse Ruderman, Gary Kwong, Christoph Diehl, Martijn\nWargers, Travis Emmitt, Bob Clary, and Jonathan Watt discovered\nmultiple memory vulnerabilities in the browser rendering engine. An\nattacker could use these to possibly execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2011-2985)\n\nRafael Gieschke discovered that unsigned JavaScript could call into a\nscript inside a signed JAR. This could allow an attacker to execute\narbitrary code with the identity and permissions of the signed JAR.\n(CVE-2011-2993)\n\nMichael Jordon discovered that an overly long shader program could\ncause a buffer overrun. An attacker could potentially use this to\ncrash Firefox or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2011-2988)\n\nMichael Jordon discovered a heap overflow in the ANGLE library used in\nFirefox's WebGL implementation. An attacker could potentially use this\nto crash Firefox or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2011-2987)\n\nIt was discovered that an SVG text manipulation routine contained a\ndangling pointer vulnerability. An attacker could potentially use this\nto crash Firefox or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2011-0084)\n\nMike Cardwell discovered that Content Security Policy violation\nreports failed to strip out proxy authorization credentials from the\nlist of request headers. This could allow a malicious website to\ncapture proxy authorization credentials. Daniel Veditz discovered that\nredirecting to a website with Content Security Policy resulted in the\nincorrect resolution of hosts in the constructed policy. This could\nallow a malicious website to circumvent the Content Security Policy of\nanother website. (CVE-2011-2990).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1192-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"firefox\", pkgver:\"6.0+build1+nobinonly-0ubuntu0.11.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:15:32", "bulletinFamily": "scanner", "description": "USN-1192-1 provided Firefox 6 as a security upgrade. Unfortunately, this caused a regression in libvoikko which caused Firefox to crash while spell checking words with hyphens. This update corrects the issue. We apologize for the inconvenience.\n\nAral Yaman discovered a vulnerability in the WebGL engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2989)\n\nVivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman discovered a vulnerability in the Ogg reader. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2991)\n\nRobert Kaiser, Jesse Ruderman, Gary Kwong, Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob Clary, and Jonathan Watt discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2985)\n\nRafael Gieschke discovered that unsigned JavaScript could call into a script inside a signed JAR. This could allow an attacker to execute arbitrary code with the identity and permissions of the signed JAR. (CVE-2011-2993)\n\nMichael Jordon discovered that an overly long shader program could cause a buffer overrun. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2988)\n\nMichael Jordon discovered a heap overflow in the ANGLE library used in Firefox's WebGL implementation. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2987)\n\nIt was discovered that an SVG text manipulation routine contained a dangling pointer vulnerability. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-0084)\n\nMike Cardwell discovered that Content Security Policy violation reports failed to strip out proxy authorization credentials from the list of request headers. This could allow a malicious website to capture proxy authorization credentials. Daniel Veditz discovered that redirecting to a website with Content Security Policy resulted in the incorrect resolution of hosts in the constructed policy.\nThis could allow a malicious website to circumvent the Content Security Policy of another website. (CVE-2011-2990).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-1192-3.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56562", "published": "2011-10-20T00:00:00", "title": "Ubuntu 11.04 : libvoikko regression (USN-1192-3)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1192-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56562);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/12/01 13:19:06\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2985\", \"CVE-2011-2987\", \"CVE-2011-2988\", \"CVE-2011-2989\", \"CVE-2011-2990\", \"CVE-2011-2991\", \"CVE-2011-2993\");\n script_bugtraq_id(49213, 49224, 49226, 49239, 49242, 49243, 49246, 49248);\n script_xref(name:\"USN\", value:\"1192-3\");\n\n script_name(english:\"Ubuntu 11.04 : libvoikko regression (USN-1192-3)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1192-1 provided Firefox 6 as a security upgrade. Unfortunately,\nthis caused a regression in libvoikko which caused Firefox to crash\nwhile spell checking words with hyphens. This update corrects the\nissue. We apologize for the inconvenience.\n\nAral Yaman discovered a vulnerability in the WebGL engine. An attacker\ncould potentially use this to crash Firefox or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2011-2989)\n\nVivekanand Bolajwar discovered a vulnerability in the\nJavaScript engine. An attacker could potentially use this to\ncrash Firefox or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman discovered a vulnerability in\nthe Ogg reader. An attacker could potentially use this to\ncrash Firefox or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2011-2991)\n\nRobert Kaiser, Jesse Ruderman, Gary Kwong, Christoph Diehl,\nMartijn Wargers, Travis Emmitt, Bob Clary, and Jonathan Watt\ndiscovered multiple memory vulnerabilities in the browser\nrendering engine. An attacker could use these to possibly\nexecute arbitrary code with the privileges of the user\ninvoking Firefox. (CVE-2011-2985)\n\nRafael Gieschke discovered that unsigned JavaScript could\ncall into a script inside a signed JAR. This could allow an\nattacker to execute arbitrary code with the identity and\npermissions of the signed JAR. (CVE-2011-2993)\n\nMichael Jordon discovered that an overly long shader program\ncould cause a buffer overrun. An attacker could potentially\nuse this to crash Firefox or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2011-2988)\n\nMichael Jordon discovered a heap overflow in the ANGLE\nlibrary used in Firefox's WebGL implementation. An attacker\ncould potentially use this to crash Firefox or execute\narbitrary code with the privileges of the user invoking\nFirefox. (CVE-2011-2987)\n\nIt was discovered that an SVG text manipulation routine\ncontained a dangling pointer vulnerability. An attacker\ncould potentially use this to crash Firefox or execute\narbitrary code with the privileges of the user invoking\nFirefox. (CVE-2011-0084)\n\nMike Cardwell discovered that Content Security Policy\nviolation reports failed to strip out proxy authorization\ncredentials from the list of request headers. This could\nallow a malicious website to capture proxy authorization\ncredentials. Daniel Veditz discovered that redirecting to a\nwebsite with Content Security Policy resulted in the\nincorrect resolution of hosts in the constructed policy.\nThis could allow a malicious website to circumvent the\nContent Security Policy of another website. (CVE-2011-2990).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1192-3/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvoikko1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvoikko1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libvoikko1\", pkgver:\"3.1-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvoikko1\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:15:17", "bulletinFamily": "scanner", "description": "USN-1192-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko for use with Firefox 6.\n\nAral Yaman discovered a vulnerability in the WebGL engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2989)\n\nVivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman discovered a vulnerability in the Ogg reader. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2991)\n\nRobert Kaiser, Jesse Ruderman, Gary Kwong, Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob Clary, and Jonathan Watt discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2985)\n\nRafael Gieschke discovered that unsigned JavaScript could call into a script inside a signed JAR. This could allow an attacker to execute arbitrary code with the identity and permissions of the signed JAR. (CVE-2011-2993)\n\nMichael Jordon discovered that an overly long shader program could cause a buffer overrun. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2988)\n\nMichael Jordon discovered a heap overflow in the ANGLE library used in Firefox's WebGL implementation. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2987)\n\nIt was discovered that an SVG text manipulation routine contained a dangling pointer vulnerability. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-0084)\n\nMike Cardwell discovered that Content Security Policy violation reports failed to strip out proxy authorization credentials from the list of request headers. This could allow a malicious website to capture proxy authorization credentials. Daniel Veditz discovered that redirecting to a website with Content Security Policy resulted in the incorrect resolution of hosts in the constructed policy.\nThis could allow a malicious website to circumvent the Content Security Policy of another website. (CVE-2011-2990).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-1192-2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55899", "published": "2011-08-18T00:00:00", "title": "Ubuntu 11.04 : mozvoikko update (USN-1192-2)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1192-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55899);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/12/01 13:19:06\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2985\", \"CVE-2011-2987\", \"CVE-2011-2988\", \"CVE-2011-2989\", \"CVE-2011-2990\", \"CVE-2011-2991\", \"CVE-2011-2993\");\n script_xref(name:\"USN\", value:\"1192-2\");\n\n script_name(english:\"Ubuntu 11.04 : mozvoikko update (USN-1192-2)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1192-1 fixed vulnerabilities in Firefox. This update provides an\nupdated Mozvoikko for use with Firefox 6.\n\nAral Yaman discovered a vulnerability in the WebGL engine. An attacker\ncould potentially use this to crash Firefox or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2011-2989)\n\nVivekanand Bolajwar discovered a vulnerability in the\nJavaScript engine. An attacker could potentially use this to\ncrash Firefox or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman discovered a vulnerability in\nthe Ogg reader. An attacker could potentially use this to\ncrash Firefox or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2011-2991)\n\nRobert Kaiser, Jesse Ruderman, Gary Kwong, Christoph Diehl,\nMartijn Wargers, Travis Emmitt, Bob Clary, and Jonathan Watt\ndiscovered multiple memory vulnerabilities in the browser\nrendering engine. An attacker could use these to possibly\nexecute arbitrary code with the privileges of the user\ninvoking Firefox. (CVE-2011-2985)\n\nRafael Gieschke discovered that unsigned JavaScript could\ncall into a script inside a signed JAR. This could allow an\nattacker to execute arbitrary code with the identity and\npermissions of the signed JAR. (CVE-2011-2993)\n\nMichael Jordon discovered that an overly long shader program\ncould cause a buffer overrun. An attacker could potentially\nuse this to crash Firefox or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2011-2988)\n\nMichael Jordon discovered a heap overflow in the ANGLE\nlibrary used in Firefox's WebGL implementation. An attacker\ncould potentially use this to crash Firefox or execute\narbitrary code with the privileges of the user invoking\nFirefox. (CVE-2011-2987)\n\nIt was discovered that an SVG text manipulation routine\ncontained a dangling pointer vulnerability. An attacker\ncould potentially use this to crash Firefox or execute\narbitrary code with the privileges of the user invoking\nFirefox. (CVE-2011-0084)\n\nMike Cardwell discovered that Content Security Policy\nviolation reports failed to strip out proxy authorization\ncredentials from the list of request headers. This could\nallow a malicious website to capture proxy authorization\ncredentials. Daniel Veditz discovered that redirecting to a\nwebsite with Content Security Policy resulted in the\nincorrect resolution of hosts in the constructed policy.\nThis could allow a malicious website to circumvent the\nContent Security Policy of another website. (CVE-2011-2990).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1192-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xul-ext-mozvoikko package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xul-ext-mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"xul-ext-mozvoikko\", pkgver:\"1.9.0~svn20101114r3591-0ubuntu3.11.04.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xul-ext-mozvoikko\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:15:17", "bulletinFamily": "scanner", "description": "The installed version of SeaMonkey is earlier than 2.3.0. Such versions are potentially affected by the following security issues :\n\n - An error in SVG text manipulation code creates a dangling pointer vulnerability. (CVE-2011-0084)\n\n - Multiple, unspecified memory safety issues exist.\n (CVE-2011-2985)\n\n - An error in the D2D hardware acceleration code can allow image data from one domain to be read by another domain.\n (CVE-2011-2986)\n\n - An error in the ANGLE library used by the WebGL implementation can allow heap overflows, possibly leading to code execution. (CVE-2011-2987)\n\n - An error in the shader program handling code can allow a large shader program to overflow a buffer and crash.\n (CVE-2011-2988)\n\n - An unspecified error exists related to WebGL. (CVE-2011-2989)\n\n - Two errors exist related to Content Security Policy and can lead to information disclosure. (CVE-2011-2990)\n\n - An unspecified error exists that can allow JavaScript crashes. (CVE-2011-2991)\n\n - An unspecified error exists that can allow the Ogg reader to crash. (CVE-2011-2992)\n\n - An unspecified error exists that can allow unsigned JavaScript to call into a signed JAR and inherit the signed JAR's permissions and identity. (CVE-2011-2993)\n\n - There is an error in the implementation of the 'window.location' JavaScript object when creating named frames. This can be exploited to bypass the same-origin policy and potentially conduct cross-site scripting attacks.(CVE-2011-2999)", "modified": "2018-07-27T00:00:00", "id": "SEAMONKEY_23.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55885", "published": "2011-08-17T00:00:00", "title": "SeaMonkey < 2.3.0 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55885);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\n \"CVE-2011-0084\",\n \"CVE-2011-2985\",\n \"CVE-2011-2986\",\n \"CVE-2011-2987\",\n \"CVE-2011-2988\",\n \"CVE-2011-2989\",\n \"CVE-2011-2990\",\n \"CVE-2011-2991\",\n \"CVE-2011-2992\",\n \"CVE-2011-2993\",\n \"CVE-2011-2999\"\n );\n script_bugtraq_id(\n 49213,\n 49224,\n 49226,\n 49227,\n 49239,\n 49242,\n 49243,\n 49245,\n 49246,\n 49248,\n 49848\n );\n\n script_name(english:\"SeaMonkey < 2.3.0 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of SeaMonkey\");\n\n script_set_attribute(attribute:\"synopsis\",value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\",value:\n\"The installed version of SeaMonkey is earlier than 2.3.0. Such\nversions are potentially affected by the following security issues :\n\n - An error in SVG text manipulation code creates a\n dangling pointer vulnerability. (CVE-2011-0084)\n\n - Multiple, unspecified memory safety issues exist.\n (CVE-2011-2985)\n\n - An error in the D2D hardware acceleration code can allow\n image data from one domain to be read by another domain.\n (CVE-2011-2986)\n\n - An error in the ANGLE library used by the WebGL\n implementation can allow heap overflows, possibly\n leading to code execution. (CVE-2011-2987)\n\n - An error in the shader program handling code can allow\n a large shader program to overflow a buffer and crash.\n (CVE-2011-2988)\n\n - An unspecified error exists related to WebGL. \n (CVE-2011-2989)\n\n - Two errors exist related to Content Security Policy\n and can lead to information disclosure. (CVE-2011-2990)\n\n - An unspecified error exists that can allow JavaScript\n crashes. (CVE-2011-2991)\n\n - An unspecified error exists that can allow the Ogg \n reader to crash. (CVE-2011-2992)\n\n - An unspecified error exists that can allow unsigned\n JavaScript to call into a signed JAR and inherit the\n signed JAR's permissions and identity. (CVE-2011-2993)\n\n - There is an error in the implementation of the\n 'window.location' JavaScript object when creating named\n frames. This can be exploited to bypass the same-origin\n policy and potentially conduct cross-site scripting\n attacks.(CVE-2011-2999)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-38/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to SeaMonkey 2.3.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:seamonkey\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"SeaMonkey/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/SeaMonkey/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"SeaMonkey\");\n\nmozilla_check_version(installs:installs, product:'seamonkey', fix:'2.3.0', severity:SECURITY_HOLE);", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:15:17", "bulletinFamily": "scanner", "description": "The installed version of Firefox is earlier than 6.0 and thus, is potentially affected by the following security issues :\n\n - A dangling pointer vulnerability exists in an SVG text manipulation routine. (CVE-2011-0084)\n\n - Several memory safety bugs exist in the browser engine that may permit remote code execution. (CVE-2011-2985, CVE-2011-2989, CVE-2011-2991, CVE-2011-2992)\n\n - A cross-origin data theft vulnerability exists when using canvas and Windows D2D hardware acceleration.\n (CVE-2011-2986) \n\n - A heap overflow vulnerability exists in WebGL's ANGLE library. (CVE-2011-2987)\n\n - A buffer overflow vulnerability exists in WebGL when using an overly long shader program. (CVE-2011-2988)\n\n - Two errors exist related to Content Security Policy that can lead to information disclosure. (CVE-2011-2990)\n\n - An unspecified error exists that can allow unsigned JavaScript to call into a signed JAR and inherit the signed JAR's permissions and identity. (CVE-2011-2993)\n\n - There is an error in the implementation of the 'window.location' JavaScript object when creating named frames. This can be exploited to bypass the same-origin policy and potentially conduct cross-site scripting attacks.(CVE-2011-2999)", "modified": "2018-11-15T00:00:00", "id": "MOZILLA_FIREFOX_60.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55902", "published": "2011-08-18T00:00:00", "title": "Firefox < 6.0 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55902);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n\n script_cve_id(\n \"CVE-2011-0084\",\n \"CVE-2011-2985\",\n \"CVE-2011-2986\",\n \"CVE-2011-2987\",\n \"CVE-2011-2988\",\n \"CVE-2011-2989\",\n \"CVE-2011-2990\",\n \"CVE-2011-2991\",\n \"CVE-2011-2992\",\n \"CVE-2011-2993\",\n \"CVE-2011-2999\"\n );\n script_bugtraq_id(\n 49213,\n 49224,\n 49226,\n 49227,\n 49239,\n 49242,\n 49243,\n 49245,\n 49246,\n 49248,\n 49848\n );\n\n script_name(english:\"Firefox < 6.0 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox is earlier than 6.0 and thus, is\npotentially affected by the following security issues :\n\n - A dangling pointer vulnerability exists in an SVG text\n manipulation routine. (CVE-2011-0084)\n\n - Several memory safety bugs exist in the browser engine\n that may permit remote code execution. (CVE-2011-2985,\n CVE-2011-2989, CVE-2011-2991, CVE-2011-2992)\n\n - A cross-origin data theft vulnerability exists when\n using canvas and Windows D2D hardware acceleration.\n (CVE-2011-2986) \n\n - A heap overflow vulnerability exists in WebGL's ANGLE\n library. (CVE-2011-2987)\n\n - A buffer overflow vulnerability exists in WebGL when\n using an overly long shader program. (CVE-2011-2988)\n\n - Two errors exist related to Content Security Policy\n that can lead to information disclosure. (CVE-2011-2990)\n\n - An unspecified error exists that can allow unsigned\n JavaScript to call into a signed JAR and inherit the\n signed JAR's permissions and identity. (CVE-2011-2993)\n\n - There is an error in the implementation of the\n 'window.location' JavaScript object when creating named\n frames. This can be exploited to bypass the same-origin\n policy and potentially conduct cross-site scripting\n attacks.(CVE-2011-2999)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-38/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-270/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\"); \n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'6.0', skippat:'^3\\\\.6\\\\.', severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:15:17", "bulletinFamily": "scanner", "description": "The installed version of Thunderbird is earlier than 6.0 and thus, is potentially affected by the following security issues :\n\n - Several memory safety bugs exist in the browser engine that may permit remote code execution. (CVE-2011-2985, CVE-2011-2989, CVE-2011-2991, CVE-2011-2992)\n\n - A dangling pointer vulnerability exists in an SVG text manipulation routine. (CVE-2011-0084)\n\n - A buffer overflow vulnerability exists in WebGL when using an overly long shader program. (CVE-2011-2988)\n\n - A heap overflow vulnerability exists in WebGL's ANGLE library. (CVE-2011-2987)\n\n - A cross-origin data theft vulnerability exists when using canvas and Windows D2D hardware acceleration.\n (CVE-2011-2986)\n\n - There is an error in the implementation of the 'window.location' JavaScript object when creating named frames. This can be exploited to bypass the same-origin policy and potentially conduct cross-site scripting attacks.(CVE-2011-2999)", "modified": "2018-07-16T00:00:00", "id": "MOZILLA_THUNDERBIRD_60.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55887", "published": "2011-08-17T00:00:00", "title": "Mozilla Thunderbird < 6.0 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55887);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/16 14:09:15\");\n\n script_cve_id(\n \"CVE-2011-0084\",\n \"CVE-2011-2985\",\n \"CVE-2011-2986\",\n \"CVE-2011-2987\",\n \"CVE-2011-2988\",\n \"CVE-2011-2989\",\n \"CVE-2011-2991\",\n \"CVE-2011-2992\",\n \"CVE-2011-2999\"\n );\n script_bugtraq_id(\n 49213,\n 49224,\n 49226,\n 49227,\n 49239,\n 49242,\n 49243,\n 49245,\n 49848\n );\n\n script_name(english:\"Mozilla Thunderbird < 6.0 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a mail client that may be affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Thunderbird is earlier than 6.0 and thus, is\npotentially affected by the following security issues :\n\n - Several memory safety bugs exist in the browser engine\n that may permit remote code execution. (CVE-2011-2985, \n CVE-2011-2989, CVE-2011-2991, CVE-2011-2992)\n\n - A dangling pointer vulnerability exists in an SVG text\n manipulation routine. (CVE-2011-0084)\n\n - A buffer overflow vulnerability exists in WebGL when\n using an overly long shader program. (CVE-2011-2988)\n\n - A heap overflow vulnerability exists in WebGL's ANGLE\n library. (CVE-2011-2987)\n\n - A cross-origin data theft vulnerability exists when\n using canvas and Windows D2D hardware acceleration.\n (CVE-2011-2986)\n\n - There is an error in the implementation of the\n 'window.location' JavaScript object when creating named\n frames. This can be exploited to bypass the same-origin\n policy and potentially conduct cross-site scripting\n attacks.(CVE-2011-2999)\n\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-38/\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Thunderbird 6.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\");\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'6.0', skippat:'^3\\\\.1\\\\.', severity:SECURITY_HOLE);", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:21:48", "bulletinFamily": "scanner", "description": "Mozilla SeaMonkey suite was updated to version 2.3.\n\nThe update fixes bugs and security issues. Following security issues were fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla Foundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation Security Advisory 2011-33\n\n - Miscellaneous memory safety hazards (rv:4.0) Mozilla identified and fixed several memory safety bugs in the browser engine used in SeaMonkey 2.2 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.\n\n Aral Yaman reported a WebGL crash which affected SeaMonkey 2.2. (CVE-2011-2989)\n\n Vivekanand Bolajwar reported a JavaScript crash which affected SeaMonkey 2.2. (CVE-2011-2991)\n\n Bert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg reader which affected SeaMonkey 2.2.\n (CVE-2011-2992)\n\n Mozilla developers and community members Robert Kaiser, Jesse Ruderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory safety issues which affected SeaMonkey 2.2. (CVE-2011-2985)\n\n - Unsigned scripts can call script inside signed JAR\n\n Rafael Gieschke reported that unsigned JavaScript could call into script inside a signed JAR thereby inheriting the identity of the site that signed the JAR as well as any permissions that a user had granted the signed JAR.\n (CVE-2011-2993)\n\n - String crash using WebGL shaders\n\n Michael Jordon of Context IS reported that an overly long shader program could cause a buffer overrun and crash in a string class used to store the shader source code. (CVE-2011-2988)\n\n - Heap overflow in ANGLE library\n\n Michael Jordon of Context IS reported a potentially exploitable heap overflow in the ANGLE library used by Mozilla's WebGL implementation. (CVE-2011-2987)\n\n - Crash in SVGTextElement.getCharNumAtPosition()\n\n Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a SVG text manipulation routine contained a dangling pointer vulnerability. (CVE-2011-0084)\n\n - Credential leakage using Content Security Policy reports\n\n Mike Cardwell reported that Content Security Policy violation reports failed to strip out proxy authorization credentials from the list of request headers. Daniel Veditz reported that redirecting to a website with Content Security Policy resulted in the incorrect resolution of hosts in the constructed policy.\n (CVE-2011-2990)\n\n - Cross-origin data theft using canvas and Windows D2D\n\n nasalislarvatus3000 reported that when using Windows D2D hardware acceleration, image data from one domain could be inserted into a canvas and read by a different domain. (CVE-2011-2986)", "modified": "2018-11-20T00:00:00", "id": "SUSE_11_3_SEAMONKEY-110819.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75739", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-5024.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75739);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/20 11:04:17\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2985\", \"CVE-2011-2986\", \"CVE-2011-2987\", \"CVE-2011-2988\", \"CVE-2011-2989\", \"CVE-2011-2990\", \"CVE-2011-2991\", \"CVE-2011-2992\", \"CVE-2011-2993\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)\");\n script_summary(english:\"Check for the seamonkey-5024 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey suite was updated to version 2.3.\n\nThe update fixes bugs and security issues. Following security issues\nwere fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla\nFoundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation\nSecurity Advisory 2011-33\n\n - Miscellaneous memory safety hazards (rv:4.0) Mozilla\n identified and fixed several memory safety bugs in the\n browser engine used in SeaMonkey 2.2 and other\n Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n Aral Yaman reported a WebGL crash which affected\n SeaMonkey 2.2. (CVE-2011-2989)\n\n Vivekanand Bolajwar reported a JavaScript crash which\n affected SeaMonkey 2.2. (CVE-2011-2991)\n\n Bert Hubert and Theo Snelleman of Fox-IT reported a\n crash in the Ogg reader which affected SeaMonkey 2.2.\n (CVE-2011-2992)\n\n Mozilla developers and community members Robert Kaiser,\n Jesse Ruderman, moz_bug_r_a4, Mardeg, Gary Kwong,\n Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob\n Clary and Jonathan Watt reported memory safety issues\n which affected SeaMonkey 2.2. (CVE-2011-2985)\n\n - Unsigned scripts can call script inside signed JAR\n\n Rafael Gieschke reported that unsigned JavaScript could\n call into script inside a signed JAR thereby inheriting\n the identity of the site that signed the JAR as well as\n any permissions that a user had granted the signed JAR.\n (CVE-2011-2993)\n\n - String crash using WebGL shaders\n\n Michael Jordon of Context IS reported that an overly\n long shader program could cause a buffer overrun and\n crash in a string class used to store the shader source\n code. (CVE-2011-2988)\n\n - Heap overflow in ANGLE library\n\n Michael Jordon of Context IS reported a potentially\n exploitable heap overflow in the ANGLE library used by\n Mozilla's WebGL implementation. (CVE-2011-2987)\n\n - Crash in SVGTextElement.getCharNumAtPosition()\n\n Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that a SVG text\n manipulation routine contained a dangling pointer\n vulnerability. (CVE-2011-0084)\n\n - Credential leakage using Content Security Policy reports\n\n Mike Cardwell reported that Content Security Policy\n violation reports failed to strip out proxy\n authorization credentials from the list of request\n headers. Daniel Veditz reported that redirecting to a\n website with Content Security Policy resulted in the\n incorrect resolution of hosts in the constructed policy.\n (CVE-2011-2990)\n\n - Cross-origin data theft using canvas and Windows D2D\n\n nasalislarvatus3000 reported that when using Windows D2D\n hardware acceleration, image data from one domain could\n be inserted into a canvas and read by a different\n domain. (CVE-2011-2986)\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-33.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00039.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-dom-inspector-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-irc-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-translations-common-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-translations-other-2.3-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-venkman-2.3-2.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:21:52", "bulletinFamily": "scanner", "description": "Mozilla Firefox was updated to version 6.\n\nIt brings new features, fixes bugs and security issues. Following security issues were fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-29.html Mozilla Foundation Security Advisory 2011-29 (MFSA 2011-29)\n\ndbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo Miscellaneous memory safety hazards: Mozilla identified and fixed several memory safety bugs in the browser engine used in Firefox 4, Firefox 5 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.\n\nAral Yaman reported a WebGL crash which affected Firefox 4 and Firefox 5. (CVE-2011-2989)\n\nVivekanand Bolajwar reported a JavaScript crash which affected Firefox 4 and Firefox 5. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg reader which affected Firefox 4 and Firefox 5. (CVE-2011-2992)\n\nMozilla developers and community members Robert Kaiser, Jesse Ruderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory safety issues which affected Firefox 4 and Firefox 5. (CVE-2011-2985)\n\ndbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo Unsigned scripts can call script inside signed JAR Rafael Gieschke reported that unsigned JavaScript could call into script inside a signed JAR thereby inheriting the identity of the site that signed the JAR as well as any permissions that a user had granted the signed JAR.\n(CVE-2011-2993)\n\ndbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo String crash using WebGL shaders Michael Jordon of Context IS reported that an overly long shader program could cause a buffer overrun and crash in a string class used to store the shader source code.\n(CVE-2011-2988)\n\ndbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo Heap overflow in ANGLE library Michael Jordon of Context IS reported a potentially exploitable heap overflow in the ANGLE library used by Mozilla's WebGL implementation. (CVE-2011-2987)\n\ndbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a SVG text manipulation routine contained a dangling pointer vulnerability.\n(CVE-2011-0084)\n\ndbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo Credential leakage using Content Security Policy reports Mike Cardwell reported that Content Security Policy violation reports failed to strip out proxy authorization credentials from the list of request headers. Daniel Veditz reported that redirecting to a website with Content Security Policy resulted in the incorrect resolution of hosts in the constructed policy. (CVE-2011-2990) dbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo Cross-origin data theft using canvas and Windows D2D nasalislarvatus3000 reported that when using Windows D2D hardware acceleration, image data from one domain could be inserted into a canvas and read by a different domain. (CVE-2011-2986)", "modified": "2018-11-20T00:00:00", "id": "SUSE_11_4_MOZILLAFIREFOX-110819.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75945", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:0957-2)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-5020.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75945);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/20 11:04:17\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2985\", \"CVE-2011-2986\", \"CVE-2011-2987\", \"CVE-2011-2988\", \"CVE-2011-2989\", \"CVE-2011-2990\", \"CVE-2011-2991\", \"CVE-2011-2992\", \"CVE-2011-2993\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:0957-2)\");\n script_summary(english:\"Check for the MozillaFirefox-5020 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was updated to version 6.\n\nIt brings new features, fixes bugs and security issues. Following\nsecurity issues were fixed:\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-29.html Mozilla\nFoundation Security Advisory 2011-29 (MFSA 2011-29)\n\ndbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo\nMiscellaneous memory safety hazards: Mozilla identified and fixed\nseveral memory safety bugs in the browser engine used in Firefox 4,\nFirefox 5 and other Mozilla-based products. Some of these bugs showed\nevidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be\nexploited to run arbitrary code.\n\nAral Yaman reported a WebGL crash which affected Firefox 4 and Firefox\n5. (CVE-2011-2989)\n\nVivekanand Bolajwar reported a JavaScript crash which affected Firefox\n4 and Firefox 5. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg\nreader which affected Firefox 4 and Firefox 5. (CVE-2011-2992)\n\nMozilla developers and community members Robert Kaiser, Jesse\nRuderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn\nWargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory\nsafety issues which affected Firefox 4 and Firefox 5. (CVE-2011-2985)\n\ndbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo Unsigned\nscripts can call script inside signed JAR Rafael Gieschke reported\nthat unsigned JavaScript could call into script inside a signed JAR\nthereby inheriting the identity of the site that signed the JAR as\nwell as any permissions that a user had granted the signed JAR.\n(CVE-2011-2993)\n\ndbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo String\ncrash using WebGL shaders Michael Jordon of Context IS reported that\nan overly long shader program could cause a buffer overrun and crash\nin a string class used to store the shader source code.\n(CVE-2011-2988)\n\ndbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo Heap\noverflow in ANGLE library Michael Jordon of Context IS reported a\npotentially exploitable heap overflow in the ANGLE library used by\nMozilla's WebGL implementation. (CVE-2011-2987)\n\ndbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo Crash in\nSVGTextElement.getCharNumAtPosition() Security researcher regenrecht\nreported via TippingPoint's Zero Day Initiative that a SVG text\nmanipulation routine contained a dangling pointer vulnerability.\n(CVE-2011-0084)\n\ndbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo\nCredential leakage using Content Security Policy reports Mike Cardwell\nreported that Content Security Policy violation reports failed to\nstrip out proxy authorization credentials from the list of request\nheaders. Daniel Veditz reported that redirecting to a website with\nContent Security Policy resulted in the incorrect resolution of hosts\nin the constructed policy. (CVE-2011-2990) dbg114-MozillaFirefox-5020\nMozillaFirefox-5020 new_updateinfo Cross-origin data theft using\ncanvas and Windows D2D nasalislarvatus3000 reported that when using\nWindows D2D hardware acceleration, image data from one domain could be\ninserted into a canvas and read by a different domain. (CVE-2011-2986)\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-29.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00043.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-6.0-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-branding-upstream-6.0-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-buildsymbols-6.0-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-debuginfo-6.0-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-debugsource-6.0-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-devel-6.0-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-translations-common-6.0-2.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-translations-other-6.0-2.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-22T07:12:17", "bulletinFamily": "scanner", "description": "The Mozilla Project reports :\n\nMFSA 2011-29 Security issues addressed in Firefox 6\n\nMFSA 2011-28 Security issues addressed in Firefox 3.6.20", "modified": "2018-11-21T00:00:00", "published": "2011-08-17T00:00:00", "id": "FREEBSD_PKG_834591A9C82F11E0897D6C626DD55A41.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55878", "title": "FreeBSD : mozilla -- multiple vulnerabilities (834591a9-c82f-11e0-897d-6c626dd55a41)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55878);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/21 10:46:30\");\n\n script_cve_id(\"CVE-2011-0084\", \"CVE-2011-2378\", \"CVE-2011-2980\", \"CVE-2011-2981\", \"CVE-2011-2982\", \"CVE-2011-2983\", \"CVE-2011-2984\", \"CVE-2011-2985\", \"CVE-2011-2986\", \"CVE-2011-2987\", \"CVE-2011-2988\", \"CVE-2011-2989\", \"CVE-2011-2990\", \"CVE-2011-2991\", \"CVE-2011-2992\", \"CVE-2011-2993\");\n\n script_name(english:\"FreeBSD : mozilla -- multiple vulnerabilities (834591a9-c82f-11e0-897d-6c626dd55a41)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla Project reports :\n\nMFSA 2011-29 Security issues addressed in Firefox 6\n\nMFSA 2011-28 Security issues addressed in Firefox 3.6.20\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-29.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29/\"\n );\n # http://www.mozilla.org/security/announce/2011/mfsa2011-30.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30/\"\n );\n # https://vuxml.freebsd.org/freebsd/834591a9-c82f-11e0-897d-6c626dd55a41.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?78292791\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-772\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox>3.6.*,1<3.6.20,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"firefox>5.0.*,1<6.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<2.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<3.6.20,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<3.1.12\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-thunderbird<3.1.12\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:21:22", "bulletinFamily": "scanner", "description": "Changes in xulrunner :\n\n - update to 12.0 (bnc#758408)\n\n - rebased patches\n\n - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards\n\n - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange\n\n - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface\n\n - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors\n\n - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite\n\n - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error\n\n - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS\n\n - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions\n\n - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues\n\n - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D\n\n - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer\n\n - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors\n\n - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds\n\n - added mozilla-libnotify.patch to allow fallback from libnotify to xul based events if no notification-daemon is running\n\n - gcc 4.7 fixes\n\n - mozilla-gcc47.patch\n\n - disabled crashreporter temporarily for Factory\n\nChanges in MozillaFirefox :\n\n - update to Firefox 12.0 (bnc#758408)\n\n - rebased patches\n\n - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards\n\n - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange\n\n - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface\n\n - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors\n\n - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite\n\n - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error\n\n - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS\n\n - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions\n\n - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues\n\n - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D\n\n - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer\n\n - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors\n\n - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds\n\n - added mozilla-libnotify.patch to allow fallback from libnotify to xul based events if no notification-daemon is running\n\n - gcc 4.7 fixes\n\n - mozilla-gcc47.patch\n\n - disabled crashreporter temporarily for Factory\n\n - recommend libcanberra0 for proper sound notifications\n\nChanges in MozillaThunderbird :\n\n - update to Thunderbird 12.0 (bnc#758408)\n\n - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards\n\n - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange\n\n - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface\n\n - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors\n\n - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite\n\n - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error\n\n - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS\n\n - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions\n\n - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues\n\n - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D\n\n - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer\n\n - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors\n\n - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds\n\n - update Enigmail to 1.4.1\n\n - added mozilla-revert_621446.patch\n\n - added mozilla-libnotify.patch (bmo#737646)\n\n - added mailnew-showalert.patch (bmo#739146)\n\n - added mozilla-gcc47.patch and mailnews-literals.patch to fix compilation issues with recent gcc 4.7\n\n - disabled crashreporter temporarily for Factory (gcc 4.7 issue)\n\nChanges in seamonkey :\n\n - update to SeaMonkey 2.9 (bnc#758408)\n\n - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards\n\n - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange\n\n - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface\n\n - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors\n\n - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite\n\n - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error\n\n - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS\n\n - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions\n\n - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues\n\n - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D\n\n - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer\n\n - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors\n\n - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds\n\n - update to 2.9b4\n\n - added mozilla-sle11.patch and add exceptions to be able to build for SLE11/11.1\n\n - exclude broken gl locale from build\n\n - fixed build on 11.2-x86_64 by adding mozilla-revert_621446.patch\n\n - added mozilla-gcc47.patch and mailnews-literals.patch to fix compilation issues with recent gcc 4.7", "modified": "2018-11-10T00:00:00", "id": "OPENSUSE-2012-254.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74612", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : MozillaFirefox / MozillaThunderbird / seamonkey / etc (openSUSE-SU-2012:0567-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-254.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74612);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:50:00\");\n\n script_cve_id(\"CVE-2011-1187\", \"CVE-2011-2985\", \"CVE-2011-2986\", \"CVE-2011-2987\", \"CVE-2011-2988\", \"CVE-2011-2989\", \"CVE-2011-2991\", \"CVE-2011-2992\", \"CVE-2011-3005\", \"CVE-2011-3062\", \"CVE-2011-3232\", \"CVE-2011-3651\", \"CVE-2011-3652\", \"CVE-2011-3654\", \"CVE-2011-3655\", \"CVE-2011-3658\", \"CVE-2011-3660\", \"CVE-2011-3661\", \"CVE-2011-3663\", \"CVE-2012-0445\", \"CVE-2012-0446\", \"CVE-2012-0447\", \"CVE-2012-0451\", \"CVE-2012-0452\", \"CVE-2012-0459\", \"CVE-2012-0460\", \"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\", \"CVE-2012-0470\", \"CVE-2012-0471\", \"CVE-2012-0472\", \"CVE-2012-0473\", \"CVE-2012-0474\", \"CVE-2012-0475\", \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2012-0479\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox / MozillaThunderbird / seamonkey / etc (openSUSE-SU-2012:0567-1)\");\n script_summary(english:\"Check for the openSUSE-2012-254 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Changes in xulrunner :\n\n - update to 12.0 (bnc#758408)\n\n - rebased patches\n\n - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous\n memory safety hazards\n\n - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free\n in IDBKeyRange\n\n - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees\n causes heap corruption in gfxImageSurface\n\n - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS\n via multibyte content processing errors\n\n - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory\n corruption during font rendering using cairo-dwrite\n\n - MFSA 2012-26/CVE-2012-0473 (bmo#743475)\n WebGL.drawElements may read illegal video memory due to\n FindMaxUshortElement error\n\n - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page\n load short-circuit can lead to XSS\n\n - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6\n in Origin headers may bypass webserver access\n restrictions\n\n - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS\n through ISO-2022-KR/ISO-2022-CN decoding issues\n\n - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL\n content using textImage2D\n\n - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error\n in OpenType Sanitizer\n\n - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP\n Redirections and remote content can be read by\n JavaScript errors\n\n - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site\n identity spoofing when loading RSS and Atom feeds\n\n - added mozilla-libnotify.patch to allow fallback from\n libnotify to xul based events if no notification-daemon\n is running\n\n - gcc 4.7 fixes\n\n - mozilla-gcc47.patch\n\n - disabled crashreporter temporarily for Factory\n\nChanges in MozillaFirefox :\n\n - update to Firefox 12.0 (bnc#758408)\n\n - rebased patches\n\n - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous\n memory safety hazards\n\n - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free\n in IDBKeyRange\n\n - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees\n causes heap corruption in gfxImageSurface\n\n - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS\n via multibyte content processing errors\n\n - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory\n corruption during font rendering using cairo-dwrite\n\n - MFSA 2012-26/CVE-2012-0473 (bmo#743475)\n WebGL.drawElements may read illegal video memory due to\n FindMaxUshortElement error\n\n - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page\n load short-circuit can lead to XSS\n\n - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6\n in Origin headers may bypass webserver access\n restrictions\n\n - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS\n through ISO-2022-KR/ISO-2022-CN decoding issues\n\n - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL\n content using textImage2D\n\n - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error\n in OpenType Sanitizer\n\n - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP\n Redirections and remote content can be read by\n JavaScript errors\n\n - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site\n identity spoofing when loading RSS and Atom feeds\n\n - added mozilla-libnotify.patch to allow fallback from\n libnotify to xul based events if no notification-daemon\n is running\n\n - gcc 4.7 fixes\n\n - mozilla-gcc47.patch\n\n - disabled crashreporter temporarily for Factory\n\n - recommend libcanberra0 for proper sound notifications\n\nChanges in MozillaThunderbird :\n\n - update to Thunderbird 12.0 (bnc#758408)\n\n - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous\n memory safety hazards\n\n - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free\n in IDBKeyRange\n\n - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees\n causes heap corruption in gfxImageSurface\n\n - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS\n via multibyte content processing errors\n\n - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory\n corruption during font rendering using cairo-dwrite\n\n - MFSA 2012-26/CVE-2012-0473 (bmo#743475)\n WebGL.drawElements may read illegal video memory due to\n FindMaxUshortElement error\n\n - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page\n load short-circuit can lead to XSS\n\n - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6\n in Origin headers may bypass webserver access\n restrictions\n\n - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS\n through ISO-2022-KR/ISO-2022-CN decoding issues\n\n - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL\n content using textImage2D\n\n - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error\n in OpenType Sanitizer\n\n - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP\n Redirections and remote content can be read by\n JavaScript errors\n\n - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site\n identity spoofing when loading RSS and Atom feeds\n\n - update Enigmail to 1.4.1\n\n - added mozilla-revert_621446.patch\n\n - added mozilla-libnotify.patch (bmo#737646)\n\n - added mailnew-showalert.patch (bmo#739146)\n\n - added mozilla-gcc47.patch and mailnews-literals.patch to\n fix compilation issues with recent gcc 4.7\n\n - disabled crashreporter temporarily for Factory (gcc 4.7\n issue)\n\nChanges in seamonkey :\n\n - update to SeaMonkey 2.9 (bnc#758408)\n\n - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous\n memory safety hazards\n\n - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free\n in IDBKeyRange\n\n - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees\n causes heap corruption in gfxImageSurface\n\n - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS\n via multibyte content processing errors\n\n - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory\n corruption during font rendering using cairo-dwrite\n\n - MFSA 2012-26/CVE-2012-0473 (bmo#743475)\n WebGL.drawElements may read illegal video memory due to\n FindMaxUshortElement error\n\n - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page\n load short-circuit can lead to XSS\n\n - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6\n in Origin headers may bypass webserver access\n restrictions\n\n - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS\n through ISO-2022-KR/ISO-2022-CN decoding issues\n\n - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL\n content using textImage2D\n\n - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error\n in OpenType Sanitizer\n\n - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP\n Redirections and remote content can be read by\n JavaScript errors\n\n - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site\n identity spoofing when loading RSS and Atom feeds\n\n - update to 2.9b4\n\n - added mozilla-sle11.patch and add exceptions to be able\n to build for SLE11/11.1\n\n - exclude broken gl locale from build\n\n - fixed build on 11.2-x86_64 by adding\n mozilla-revert_621446.patch\n\n - added mozilla-gcc47.patch and mailnews-literals.patch to\n fix compilation issues with recent gcc 4.7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=714931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=720264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=726758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=728520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=732898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=733002\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=744275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=746616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747328\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=749440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=758408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-04/msg00066.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox / MozillaThunderbird / seamonkey / etc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSVGValue Out-of-Bounds Access Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4|SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4 / 12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-12.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-branding-upstream-12.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-buildsymbols-12.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-debuginfo-12.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-debugsource-12.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-devel-12.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-translations-common-12.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-translations-other-12.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-12.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-buildsymbols-12.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-debuginfo-12.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-debugsource-12.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-devel-12.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-translations-common-12.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-translations-other-12.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"enigmail-1.4.1+12.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"enigmail-debuginfo-1.4.1+12.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-2.9-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debuginfo-2.9-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debugsource-2.9-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-dom-inspector-2.9-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-irc-2.9-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-common-2.9-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-other-2.9-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-venkman-2.9-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-12.0-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-branding-upstream-12.0-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-buildsymbols-12.0-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debuginfo-12.0-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debugsource-12.0-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-devel-12.0-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-common-12.0-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-other-12.0-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-12.0-33.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-buildsymbols-12.0-33.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debuginfo-12.0-33.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debugsource-12.0-33.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-12.0-33.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-common-12.0-33.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-other-12.0-33.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-1.4.1+12.0-33.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-debuginfo-1.4.1+12.0-33.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-12.0-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-debuginfo-12.0-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-2.9-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debuginfo-2.9-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debugsource-2.9-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-dom-inspector-2.9-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-irc-2.9-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-common-2.9-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-other-2.9-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-venkman-2.9-2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-12.0-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-buildsymbols-12.0-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debuginfo-12.0-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debugsource-12.0-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-12.0-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-debuginfo-12.0-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-12.0-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-12.0-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-32bit-12.0-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-12.0-2.26.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:10", "bulletinFamily": "unix", "description": "Aral Yaman discovered a vulnerability in the WebGL engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2989)\n\nVivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman discovered a vulnerability in the Ogg reader. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2991)\n\nRobert Kaiser, Jesse Ruderman, Gary Kwong, Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob Clary, and Jonathan Watt discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2985)\n\nRafael Gieschke discovered that unsigned JavaScript could call into a script inside a signed JAR. This could allow an attacker to execute arbitrary code with the identity and permissions of the signed JAR. (CVE-2011-2993)\n\nMichael Jordon discovered that an overly long shader program could cause a buffer overrun. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2988)\n\nMichael Jordon discovered a heap overflow in the ANGLE library used in Firefox\u2019s WebGL implementation. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2987)\n\nIt was discovered that an SVG text manipulation routine contained a dangling pointer vulnerability. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-0084)\n\nMike Cardwell discovered that Content Security Policy violation reports failed to strip out proxy authorization credentials from the list of request headers. This could allow a malicious website to capture proxy authorization credentials. Daniel Veditz discovered that redirecting to a website with Content Security Policy resulted in the incorrect resolution of hosts in the constructed policy. This could allow a malicious website to circumvent the Content Security Policy of another website. (CVE-2011-2990)", "modified": "2011-08-17T00:00:00", "published": "2011-08-17T00:00:00", "id": "USN-1192-1", "href": "https://usn.ubuntu.com/1192-1/", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:22:49", "bulletinFamily": "unix", "description": "USN-1192-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko for use with Firefox 6.\n\nOriginal advisory details:\n\nAral Yaman discovered a vulnerability in the WebGL engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2989)\n\nVivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman discovered a vulnerability in the Ogg reader. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2991)\n\nRobert Kaiser, Jesse Ruderman, Gary Kwong, Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob Clary, and Jonathan Watt discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2985)\n\nRafael Gieschke discovered that unsigned JavaScript could call into a script inside a signed JAR. This could allow an attacker to execute arbitrary code with the identity and permissions of the signed JAR. (CVE-2011-2993)\n\nMichael Jordon discovered that an overly long shader program could cause a buffer overrun. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2988)\n\nMichael Jordon discovered a heap overflow in the ANGLE library used in Firefox\u2019s WebGL implementation. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2987)\n\nIt was discovered that an SVG text manipulation routine contained a dangling pointer vulnerability. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-0084)\n\nMike Cardwell discovered that Content Security Policy violation reports failed to strip out proxy authorization credentials from the list of request headers. This could allow a malicious website to capture proxy authorization credentials. Daniel Veditz discovered that redirecting to a website with Content Security Policy resulted in the incorrect resolution of hosts in the constructed policy. This could allow a malicious website to circumvent the Content Security Policy of another website. (CVE-2011-2990)", "modified": "2011-08-17T00:00:00", "published": "2011-08-17T00:00:00", "id": "USN-1192-2", "href": "https://usn.ubuntu.com/1192-2/", "title": "Mozvoikko update", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:22:45", "bulletinFamily": "unix", "description": "USN-1192-1 provided Firefox 6 as a security upgrade. Unfortunately, this caused a regression in libvoikko which caused Firefox to crash while spell checking words with hyphens. This update corrects the issue. We apologize for the inconvenience.\n\nOriginal advisory details:\n\nAral Yaman discovered a vulnerability in the WebGL engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2989)\n\nVivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2991)\n\nBert Hubert and Theo Snelleman discovered a vulnerability in the Ogg reader. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2991)\n\nRobert Kaiser, Jesse Ruderman, Gary Kwong, Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob Clary, and Jonathan Watt discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2985)\n\nRafael Gieschke discovered that unsigned JavaScript could call into a script inside a signed JAR. This could allow an attacker to execute arbitrary code with the identity and permissions of the signed JAR. (CVE-2011-2993)\n\nMichael Jordon discovered that an overly long shader program could cause a buffer overrun. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2988)\n\nMichael Jordon discovered a heap overflow in the ANGLE library used in Firefox\u2019s WebGL implementation. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2987)\n\nIt was discovered that an SVG text manipulation routine contained a dangling pointer vulnerability. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-0084)\n\nMike Cardwell discovered that Content Security Policy violation reports failed to strip out proxy authorization credentials from the list of request headers. This could allow a malicious website to capture proxy authorization credentials. Daniel Veditz discovered that redirecting to a website with Content Security Policy resulted in the incorrect resolution of hosts in the constructed policy. This could allow a malicious website to circumvent the Content Security Policy of another website. (CVE-2011-2990)", "modified": "2011-10-19T00:00:00", "published": "2011-10-19T00:00:00", "id": "USN-1192-3", "href": "https://usn.ubuntu.com/1192-3/", "title": "Libvoikko regression", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-12-04T11:27:11", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1192-1", "modified": "2017-12-01T00:00:00", "published": "2011-08-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840724", "id": "OPENVAS:840724", "title": "Ubuntu Update for firefox USN-1192-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1192_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for firefox USN-1192-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Aral Yaman discovered a vulnerability in the WebGL engine. An attacker\n could potentially use this to crash Firefox or execute arbitrary code with\n the privileges of the user invoking Firefox. (CVE-2011-2989)\n\n Vivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An\n attacker could potentially use this to crash Firefox or execute arbitrary\n code with the privileges of the user invoking Firefox. (CVE-2011-2991)\n \n Bert Hubert and Theo Snelleman discovered a vulnerability in the Ogg\n reader. An attacker could potentially use this to crash Firefox or execute\n arbitrary code with the privileges of the user invoking Firefox.\n (CVE-2011-2991)\n \n Robert Kaiser, Jesse Ruderman, Gary Kwong, Christoph Diehl, Martijn\n Wargers, Travis Emmitt, Bob Clary, and Jonathan Watt discovered multiple\n memory vulnerabilities in the browser rendering engine. An attacker could\n use these to possibly execute arbitrary code with the privileges of the\n user invoking Firefox. (CVE-2011-2985)\n \n Rafael Gieschke discovered that unsigned JavaScript could call into a\n script inside a signed JAR. This could allow an attacker to execute\n arbitrary code with the identity and permissions of the signed JAR.\n (CVE-2011-2993)\n \n Michael Jordon discovered that an overly long shader program could cause a\n buffer overrun. An attacker could potentially use this to crash Firefox or\n execute arbitrary code with the privileges of the user invoking Firefox.\n (CVE-2011-2988)\n \n Michael Jordon discovered a heap overflow in the ANGLE library used in\n Firefox's WebGL implementation. An attacker could potentially use this to\n crash Firefox or execute arbitrary code with the privileges of the user\n invoking Firefox. (CVE-2011-2987)\n \n It was discovered that an SVG text manipulation routine contained a\n dangling pointer vulnerability. An attacker could potentially use this to\n crash Firefox or execute arbitrary code with the privileges of the user\n invoking Firefox. (CVE-2011-0084)\n \n Mike Cardwell discovered that Content Security Policy violation reports\n failed to strip out proxy authorization credentials from the list of\n request headers. This could allow a malicious website to capture proxy\n authorization credentials. Daniel Veditz discovered that redirecting to a\n website with Content Security Policy resulted in the incorrect resolution\n of hosts in the constructed policy. This could allow a malicious website to\n circumvent the Content Security Policy of another website. (CVE-2011-2990)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1192-1\";\ntag_affected = \"firefox on Ubuntu 11.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1192-1/\");\n script_id(840724);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-19 15:17:22 +0200 (Fri, 19 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1192-1\");\n script_cve_id(\"CVE-2011-2989\", \"CVE-2011-2991\", \"CVE-2011-2985\", \"CVE-2011-2993\", \"CVE-2011-2988\", \"CVE-2011-2987\", \"CVE-2011-0084\", \"CVE-2011-2990\", \"CVE-2011-2992\");\n script_name(\"Ubuntu Update for firefox USN-1192-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"6.0+build1+nobinonly-0ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:59", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1192-1", "modified": "2019-03-13T00:00:00", "published": "2011-08-19T00:00:00", "id": "OPENVAS:1361412562310840724", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840724", "title": "Ubuntu Update for firefox USN-1192-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1192_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for firefox USN-1192-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1192-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840724\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-19 15:17:22 +0200 (Fri, 19 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1192-1\");\n script_cve_id(\"CVE-2011-2989\", \"CVE-2011-2991\", \"CVE-2011-2985\", \"CVE-2011-2993\", \"CVE-2011-2988\", \"CVE-2011-2987\", \"CVE-2011-0084\", \"CVE-2011-2990\", \"CVE-2011-2992\");\n script_name(\"Ubuntu Update for firefox USN-1192-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.04\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1192-1\");\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 11.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Aral Yaman discovered a vulnerability in the WebGL engine. An attacker\n could potentially use this to crash Firefox or execute arbitrary code with\n the privileges of the user invoking Firefox. (CVE-2011-2989)\n\n Vivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An\n attacker could potentially use this to crash Firefox or execute arbitrary\n code with the privileges of the user invoking Firefox. (CVE-2011-2991)\n\n Bert Hubert and Theo Snelleman discovered a vulnerability in the Ogg\n reader. An attacker could potentially use this to crash Firefox or execute\n arbitrary code with the privileges of the user invoking Firefox.\n (CVE-2011-2991)\n\n Robert Kaiser, Jesse Ruderman, Gary Kwong, Christoph Diehl, Martijn\n Wargers, Travis Emmitt, Bob Clary, and Jonathan Watt discovered multiple\n memory vulnerabilities in the browser rendering engine. An attacker could\n use these to possibly execute arbitrary code with the privileges of the\n user invoking Firefox. (CVE-2011-2985)\n\n Rafael Gieschke discovered that unsigned JavaScript could call into a\n script inside a signed JAR. This could allow an attacker to execute\n arbitrary code with the identity and permissions of the signed JAR.\n (CVE-2011-2993)\n\n Michael Jordon discovered that an overly long shader program could cause a\n buffer overrun. An attacker could potentially use this to crash Firefox or\n execute arbitrary code with the privileges of the user invoking Firefox.\n (CVE-2011-2988)\n\n Michael Jordon discovered a heap overflow in the ANGLE library used in\n Firefox's WebGL implementation. An attacker could potentially use this to\n crash Firefox or execute arbitrary code with the privileges of the user\n invoking Firefox. (CVE-2011-2987)\n\n It was discovered that an SVG text manipulation routine contained a\n dangling pointer vulnerability. An attacker could potentially use this to\n crash Firefox or execute arbitrary code with the privileges of the user\n invoking Firefox. (CVE-2011-0084)\n\n Mike Cardwell discovered that Content Security Policy violation reports\n failed to strip out proxy authorization credentials from the list of\n request headers. This could allow a malicious website to capture proxy\n authorization credentials. Daniel Veditz discovered that redirecting to a\n website with Content Security Policy resulted in the incorrect resolution\n of hosts in the constructed policy. This could allow a malicious website to\n circumvent the Content Security Policy of another website. (CVE-2011-2990)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"6.0+build1+nobinonly-0ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:26", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1192-3", "modified": "2019-03-13T00:00:00", "published": "2011-10-21T00:00:00", "id": "OPENVAS:1361412562310840777", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840777", "title": "Ubuntu Update for libvoikko USN-1192-3", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1192_3.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for libvoikko USN-1192-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1192-3/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840777\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1192-3\");\n script_cve_id(\"CVE-2011-2989\", \"CVE-2011-2991\", \"CVE-2011-2985\", \"CVE-2011-2993\",\n \"CVE-2011-2988\", \"CVE-2011-2987\", \"CVE-2011-0084\", \"CVE-2011-2990\");\n script_name(\"Ubuntu Update for libvoikko USN-1192-3\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.04\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1192-3\");\n script_tag(name:\"affected\", value:\"libvoikko on Ubuntu 11.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"USN-1192-1 provided Firefox 6 as a security upgrade. Unfortunately, this\n caused a regression in libvoikko which caused Firefox to crash while spell\n checking words with hyphens. This update corrects the issue. We apologize\n for the inconvenience.\n\n Original advisory details:\n\n Aral Yaman discovered a vulnerability in the WebGL engine. An attacker\n could potentially use this to crash Firefox or execute arbitrary code with\n the privileges of the user invoking Firefox. (CVE-2011-2989)\n\n Vivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An\n attacker could potentially use this to crash Firefox or execute arbitrary\n code with the privileges of the user invoking Firefox. (CVE-2011-2991)\n\n Bert Hubert and Theo Snelleman discovered a vulnerability in the Ogg\n reader. An attacker could potentially use this to crash Firefox or execute\n arbitrary code with the privileges of the user invoking Firefox.\n (CVE-2011-2991)\n\n Robert Kaiser, Jesse Ruderman, Gary Kwong, Christoph Diehl, Martijn\n Wargers, Travis Emmitt, Bob Clary, and Jonathan Watt discovered multiple\n memory vulnerabilities in the browser rendering engine. An attacker could\n use these to possibly execute arbitrary code with the privileges of the\n user invoking Firefox. (CVE-2011-2985)\n\n Rafael Gieschke discovered that unsigned JavaScript could call into a\n script inside a signed JAR. This could allow an attacker to execute\n arbitrary code with the identity and permissions of the signed JAR.\n (CVE-2011-2993)\n\n Michael Jordon discovered that an overly long shader program could cause a\n buffer overrun. An attacker could potentially use this to crash Firefox or\n execute arbitrary code with the privileges of the user invoking Firefox.\n (CVE-2011-2988)\n\n Michael Jordon discovered a heap overflow in the ANGLE library used in\n Firefox's WebGL implementation. An attacker could potentially use this to\n crash Firefox or execute arbitrary code with the privileges of the user\n invoking Firefox. (CVE-2011-2987)\n\n It was discovered that an SVG text manipulation routine contained a\n dangling pointer vulnerability. An attacker could potentially use this to\n crash Firefox or execute arbitrary code with the privileges of the user\n invoking Firefox. (CVE-2011-0084)\n\n Mike Cardwell discovered that Content Security Policy violation reports\n failed to strip out proxy authorization credentials from the list of\n request headers. This could allow a malicious website to capture proxy\n authorization credentials. Daniel Veditz discovered that redirecting to a\n website with Content Security ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvoikko1\", ver:\"3.1-1ubuntu0.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:27:25", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1192-3", "modified": "2017-12-01T00:00:00", "published": "2011-10-21T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840777", "id": "OPENVAS:840777", "title": "Ubuntu Update for libvoikko USN-1192-3", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1192_3.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for libvoikko USN-1192-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-1192-1 provided Firefox 6 as a security upgrade. Unfortunately, this\n caused a regression in libvoikko which caused Firefox to crash while spell\n checking words with hyphens. This update corrects the issue. We apologize\n for the inconvenience.\n\n Original advisory details:\n \n Aral Yaman discovered a vulnerability in the WebGL engine. An attacker\n could potentially use this to crash Firefox or execute arbitrary code with\n the privileges of the user invoking Firefox. (CVE-2011-2989)\n \n Vivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An\n attacker could potentially use this to crash Firefox or execute arbitrary\n code with the privileges of the user invoking Firefox. (CVE-2011-2991)\n \n Bert Hubert and Theo Snelleman discovered a vulnerability in the Ogg\n reader. An attacker could potentially use this to crash Firefox or execute\n arbitrary code with the privileges of the user invoking Firefox.\n (CVE-2011-2991)\n \n Robert Kaiser, Jesse Ruderman, Gary Kwong, Christoph Diehl, Martijn\n Wargers, Travis Emmitt, Bob Clary, and Jonathan Watt discovered multiple\n memory vulnerabilities in the browser rendering engine. An attacker could\n use these to possibly execute arbitrary code with the privileges of the\n user invoking Firefox. (CVE-2011-2985)\n \n Rafael Gieschke discovered that unsigned JavaScript could call into a\n script inside a signed JAR. This could allow an attacker to execute\n arbitrary code with the identity and permissions of the signed JAR.\n (CVE-2011-2993)\n \n Michael Jordon discovered that an overly long shader program could cause a\n buffer overrun. An attacker could potentially use this to crash Firefox or\n execute arbitrary code with the privileges of the user invoking Firefox.\n (CVE-2011-2988)\n \n Michael Jordon discovered a heap overflow in the ANGLE library used in\n Firefox's WebGL implementation. An attacker could potentially use this to\n crash Firefox or execute arbitrary code with the privileges of the user\n invoking Firefox. (CVE-2011-2987)\n \n It was discovered that an SVG text manipulation routine contained a\n dangling pointer vulnerability. An attacker could potentially use this to\n crash Firefox or execute arbitrary code with the privileges of the user\n invoking Firefox. (CVE-2011-0084)\n \n Mike Cardwell discovered that Content Security Policy violation reports\n failed to strip out proxy authorization credentials from the list of\n request headers. This could allow a malicious website to capture proxy\n authorization credentials. Daniel Veditz discovered that redirecting to a\n website with Content Security ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1192-3\";\ntag_affected = \"libvoikko on Ubuntu 11.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1192-3/\");\n script_id(840777);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1192-3\");\n script_cve_id(\"CVE-2011-2989\", \"CVE-2011-2991\", \"CVE-2011-2985\", \"CVE-2011-2993\",\n \"CVE-2011-2988\", \"CVE-2011-2987\", \"CVE-2011-0084\", \"CVE-2011-2990\");\n script_name(\"Ubuntu Update for libvoikko USN-1192-3\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvoikko1\", ver:\"3.1-1ubuntu0.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:53", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1192-2", "modified": "2019-03-13T00:00:00", "published": "2011-08-19T00:00:00", "id": "OPENVAS:1361412562310840723", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840723", "title": "Ubuntu Update for mozvoikko USN-1192-2", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1192_2.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for mozvoikko USN-1192-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1192-2/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840723\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-19 15:17:22 +0200 (Fri, 19 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1192-2\");\n script_cve_id(\"CVE-2011-2989\", \"CVE-2011-2991\", \"CVE-2011-2985\", \"CVE-2011-2993\", \"CVE-2011-2988\", \"CVE-2011-2987\", \"CVE-2011-0084\", \"CVE-2011-2990\");\n script_name(\"Ubuntu Update for mozvoikko USN-1192-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.04\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1192-2\");\n script_tag(name:\"affected\", value:\"mozvoikko on Ubuntu 11.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"USN-1192-1 fixed vulnerabilities in Firefox. This update provides an\n updated Mozvoikko for use with Firefox 6.\n\n Original advisory details:\n\n Aral Yaman discovered a vulnerability in the WebGL engine. An attacker\n could potentially use this to crash Firefox or execute arbitrary code with\n the privileges of the user invoking Firefox. (CVE-2011-2989)\n\n Vivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An\n attacker could potentially use this to crash Firefox or execute arbitrary\n code with the privileges of the user invoking Firefox. (CVE-2011-2991)\n\n Bert Hubert and Theo Snelleman discovered a vulnerability in the Ogg\n reader. An attacker could potentially use this to crash Firefox or execute\n arbitrary code with the privileges of the user invoking Firefox.\n (CVE-2011-2991)\n\n Robert Kaiser, Jesse Ruderman, Gary Kwong, Christoph Diehl, Martijn\n Wargers, Travis Emmitt, Bob Clary, and Jonathan Watt discovered multiple\n memory vulnerabilities in the browser rendering engine. An attacker could\n use these to possibly execute arbitrary code with the privileges of the\n user invoking Firefox. (CVE-2011-2985)\n\n Rafael Gieschke discovered that unsigned JavaScript could call into a\n script inside a signed JAR. This could allow an attacker to execute\n arbitrary code with the identity and permissions of the signed JAR.\n (CVE-2011-2993)\n\n Michael Jordon discovered that an overly long shader program could cause a\n buffer overrun. An attacker could potentially use this to crash Firefox or\n execute arbitrary code with the privileges of the user invoking Firefox.\n (CVE-2011-2988)\n\n Michael Jordon discovered a heap overflow in the ANGLE library used in\n Firefox's WebGL implementation. An attacker could potentially use this to\n crash Firefox or execute arbitrary code with the privileges of the user\n invoking Firefox. (CVE-2011-2987)\n\n It was discovered that an SVG text manipulation routine contained a\n dangling pointer vulnerability. An attacker could potentially use this to\n crash Firefox or execute arbitrary code with the privileges of the user\n invoking Firefox. (CVE-2011-0084)\n\n Mike Cardwell discovered that Content Security Policy violation reports\n failed to strip out proxy authorization credentials from the list of\n request headers. This could allow a malicious website to capture proxy\n authorization credentials. Daniel Veditz discovered that redirecting to a\n website with Content Security Policy resulted in the incorrect resolution\n of hosts in the constructed policy. This could allow a malicious website to\n circumvent the Content Security Policy of another website. (CVE-2011-2990)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xul-ext-mozvoikko\", ver:\"1.9.0~svn20101114r3591-0ubuntu3.11.04.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:27:41", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1192-2", "modified": "2017-12-01T00:00:00", "published": "2011-08-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840723", "id": "OPENVAS:840723", "title": "Ubuntu Update for mozvoikko USN-1192-2", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1192_2.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for mozvoikko USN-1192-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-1192-1 fixed vulnerabilities in Firefox. This update provides an\n updated Mozvoikko for use with Firefox 6.\n\n Original advisory details:\n \n Aral Yaman discovered a vulnerability in the WebGL engine. An attacker\n could potentially use this to crash Firefox or execute arbitrary code with\n the privileges of the user invoking Firefox. (CVE-2011-2989)\n \n Vivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An\n attacker could potentially use this to crash Firefox or execute arbitrary\n code with the privileges of the user invoking Firefox. (CVE-2011-2991)\n \n Bert Hubert and Theo Snelleman discovered a vulnerability in the Ogg\n reader. An attacker could potentially use this to crash Firefox or execute\n arbitrary code with the privileges of the user invoking Firefox.\n (CVE-2011-2991)\n \n Robert Kaiser, Jesse Ruderman, Gary Kwong, Christoph Diehl, Martijn\n Wargers, Travis Emmitt, Bob Clary, and Jonathan Watt discovered multiple\n memory vulnerabilities in the browser rendering engine. An attacker could\n use these to possibly execute arbitrary code with the privileges of the\n user invoking Firefox. (CVE-2011-2985)\n \n Rafael Gieschke discovered that unsigned JavaScript could call into a\n script inside a signed JAR. This could allow an attacker to execute\n arbitrary code with the identity and permissions of the signed JAR.\n (CVE-2011-2993)\n \n Michael Jordon discovered that an overly long shader program could cause a\n buffer overrun. An attacker could potentially use this to crash Firefox or\n execute arbitrary code with the privileges of the user invoking Firefox.\n (CVE-2011-2988)\n \n Michael Jordon discovered a heap overflow in the ANGLE library used in\n Firefox's WebGL implementation. An attacker could potentially use this to\n crash Firefox or execute arbitrary code with the privileges of the user\n invoking Firefox. (CVE-2011-2987)\n \n It was discovered that an SVG text manipulation routine contained a\n dangling pointer vulnerability. An attacker could potentially use this to\n crash Firefox or execute arbitrary code with the privileges of the user\n invoking Firefox. (CVE-2011-0084)\n \n Mike Cardwell discovered that Content Security Policy violation reports\n failed to strip out proxy authorization credentials from the list of\n request headers. This could allow a malicious website to capture proxy\n authorization credentials. Daniel Veditz discovered that redirecting to a\n website with Content Security Policy resulted in the incorrect resolution\n of hosts in the constructed policy. This could allow a malicious website to\n circumvent the Content Security Policy of another website. (CVE-2011-2990)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1192-2\";\ntag_affected = \"mozvoikko on Ubuntu 11.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1192-2/\");\n script_id(840723);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-19 15:17:22 +0200 (Fri, 19 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1192-2\");\n script_cve_id(\"CVE-2011-2989\", \"CVE-2011-2991\", \"CVE-2011-2985\", \"CVE-2011-2993\", \"CVE-2011-2988\", \"CVE-2011-2987\", \"CVE-2011-0084\", \"CVE-2011-2990\");\n script_name(\"Ubuntu Update for mozvoikko USN-1192-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xul-ext-mozvoikko\", ver:\"1.9.0~svn20101114r3591-0ubuntu3.11.04.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:57", "bulletinFamily": "scanner", "description": "Check for the Version of mozvoikko", "modified": "2017-07-10T00:00:00", "published": "2011-08-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863436", "id": "OPENVAS:863436", "title": "Fedora Update for mozvoikko FEDORA-2011-11106", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mozvoikko FEDORA-2011-11106\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mozvoikko on Fedora 15\";\ntag_insight = \"This is mozvoikko, an extension for Mozilla programs for using the Finnish\n spell-checker Voikko.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063900.html\");\n script_id(863436);\n script_version(\"$Revision: 6626 $\");\n script_cve_id(\"CVE-2011-2989\", \"CVE-2011-2991\", \"CVE-2011-2992\", \"CVE-2011-2985\",\n \"CVE-2011-2988\", \"CVE-2011-2993\", \"CVE-2011-2987\", \"CVE-2011-0084\",\n \"CVE-2011-2990\", \"CVE-2011-2986\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-19 15:17:22 +0200 (Fri, 19 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-11106\");\n script_name(\"Fedora Update for mozvoikko FEDORA-2011-11106\");\n\n script_summary(\"Check for the Version of mozvoikko\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"mozvoikko\", rpm:\"mozvoikko~1.9.0~6.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:03", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-19T00:00:00", "id": "OPENVAS:1361412562310863443", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863443", "title": "Fedora Update for gnome-python2-extras FEDORA-2011-11106", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-python2-extras FEDORA-2011-11106\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063901.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863443\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2011-2989\", \"CVE-2011-2991\", \"CVE-2011-2992\", \"CVE-2011-2985\",\n \"CVE-2011-2988\", \"CVE-2011-2993\", \"CVE-2011-2987\", \"CVE-2011-0084\",\n \"CVE-2011-2990\", \"CVE-2011-2986\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-19 15:17:22 +0200 (Fri, 19 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-11106\");\n script_name(\"Fedora Update for gnome-python2-extras FEDORA-2011-11106\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnome-python2-extras'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"gnome-python2-extras on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-extras\", rpm:\"gnome-python2-extras~2.25.3~33.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:30", "bulletinFamily": "scanner", "description": "Check for the Version of gnome-python2-extras", "modified": "2017-07-10T00:00:00", "published": "2011-08-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863443", "id": "OPENVAS:863443", "title": "Fedora Update for gnome-python2-extras FEDORA-2011-11106", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-python2-extras FEDORA-2011-11106\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-python2-extras on Fedora 15\";\ntag_insight = \"The gnome-python-extra package contains the source packages for additional\n Python bindings for GNOME. It should be used together with gnome-python.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063901.html\");\n script_id(863443);\n script_version(\"$Revision: 6626 $\");\n script_cve_id(\"CVE-2011-2989\", \"CVE-2011-2991\", \"CVE-2011-2992\", \"CVE-2011-2985\",\n \"CVE-2011-2988\", \"CVE-2011-2993\", \"CVE-2011-2987\", \"CVE-2011-0084\",\n \"CVE-2011-2990\", \"CVE-2011-2986\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-19 15:17:22 +0200 (Fri, 19 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-11106\");\n script_name(\"Fedora Update for gnome-python2-extras FEDORA-2011-11106\");\n\n script_summary(\"Check for the Version of gnome-python2-extras\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-extras\", rpm:\"gnome-python2-extras~2.25.3~33.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:27", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-19T00:00:00", "id": "OPENVAS:1361412562310863424", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863424", "title": "Fedora Update for xulrunner FEDORA-2011-11106", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xulrunner FEDORA-2011-11106\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063897.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863424\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2011-2989\", \"CVE-2011-2991\", \"CVE-2011-2992\", \"CVE-2011-2985\",\n \"CVE-2011-2988\", \"CVE-2011-2993\", \"CVE-2011-2987\", \"CVE-2011-0084\",\n \"CVE-2011-2990\", \"CVE-2011-2986\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-19 15:17:22 +0200 (Fri, 19 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-11106\");\n script_name(\"Fedora Update for xulrunner FEDORA-2011-11106\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xulrunner'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"xulrunner on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~6.0~2.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:31:56", "bulletinFamily": "unix", "description": "Mozilla Firefox was updated to version 6.\n\n It brings new features, fixes bugs and security issues.\n Following security issues were fixed:\n <a rel=\"nofollow\" href=\"http://www.mozilla.org/security/announce/2011/mfsa2011-29.ht\">http://www.mozilla.org/security/announce/2011/mfsa2011-29.ht</a>\n ml Mozilla Foundation Security Advisory 2011-29 (MFSA\n 2011-29)\n\n * Miscellaneous memory safety hazards: Mozilla identified\n and fixed several memory safety bugs in the browser\n engine used in Firefox 4, Firefox 5 and other\n Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n Aral Yaman reported a WebGL crash which affected Firefox\n 4 and Firefox 5. (CVE-2011-2989)\n\n Vivekanand Bolajwar reported a JavaScript crash which\n affected Firefox 4 and Firefox 5. (CVE-2011-2991)\n\n Bert Hubert and Theo Snelleman of Fox-IT reported a crash\n in the Ogg reader which affected Firefox 4 and Firefox 5.\n (CVE-2011-2992)\n\n Mozilla developers and community members Robert Kaiser,\n Jesse Ruderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph\n Diehl, Martijn Wargers, Travis Emmitt, Bob Clary and\n Jonathan Watt reported memory safety issues which affected\n Firefox 4 and Firefox 5. (CVE-2011-2985)\n\n\n * Unsigned scripts can call script inside signed JAR Rafael\n Gieschke reported that unsigned JavaScript could call\n into script inside a signed JAR thereby inheriting the\n identity of the site that signed the JAR as well as any\n permissions that a user had granted the signed JAR.\n (CVE-2011-2993)\n\n * String crash using WebGL shaders Michael Jordon of\n Context IS reported that an overly long shader program\n could cause a buffer overrun and crash in a string class\n used to store the shader source code. (CVE-2011-2988)\n\n * Heap overflow in ANGLE library Michael Jordon of Context\n IS reported a potentially exploitable heap overflow in\n the ANGLE library used by Mozilla's WebGL implementation.\n (CVE-2011-2987)\n\n * Crash in SVGTextElement.getCharNumAtPosition() Security\n researcher regenrecht reported via TippingPoint's Zero\n Day Initiative that a SVG text manipulation routine\n contained a dangling pointer vulnerability.\n (CVE-2011-0084)\n\n * Credential leakage using Content Security Policy reports\n Mike Cardwell reported that Content Security Policy\n violation reports failed to strip out proxy authorization\n credentials from the list of request headers. Daniel\n Veditz reported that redirecting to a website with\n Content Security Policy resulted in the incorrect\n resolution of hosts in the constructed policy.\n (CVE-2011-2990)\n * Cross-origin data theft using canvas and Windows D2D\n nasalislarvatus3000 reported that when using Windows D2D\n hardware acceleration, image data from one domain could\n be inserted into a canvas and read by a different domain.\n (CVE-2011-2986)\n\n", "modified": "2011-08-29T21:08:18", "published": "2011-08-29T21:08:18", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00026.html", "id": "OPENSUSE-SU-2011:0957-2", "title": "MozillaFirefox: Update to Firefox 6 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:27:15", "bulletinFamily": "unix", "description": "Mozilla Seamonkey suite was updated to version 2.3.\n\n The update fixes bugs and security issues. Following\n security issues were fixed:\n <a rel=\"nofollow\" href=\"http://www.mozilla.org/security/announce/2011/mfsa2011-33.ht\">http://www.mozilla.org/security/announce/2011/mfsa2011-33.ht</a>\n ml Mozilla Foundation Security Advisory 2011-33 (MFSA\n 2011-33) Mozilla Foundation Security Advisory 2011-33\n\n * Miscellaneous memory safety hazards (rv:4.0) Mozilla\n identified and fixed several memory safety bugs in the\n browser engine used in SeaMonkey 2.2 and other\n Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n Aral Yaman reported a WebGL crash which affected\n SeaMonkey 2.2. (CVE-2011-2989)\n\n Vivekanand Bolajwar reported a JavaScript crash which\n affected SeaMonkey 2.2. (CVE-2011-2991)\n\n Bert Hubert and Theo Snelleman of Fox-IT reported a crash\n in the Ogg reader which affected SeaMonkey 2.2.\n (CVE-2011-2992)\n\n Mozilla developers and community members Robert Kaiser,\n Jesse Ruderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph\n Diehl, Martijn Wargers, Travis Emmitt, Bob Clary and\n Jonathan Watt reported memory safety issues which affected\n SeaMonkey 2.2. (CVE-2011-2985)\n\n * Unsigned scripts can call script inside signed JAR\n\n Rafael Gieschke reported that unsigned JavaScript could\n call into script inside a signed JAR thereby inheriting the\n identity of the site that signed the JAR as well as any\n permissions that a user had granted the signed JAR.\n (CVE-2011-2993)\n\n * String crash using WebGL shaders\n\n Michael Jordon of Context IS reported that an overly long\n shader program could cause a buffer overrun and crash in a\n string class used to store the shader source code.\n (CVE-2011-2988)\n\n * Heap overflow in ANGLE library\n\n Michael Jordon of Context IS reported a potentially\n exploitable heap overflow in the ANGLE library used by\n Mozilla's WebGL implementation. (CVE-2011-2987)\n\n * Crash in SVGTextElement.getCharNumAtPosition()\n\n Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that a SVG text\n manipulation routine contained a dangling pointer\n vulnerability. (CVE-2011-0084)\n\n * Credential leakage using Content Security Policy reports\n\n Mike Cardwell reported that Content Security Policy\n violation reports failed to strip out proxy authorization\n credentials from the list of request headers. Daniel Veditz\n reported that redirecting to a website with Content\n Security Policy resulted in the incorrect resolution of\n hosts in the constructed policy. (CVE-2011-2990)\n\n * Cross-origin data theft using canvas and Windows D2D\n\n nasalislarvatus3000 reported that when using Windows D2D\n hardware acceleration, image data from one domain could be\n inserted into a canvas and read by a different domain.\n (CVE-2011-2986)\n\n", "modified": "2011-08-26T20:08:16", "published": "2011-08-26T20:08:16", "id": "OPENSUSE-SU-2011:0957-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00020.html", "title": "seamonkey: Update to Mozilla Seamonkey 2.3 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:02:22", "bulletinFamily": "unix", "description": "Mozilla released a round of security updates.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2011-08-29T16:12:15", "published": "2011-08-29T16:12:15", "id": "SUSE-SA:2011:037", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html", "type": "suse", "title": "remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2019-05-29T18:11:16", "bulletinFamily": "NVD", "description": "The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.", "modified": "2017-09-19T01:33:00", "id": "CVE-2011-2989", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2989", "published": "2011-08-18T18:55:00", "title": "CVE-2011-2989", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:11:16", "bulletinFamily": "NVD", "description": "Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader.", "modified": "2017-09-19T01:33:00", "id": "CVE-2011-2988", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2988", "published": "2011-08-18T18:55:00", "title": "CVE-2011-2988", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:11:16", "bulletinFamily": "NVD", "description": "Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas.", "modified": "2017-09-19T01:33:00", "id": "CVE-2011-2986", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2986", "published": "2011-08-18T18:55:00", "title": "CVE-2011-2986", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:11:16", "bulletinFamily": "NVD", "description": "Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers to execute arbitrary code via unspecified vectors.", "modified": "2017-09-19T01:33:00", "id": "CVE-2011-2987", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2987", "published": "2011-08-18T18:55:00", "title": "CVE-2011-2987", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:11:16", "bulletinFamily": "NVD", "description": "The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by reading a report, related to incorrect host resolution that occurs with certain redirects.", "modified": "2017-09-19T01:33:00", "id": "CVE-2011-2990", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2990", "published": "2011-08-18T18:55:00", "title": "CVE-2011-2990", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:11:16", "bulletinFamily": "NVD", "description": "The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.", "modified": "2017-09-19T01:33:00", "id": "CVE-2011-2991", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2991", "published": "2011-08-18T18:55:00", "title": "CVE-2011-2991", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:11:16", "bulletinFamily": "NVD", "description": "The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801.", "modified": "2017-09-19T01:33:00", "id": "CVE-2011-2993", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2993", "published": "2011-08-18T18:55:00", "title": "CVE-2011-2993", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:11:16", "bulletinFamily": "NVD", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "modified": "2017-09-19T01:33:00", "id": "CVE-2011-2985", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2985", "published": "2011-08-18T18:55:00", "title": "CVE-2011-2985", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:11:16", "bulletinFamily": "NVD", "description": "The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.", "modified": "2017-09-19T01:33:00", "id": "CVE-2011-2992", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2992", "published": "2011-08-18T18:55:00", "title": "CVE-2011-2992", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:11:05", "bulletinFamily": "NVD", "description": "The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a \"dangling pointer.\"", "modified": "2017-09-19T01:31:00", "id": "CVE-2011-0084", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0084", "published": "2011-08-18T18:55:00", "title": "CVE-2011-0084", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:57", "bulletinFamily": "unix", "description": "\nThe Mozilla Project reports:\n\nMFSA 2011-29 Security issues addressed in Firefox 6\nMFSA 2011-28 Security issues addressed in Firefox 3.6.20\n\n", "modified": "2011-08-16T00:00:00", "published": "2011-08-16T00:00:00", "id": "834591A9-C82F-11E0-897D-6C626DD55A41", "href": "https://vuxml.freebsd.org/freebsd/834591a9-c82f-11e0-897d-6c626dd55a41.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "description": "Multiple memory corruptions, crossite access, information leak, restriction bypass.", "modified": "2011-08-19T00:00:00", "published": "2011-08-19T00:00:00", "id": "SECURITYVULNS:VULN:11874", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11874", "title": "Mozilla Fireox / Seamonkey / Thunderbird multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "ZDI-11-270: Mozilla Firefox SVGTextElement.getCharNumAtPosition Remote Code Execution Vulnerability\r\n\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-270\r\n\r\nAugust 17, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-0084\r\n\r\n-- CVSS:\r\n7.5, &#40;AV:N/AC:L/Au:N/C:P/I:P/A:P&#41;\r\n\r\n-- Affected Vendors:\r\nMozilla\r\n\r\n-- Affected Products:\r\nMozilla Firefox\r\n\r\n-- TippingPoint&#40;TM&#41; IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 11213. \r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Mozilla Firefox. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe specific flaw exists within the code responsible for parsing SVG\r\ntext containers. The code within nsSVGGlyphFrame::GetCharNumAtPosition&#40;&#41;\r\ndoes not account for user defined getter methods modifying or destroying\r\nthe parent object. An attacker can abuse this flaw to create a dangling\r\npointer which is referenced during the traversal of the SVG container\r\nhierarchy. This can be leveraged to execute arbitrary code within the\r\ncontext of the browser.\r\n\r\n-- Vendor Response:\r\nMozilla has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-30.html#cve-2011-0084\r\n\r\n-- Disclosure Timeline:\r\n2011-04-04 - Vulnerability reported to vendor\r\n2011-08-17 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * regenrecht\r\n\r\n-- About the Zero Day Initiative &#40;ZDI&#41;:\r\nEstablished by TippingPoint, The Zero Day Initiative &#40;ZDI&#41; represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors &#40;including competitors&#41; who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n http://twitter.com/thezdi", "modified": "2011-08-18T00:00:00", "published": "2011-08-18T00:00:00", "id": "SECURITYVULNS:DOC:26883", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26883", "title": "ZDI-11-270: Mozilla Firefox SVGTextElement.getCharNumAtPosition Remote Code Execution Vulnerability", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:00:35", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 49166\r\nCVE ID: CVE-2011-0084,CVE-2011-2978,CVE-2011-2980,CVE-2011-2981,CVE-2011-2982,CVE-2011-2983,CVE-2011-2984,CVE-2011-2985,CVE-2011-2986,CVE-2011-2987,CVE-2011-2988,CVE-2011-2989,CVE-2011-2990,CVE-2011-2991,CVE-2011-2992,CVE-2011-2993\r\n\r\nFirefox\u662f\u4e00\u6b3e\u975e\u5e38\u6d41\u884c\u7684\u5f00\u6e90WEB\u6d4f\u89c8\u5668\u3002Thunderbird\u662f\u4e00\u4e2a\u90ae\u4ef6\u5ba2\u6237\u7aef\uff0c\u652f\u6301IMAP\u3001POP\u90ae\u4ef6\u534f\u8bae\u4ee5\u53caHTML\u90ae\u4ef6\u683c\u5f0f\u3002SeaMonkey\u662f\u5f00\u6e90\u7684Web\u6d4f\u89c8\u5668\u3001\u90ae\u4ef6\u548c\u65b0\u95fb\u7ec4\u5ba2\u6237\u7aef\u3001IRC\u4f1a\u8bdd\u5ba2\u6237\u7aef\u548cHTML\u7f16\u8f91\u5668\u3002\r\n\r\nMozilla Firefox/Thunderbird/SeaMonkey\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u4f7f\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\n\nMozilla Thunderbird 3.x\r\nMozilla Thunderbird 2.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMozilla\r\n-------\r\nMozilla\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08mfsa2011-29\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\n\r\nmfsa2011-29\uff1aMozilla Foundation Security Advisory 2011-29\r\n\r\n\u94fe\u63a5\uff1ahttp://www.mozilla.org/security/announce/2011/mfsa2011-29.html", "modified": "2011-08-18T00:00:00", "published": "2011-08-18T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20867", "id": "SSV:20867", "title": "Mozilla Firefox/Thunderbird/SeaMonkey\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "zdi": [{"lastseen": "2016-11-09T00:17:52", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the code responsible for parsing SVG text containers. The code within nsSVGGlyphFrame::GetCharNumAtPosition() does not account for user defined getter methods modifying or destroying the parent object. An attacker can abuse this flaw to create a dangling pointer which is referenced during the traversal of the SVG container hierarchy. This can be leveraged to execute arbitrary code within the context of the browser.", "modified": "2011-11-09T00:00:00", "published": "2011-08-17T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-11-270", "id": "ZDI-11-270", "title": "Mozilla Firefox SVGTextElement.getCharNumAtPosition Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:44:53", "bulletinFamily": "unix", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML content.\nMalicious HTML content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-2982)\n\nA dangling pointer flaw was found in the Thunderbird Scalable Vector\nGraphics (SVG) text manipulation routine. An HTML mail message containing a\nmalicious SVG image could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-0084)\n\nA dangling pointer flaw was found in the way Thunderbird handled a certain\nDocument Object Model (DOM) element. An HTML mail message containing\nmalicious content could cause Thunderbird to crash or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-2378)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n", "modified": "2018-06-06T20:24:33", "published": "2011-08-16T04:00:00", "id": "RHSA-2011:1166", "href": "https://access.redhat.com/errata/RHSA-2011:1166", "type": "redhat", "title": "(RHSA-2011:1166) Critical: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:09", "bulletinFamily": "unix", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-2982)\n\nA dangling pointer flaw was found in the Firefox Scalable Vector Graphics\n(SVG) text manipulation routine. A web page containing a malicious SVG\nimage could cause Firefox to crash or, potentially, execute arbitrary code\nwith the privileges of the user running Firefox. (CVE-2011-0084)\n\nA dangling pointer flaw was found in the way Firefox handled a certain\nDocument Object Model (DOM) element. A web page containing malicious\ncontent could cause Firefox to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-2378)\n\nA flaw was found in the event management code in Firefox. A website\ncontaining malicious JavaScript could cause Firefox to execute that\nJavaScript with the privileges of the user running Firefox. (CVE-2011-2981)\n\nA flaw was found in the way Firefox handled malformed JavaScript. A web\npage containing malicious JavaScript could cause Firefox to access already\nfreed memory, causing Firefox to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-2983)\n\nIt was found that a malicious web page could execute arbitrary code with\nthe privileges of the user running Firefox if the user dropped a tab onto\nthe malicious web page. (CVE-2011-2984)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.20. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.20, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n", "modified": "2018-06-06T20:24:15", "published": "2011-08-16T04:00:00", "id": "RHSA-2011:1164", "href": "https://access.redhat.com/errata/RHSA-2011:1164", "type": "redhat", "title": "(RHSA-2011:1164) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:53", "bulletinFamily": "unix", "description": "[3.1.12-1.0.1.el6_1]\n- Replaced thunderbird-redhat-default-prefs.js with\n thunderbird-oracle-default-prefs.js\n- Replace clean.gif in tarball\n[3.1.12-1]\n- Update to 3.1.12", "modified": "2011-08-16T00:00:00", "published": "2011-08-16T00:00:00", "id": "ELSA-2011-1166", "href": "http://linux.oracle.com/errata/ELSA-2011-1166.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:22:25", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2295-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nAugust 17, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceape\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-0084 CVE-2011-2378 CVE-2011-2981 CVE-2011-2982 \n CVE-2011-2983 CVE-2011-2984 \n\nSeveral vulnerabilities have been found in the Iceape internet suite, an\nunbranded version of Seamonkey:\n\nCVE-2011-0084\n\n &quot;regenrecht&quot; discovered that incorrect pointer handling in the SVG \n processing code could lead to the execution of arbitrary code.\n\nCVE-2011-2378\n\n &quot;regenrecht&quot; discovered that incorrect memory management in DOM\n processing could lead to the execution of arbitrary code.\n\nCVE-2011-2981\n\n &quot;moz_bug_r_a_4&quot; discovered a Chrome privilege escalation\n vulnerability in the event handler code.\n\nCVE-2011-2982\n\n Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory\n corruption bugs, which may lead to the execution of arbitrary code.\n\nCVE-2011-2983\n\n &quot;shutdown&quot; discovered an information leak in the handling of\n RegExp.input.\n\nCVE-2011-2984\n\n &quot;moz_bug_r_a4&quot; discovered a Chrome privilege escalation\n vulnerability.\n\nThe oldstable distribution (lenny) is not affected. The iceape\npackage only provides the XPCOM code.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-7.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.14-5.\n\nWe recommend that you upgrade your iceape packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n", "modified": "2011-08-17T17:54:12", "published": "2011-08-17T17:54:12", "id": "DEBIAN:DSA-2295-1:07B34", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00169.html", "title": "[SECURITY] [DSA 2295-1] iceape security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:22:04", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2297-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nAugust 21, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-0084 CVE-2011-2378 CVE-2011-2981 CVE-2011-2982 \n CVE-2011-2983 CVE-2011-2984 \n\nSeveral vulnerabilities have been discovered in Icedove, an unbranded\nversion of the Thunderbird mail/news client.\n\nCVE-2011-0084\n\n &quot;regenrecht&quot; discovered that incorrect pointer handling in the SVG\n processing code could lead to the execution of arbitrary code.\n\nCVE-2011-2378\n\n &quot;regenrecht&quot; discovered that incorrect memory management in DOM\n processing could lead to the execution of arbitrary code.\n\nCVE-2011-2981\n\n &quot;moz_bug_r_a_4&quot; discovered a Chrome privilege escalation\n vulnerability in the event handler code.\n\nCVE-2011-2982\n\n Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory\n corruption bugs, which may lead to the execution of arbitrary code.\n\nCVE-2011-2983\n\n &quot;shutdown&quot; discovered an information leak in the handling of\n RegExp.input.\n\nCVE-2011-2984\n\n &quot;moz_bug_r_a4&quot; discovered a Chrome privilege escalation vulnerability.\n\n\nAs indicated in the Lenny (oldstable) release notes, security support for\nthe Icedove packages in the oldstable needed to be stopped before the end\nof the regular Lenny security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a different\nmail client.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze4.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.1.12-1.\n\nWe recommend that you upgrade your iceweasel packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2011-08-21T19:15:08", "published": "2011-08-21T19:15:08", "id": "DEBIAN:DSA-2297-1:5713C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00171.html", "title": "[SECURITY] [DSA 2297-1] icedove security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:21:31", "bulletinFamily": "unix", "description": "Christoph G\u00f6hre uploaded new packages for icedove which fixed the following\nsecurity problems:\n\nCVE-2011-0084\n\n &quot;regenrecht&quot; discovered that incorrect pointer handling in the SVG\n processing code could lead to the execution of arbitrary code.\n\nCVE-2011-2378\n\n &quot;regenrecht&quot; discovered that incorrect memory management in DOM\n processing could lead to the execution of arbitrary code.\n\nCVE-2011-2981\n\n &quot;moz_bug_r_a_4&quot; discovered a Chrome privilege escalation\n vulnerability in the event handler code.\n\nCVE-2011-2982\n\n Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory\n corruption bugs, which may lead to the execution of arbitrary code.\n\nCVE-2011-2983\n\n &quot;shutdown&quot; discovered an information leak in the handling of\n RegExp.input.\n\nCVE-2011-2984\n\n &quot;moz_bug_r_a4&quot; discovered a Chrome privilege escalation vulnerability.\n\n\nFor the squeeze-backports distribution, this problem have been fixed in\nversion 3.1.12-1~bpo60+1.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 3.1.12-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.1.12-1.\n", "modified": "2011-09-01T07:06:17", "published": "2011-09-01T07:06:17", "id": "DEBIAN:BSA-046:D9C0C", "href": "https://lists.debian.org/debian-backports-announce/2011/debian-backports-announce-201109/msg00000.html", "title": "[BSA-046] Security Update for icedove", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-05-29T18:34:05", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2011:1164\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-2982)\n\nA dangling pointer flaw was found in the Firefox Scalable Vector Graphics\n(SVG) text manipulation routine. A web page containing a malicious SVG\nimage could cause Firefox to crash or, potentially, execute arbitrary code\nwith the privileges of the user running Firefox. (CVE-2011-0084)\n\nA dangling pointer flaw was found in the way Firefox handled a certain\nDocument Object Model (DOM) element. A web page containing malicious\ncontent could cause Firefox to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-2378)\n\nA flaw was found in the event management code in Firefox. A website\ncontaining malicious JavaScript could cause Firefox to execute that\nJavaScript with the privileges of the user running Firefox. (CVE-2011-2981)\n\nA flaw was found in the way Firefox handled malformed JavaScript. A web\npage containing malicious JavaScript could cause Firefox to access already\nfreed memory, causing Firefox to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2011-2983)\n\nIt was found that a malicious web page could execute arbitrary code with\nthe privileges of the user running Firefox if the user dropped a tab onto\nthe malicious web page. (CVE-2011-2984)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.20. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.20, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-August/017698.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-August/017699.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/017821.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/017822.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/018054.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/018055.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2011-September/000196.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2011-September/000197.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2011-September/000222.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2011-September/000223.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1164.html", "modified": "2011-09-22T06:01:30", "published": "2011-08-16T19:27:06", "href": "http://lists.centos.org/pipermail/centos-announce/2011-August/017698.html", "id": "CESA-2011:1164", "title": "firefox, xulrunner security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}