ID SUSE_11_MOZILLA-XULRUNNER191-101118.NASL Type nessus Reporter This script is Copyright (C) 2010-2021 Tenable Network Security, Inc. Modified 2010-12-02T00:00:00
Description
This update brings the Mozilla XULRunner engine to version 1.9.1.15,
fixing various bugs and security issues.
The following security issues were fixed :
Mozilla developers identified and fixed several memory
safety bugs in the browser engine used in Firefox and
other Mozilla-based products. Some of these bugs showed
evidence of memory corruption under certain
circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary
code. References. (MFSA 2010-64)
Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor
Bukanov and Josh Soref reported memory safety problems
that affected Firefox 3.6 and Firefox 3.5.
Memory safety bugs - Firefox 3.6, Firefox 3.5
Gary Kwong, Martijn Wargers and Siddharth Agarwal
reported memory safety problems that affected Firefox
3.6 only. (CVE-2010-3176)
Memory safety bugs - Firefox 3.6
CVE-2010-3175
Security researcher Alexander Miller reported that
passing an excessively long string to document.write
could cause text rendering routines to end up in an
inconsistent state with sections of stack memory being
overwritten with the string data. An attacker could use
this flaw to crash a victim's browser and potentially
run arbitrary code on their computer. (MFSA 2010-65 /
CVE-2010-3179)
Security researcher Sergey Glazunov reported that it was
possible to access the locationbar property of a window
object after it had been closed. Since the closed
window's memory could have been subsequently reused by
the system it was possible that an attempt to access the
locationbar property could result in the execution of
attacker-controlled memory. (MFSA 2010-66 /
CVE-2010-3180)
Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative that when
window.lookupGetter is called with no arguments the
code assumes the top JavaScript stack value is a
property name. Since there were no arguments passed into
the function, the top value could represent
uninitialized memory or a pointer to a previously freed
JavaScript object. Under such circumstances the value is
passed to another subroutine which calls through the
dangling pointer, potentially executing
attacker-controlled memory. (MFSA 2010-67 /
CVE-2010-3183)
Google security researcher Robert Swiecki reported that
functions used by the Gopher parser to convert text to
HTML tags could be exploited to turn text into
executable JavaScript. If an attacker could create a
file or directory on a Gopher server with the encoded
script as part of its name the script would then run in
a victim's browser within the context of the site. (MFSA
2010-68 / CVE-2010-3177)
Security researcher Eduardo Vela Nava reported that if a
web page opened a new window and used a javascript: URL
to make a modal call, such as alert(), then subsequently
navigated the page to a different domain, once the modal
call returned the opener of the window could get access
to objects in the navigated window. This is a violation
of the same-origin policy and could be used by an
attacker to steal information from another web site.
(MFSA 2010-69 / CVE-2010-3178)
Security researcher Richard Moore reported that when an
SSL certificate was created with a common name
containing a wildcard followed by a partial IP address a
valid SSL connection could be established with a server
whose IP address matched the wildcard range by browsing
directly to the IP address. It is extremely unlikely
that such a certificate would be issued by a Certificate
Authority. (MFSA 2010-70 / CVE-2010-3170)
Dmitri Gribenko reported that the script used to launch
Mozilla applications on Linux was effectively including
the current working directory in the LD_LIBRARY_PATH
environment variable. If an attacker was able to place
into the current working directory a malicious shared
library with the same name as a library that the
bootstrapping script depends on the attacker could have
their library loaded instead of the legitimate library.
(MFSA 2010-71 / CVE-2010-3182)
Morten Kråkvik of Telenor SOC reported an
exploit targeting particular versions of Firefox 3.6 on
Windows XP that Telenor found while investigating an
intrusion attempt on a customer network. The underlying
vulnerability, however, was present on both the Firefox
3.5 and Firefox 3.6 development branches and affected
all supported platforms. (MFSA 2010-73 / CVE-2010-3765)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#
if (NASL_LEVEL < 3000) exit(0);
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(50952);
script_version("1.17");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2010-3170", "CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765");
script_name(english:"SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote SuSE 11 host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"This update brings the Mozilla XULRunner engine to version 1.9.1.15,
fixing various bugs and security issues.
The following security issues were fixed :
- Mozilla developers identified and fixed several memory
safety bugs in the browser engine used in Firefox and
other Mozilla-based products. Some of these bugs showed
evidence of memory corruption under certain
circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary
code. References. (MFSA 2010-64)
Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor
Bukanov and Josh Soref reported memory safety problems
that affected Firefox 3.6 and Firefox 3.5.
- Memory safety bugs - Firefox 3.6, Firefox 3.5
- Gary Kwong, Martijn Wargers and Siddharth Agarwal
reported memory safety problems that affected Firefox
3.6 only. (CVE-2010-3176)
- Memory safety bugs - Firefox 3.6
- CVE-2010-3175
- Security researcher Alexander Miller reported that
passing an excessively long string to document.write
could cause text rendering routines to end up in an
inconsistent state with sections of stack memory being
overwritten with the string data. An attacker could use
this flaw to crash a victim's browser and potentially
run arbitrary code on their computer. (MFSA 2010-65 /
CVE-2010-3179)
- Security researcher Sergey Glazunov reported that it was
possible to access the locationbar property of a window
object after it had been closed. Since the closed
window's memory could have been subsequently reused by
the system it was possible that an attempt to access the
locationbar property could result in the execution of
attacker-controlled memory. (MFSA 2010-66 /
CVE-2010-3180)
- Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative that when
window.__lookupGetter__ is called with no arguments the
code assumes the top JavaScript stack value is a
property name. Since there were no arguments passed into
the function, the top value could represent
uninitialized memory or a pointer to a previously freed
JavaScript object. Under such circumstances the value is
passed to another subroutine which calls through the
dangling pointer, potentially executing
attacker-controlled memory. (MFSA 2010-67 /
CVE-2010-3183)
- Google security researcher Robert Swiecki reported that
functions used by the Gopher parser to convert text to
HTML tags could be exploited to turn text into
executable JavaScript. If an attacker could create a
file or directory on a Gopher server with the encoded
script as part of its name the script would then run in
a victim's browser within the context of the site. (MFSA
2010-68 / CVE-2010-3177)
- Security researcher Eduardo Vela Nava reported that if a
web page opened a new window and used a javascript: URL
to make a modal call, such as alert(), then subsequently
navigated the page to a different domain, once the modal
call returned the opener of the window could get access
to objects in the navigated window. This is a violation
of the same-origin policy and could be used by an
attacker to steal information from another web site.
(MFSA 2010-69 / CVE-2010-3178)
- Security researcher Richard Moore reported that when an
SSL certificate was created with a common name
containing a wildcard followed by a partial IP address a
valid SSL connection could be established with a server
whose IP address matched the wildcard range by browsing
directly to the IP address. It is extremely unlikely
that such a certificate would be issued by a Certificate
Authority. (MFSA 2010-70 / CVE-2010-3170)
- Dmitri Gribenko reported that the script used to launch
Mozilla applications on Linux was effectively including
the current working directory in the LD_LIBRARY_PATH
environment variable. If an attacker was able to place
into the current working directory a malicious shared
library with the same name as a library that the
bootstrapping script depends on the attacker could have
their library loaded instead of the legitimate library.
(MFSA 2010-71 / CVE-2010-3182)
- Morten Kråkvik of Telenor SOC reported an
exploit targeting particular versions of Firefox 3.6 on
Windows XP that Telenor found while investigating an
intrusion attempt on a customer network. The underlying
vulnerability, however, was present on both the Firefox
3.5 and Firefox 3.6 development branches and affected
all supported platforms. (MFSA 2010-73 / CVE-2010-3765)"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-64.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-65.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-66.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-67.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-68.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-69.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-70.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-71.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-73.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=653606"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3170.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3175.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3176.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3177.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3178.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3179.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3180.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3182.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3183.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3765.html"
);
script_set_attribute(
attribute:"solution",
value:"Apply SAT patch number 3557 / 3558 as appropriate."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'CANVAS');
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_set_attribute(attribute:"patch_publication_date", value:"2010/11/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/12/02");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
flag = 0;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "SUSE_11_MOZILLA-XULRUNNER191-101118.NASL", "bulletinFamily": "scanner", "title": "SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)", "description": "This update brings the Mozilla XULRunner engine to version 1.9.1.15,\nfixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor\n Bukanov and Josh Soref reported memory safety problems\n that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal\n reported memory safety problems that affected Firefox\n 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that\n passing an excessively long string to document.write\n could cause text rendering routines to end up in an\n inconsistent state with sections of stack memory being\n overwritten with the string data. An attacker could use\n this flaw to crash a victim's browser and potentially\n run arbitrary code on their computer. (MFSA 2010-65 /\n CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was\n possible to access the locationbar property of a window\n object after it had been closed. Since the closed\n window's memory could have been subsequently reused by\n the system it was possible that an attempt to access the\n locationbar property could result in the execution of\n attacker-controlled memory. (MFSA 2010-66 /\n CVE-2010-3180)\n\n - Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that when\n window.__lookupGetter__ is called with no arguments the\n code assumes the top JavaScript stack value is a\n property name. Since there were no arguments passed into\n the function, the top value could represent\n uninitialized memory or a pointer to a previously freed\n JavaScript object. Under such circumstances the value is\n passed to another subroutine which calls through the\n dangling pointer, potentially executing\n attacker-controlled memory. (MFSA 2010-67 /\n CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that\n functions used by the Gopher parser to convert text to\n HTML tags could be exploited to turn text into\n executable JavaScript. If an attacker could create a\n file or directory on a Gopher server with the encoded\n script as part of its name the script would then run in\n a victim's browser within the context of the site. (MFSA\n 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a\n web page opened a new window and used a javascript: URL\n to make a modal call, such as alert(), then subsequently\n navigated the page to a different domain, once the modal\n call returned the opener of the window could get access\n to objects in the navigated window. This is a violation\n of the same-origin policy and could be used by an\n attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an\n SSL certificate was created with a common name\n containing a wildcard followed by a partial IP address a\n valid SSL connection could be established with a server\n whose IP address matched the wildcard range by browsing\n directly to the IP address. It is extremely unlikely\n that such a certificate would be issued by a Certificate\n Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch\n Mozilla applications on Linux was effectively including\n the current working directory in the LD_LIBRARY_PATH\n environment variable. If an attacker was able to place\n into the current working directory a malicious shared\n library with the same name as a library that the\n bootstrapping script depends on the attacker could have\n their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten Kråkvik of Telenor SOC reported an\n exploit targeting particular versions of Firefox 3.6 on\n Windows XP that Telenor found while investigating an\n intrusion attempt on a customer network. The underlying\n vulnerability, however, was present on both the Firefox\n 3.5 and Firefox 3.6 development branches and affected\n all supported platforms. (MFSA 2010-73 / CVE-2010-3765)", "published": "2010-12-02T00:00:00", "modified": "2010-12-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/50952", "reporter": "This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-67.html", "http://support.novell.com/security/cve/CVE-2010-3179.html", "http://support.novell.com/security/cve/CVE-2010-3178.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-73.html", "http://support.novell.com/security/cve/CVE-2010-3180.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-68.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-66.html", "http://support.novell.com/security/cve/CVE-2010-3183.html", "http://support.novell.com/security/cve/CVE-2010-3170.html", "http://support.novell.com/security/cve/CVE-2010-3175.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-64.html", "http://support.novell.com/security/cve/CVE-2010-3765.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-69.html", "http://support.novell.com/security/cve/CVE-2010-3177.html", "http://support.novell.com/security/cve/CVE-2010-3182.html", "http://support.novell.com/security/cve/CVE-2010-3176.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-65.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-70.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-71.html", "https://bugzilla.novell.com/show_bug.cgi?id=653606"], "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "type": "nessus", "lastseen": "2021-01-17T14:13:35", "edition": 24, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["REDHAT-RHSA-2010-0861.NASL", "FEDORA_2010-16897.NASL", "SUSE_11_MOZILLAFIREFOX-101103.NASL", "SL_20101110_FIREFOX_ON_SL6_X.NASL", "REDHAT-RHSA-2010-0896.NASL", "SUSE_11_1_MOZILLAFIREFOX-101028.NASL", "SUSE_11_3_MOZILLAFIREFOX-101029.NASL", "SL_20101117_THUNDERBIRD_ON_SL6_X.NASL", "FEDORA_2010-16885.NASL", "SUSE_11_2_MOZILLAFIREFOX-101028.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:862581", "OPENVAS:1361412562310862531", "OPENVAS:862499", "OPENVAS:862583", "OPENVAS:1361412562310862512", "OPENVAS:862605", "OPENVAS:862504", "OPENVAS:1361412562310862504", "OPENVAS:862521", "OPENVAS:1361412562310862508"]}, {"type": "fedora", "idList": ["FEDORA:23B8C11134C", "FEDORA:28B3A110A7E", "FEDORA:5D63B10F862", "FEDORA:9385211155E", "FEDORA:11C5310F9AA", "FEDORA:8D8561114FA", "FEDORA:888F91114C4", "FEDORA:2EE4A110C13", "FEDORA:7F2581113F3", "FEDORA:2BDFB110B9D"]}, {"type": "redhat", "idList": ["RHSA-2010:0861", "RHSA-2010:0896", "RHSA-2010:0782"]}, {"type": "ubuntu", "idList": ["USN-998-1", "USN-997-1"]}, {"type": "centos", "idList": ["CESA-2010:0782"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0782"]}], "modified": "2021-01-17T14:13:35", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-01-17T14:13:35", "rev": 2}, "vulnersScore": 5.5}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50952);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3170\", \"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings the Mozilla XULRunner engine to version 1.9.1.15,\nfixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor\n Bukanov and Josh Soref reported memory safety problems\n that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal\n reported memory safety problems that affected Firefox\n 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that\n passing an excessively long string to document.write\n could cause text rendering routines to end up in an\n inconsistent state with sections of stack memory being\n overwritten with the string data. An attacker could use\n this flaw to crash a victim's browser and potentially\n run arbitrary code on their computer. (MFSA 2010-65 /\n CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was\n possible to access the locationbar property of a window\n object after it had been closed. Since the closed\n window's memory could have been subsequently reused by\n the system it was possible that an attempt to access the\n locationbar property could result in the execution of\n attacker-controlled memory. (MFSA 2010-66 /\n CVE-2010-3180)\n\n - Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that when\n window.__lookupGetter__ is called with no arguments the\n code assumes the top JavaScript stack value is a\n property name. Since there were no arguments passed into\n the function, the top value could represent\n uninitialized memory or a pointer to a previously freed\n JavaScript object. Under such circumstances the value is\n passed to another subroutine which calls through the\n dangling pointer, potentially executing\n attacker-controlled memory. (MFSA 2010-67 /\n CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that\n functions used by the Gopher parser to convert text to\n HTML tags could be exploited to turn text into\n executable JavaScript. If an attacker could create a\n file or directory on a Gopher server with the encoded\n script as part of its name the script would then run in\n a victim's browser within the context of the site. (MFSA\n 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a\n web page opened a new window and used a javascript: URL\n to make a modal call, such as alert(), then subsequently\n navigated the page to a different domain, once the modal\n call returned the opener of the window could get access\n to objects in the navigated window. This is a violation\n of the same-origin policy and could be used by an\n attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an\n SSL certificate was created with a common name\n containing a wildcard followed by a partial IP address a\n valid SSL connection could be established with a server\n whose IP address matched the wildcard range by browsing\n directly to the IP address. It is extremely unlikely\n that such a certificate would be issued by a Certificate\n Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch\n Mozilla applications on Linux was effectively including\n the current working directory in the LD_LIBRARY_PATH\n environment variable. If an attacker was able to place\n into the current working directory a malicious shared\n library with the same name as a library that the\n bootstrapping script depends on the attacker could have\n their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten Kråkvik of Telenor SOC reported an\n exploit targeting particular versions of Firefox 3.6 on\n Windows XP that Telenor found while investigating an\n intrusion attempt on a customer network. The underlying\n vulnerability, however, was present on both the Firefox\n 3.5 and Firefox 3.6 development branches and affected\n all supported platforms. (MFSA 2010-73 / CVE-2010-3765)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-64.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-65.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-66.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-67.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-68.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-69.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-70.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-71.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-73.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=653606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3170.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3176.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3177.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3179.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3180.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3183.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3765.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 3557 / 3558 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "50952", "cpe": ["p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs"], "scheme": null, "immutableFields": []}
{"nessus": [{"lastseen": "2021-01-12T10:08:19", "description": "Update to new upstream Firefox version 3.6.12, fixing multiple\nsecurity issues detailed in the upstream advisories :\n\n -\n http://www.mozilla.org/security/known-vulnerabilities/fi\n refox36.html#firefox3.6.11\n\n -\n http://www.mozilla.org/security/known-vulnerabilities/\n firefox36.html#firefox3.6.12\n\nUpdate also includes all packages depending on gecko-libs rebuilt\nagainst new version of Firefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-10-29T00:00:00", "title": "Fedora 14 : firefox-3.6.12-1.fc14 / galeon-2.0.7-35.fc14.1 / gnome-python2-extras-2.25.3-25.fc14.1 / etc (2010-16897)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2010-10-29T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xulrunner", "p-cpe:/a:fedoraproject:fedora:firefox", "p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed", "cpe:/o:fedoraproject:fedora:14", "p-cpe:/a:fedoraproject:fedora:gnome-python2-extras", "p-cpe:/a:fedoraproject:fedora:gnome-web-photo", "p-cpe:/a:fedoraproject:fedora:galeon", "p-cpe:/a:fedoraproject:fedora:mozvoikko"], "id": "FEDORA_2010-16897.NASL", "href": "https://www.tenable.com/plugins/nessus/50403", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16897.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50403);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n script_bugtraq_id(44243, 44245, 44247, 44248, 44249, 44251, 44252, 44253, 44425);\n script_xref(name:\"FEDORA\", value:\"2010-16897\");\n\n script_name(english:\"Fedora 14 : firefox-3.6.12-1.fc14 / galeon-2.0.7-35.fc14.1 / gnome-python2-extras-2.25.3-25.fc14.1 / etc (2010-16897)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream Firefox version 3.6.12, fixing multiple\nsecurity issues detailed in the upstream advisories :\n\n -\n http://www.mozilla.org/security/known-vulnerabilities/fi\n refox36.html#firefox3.6.11\n\n -\n http://www.mozilla.org/security/known-vulnerabilities/\n firefox36.html#firefox3.6.12\n\nUpdate also includes all packages depending on gecko-libs rebuilt\nagainst new version of Firefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ebdf7518\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.12\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a7474ff\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642272\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=646997\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050074.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e5101ce\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050075.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d414eb29\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050076.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c2308b45\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d6343bde\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050078.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3b69c90e\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050079.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0f9a0937\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050080.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1d35dfe9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-web-photo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"firefox-3.6.12-1.fc14\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"galeon-2.0.7-35.fc14.1\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"gnome-python2-extras-2.25.3-25.fc14.1\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"gnome-web-photo-0.9-15.fc14.1\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"mozvoikko-1.0-16.fc14.1\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"perl-Gtk2-MozEmbed-0.08-6.fc14.21\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"xulrunner-1.9.2.12-1.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / galeon / gnome-python2-extras / gnome-web-photo / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:45:12", "description": "A race condition flaw was found in the way Firefox handled Document\nObject Model (DOM) element properties. Malicious HTML content could\ncause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179,\nCVE-2010-3183, CVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in Firefox converted\ntext into HTML. A malformed file name on a Gopher server could, when\naccessed by a victim running Firefox, allow arbitrary JavaScript to be\nexecuted in the context of the Gopher domain. (CVE-2010-3177)\n\nA same-origin policy bypass flaw was found in Firefox. An attacker\ncould create a malicious web page that, when viewed by a victim, could\nsteal private data from a different website the victim had loaded with\nFirefox. (CVE-2010-3178)\n\nA flaw was found in the script that launches Firefox. The\nLD_LIBRARY_PATH variable was appending a '.' character, which could\nallow a local attacker to execute arbitrary code with the privileges\nof a different user running Firefox, if that user ran Firefox from\nwithin an attacker-controlled directory. (CVE-2010-3182)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.11 and 3.6.12.\n\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : firefox on SL6.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20101110_FIREFOX_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60889", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60889);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A race condition flaw was found in the way Firefox handled Document\nObject Model (DOM) element properties. Malicious HTML content could\ncause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179,\nCVE-2010-3183, CVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in Firefox converted\ntext into HTML. A malformed file name on a Gopher server could, when\naccessed by a victim running Firefox, allow arbitrary JavaScript to be\nexecuted in the context of the Gopher domain. (CVE-2010-3177)\n\nA same-origin policy bypass flaw was found in Firefox. An attacker\ncould create a malicious web page that, when viewed by a victim, could\nsteal private data from a different website the victim had loaded with\nFirefox. (CVE-2010-3178)\n\nA flaw was found in the script that launches Firefox. The\nLD_LIBRARY_PATH variable was appending a '.' character, which could\nallow a local attacker to execute arbitrary code with the privileges\nof a different user running Firefox, if that user ran Firefox from\nwithin an attacker-controlled directory. (CVE-2010-3182)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.11 and 3.6.12.\n\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=5908\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1df11feb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected firefox, xulrunner and / or xulrunner-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"firefox-3.6.12-1.el6_0\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-1.9.2.12-1.el6_0\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-devel-1.9.2.12-1.el6_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:08:19", "description": "Update to new upstream Firefox version 3.5.15, fixing multiple\nsecurity issues detailed in the upstream advisories :\n\n -\n http://www.mozilla.org/security/known-vulnerabilities/fi\n refox35.html#firefox3.5.14\n\n -\n http://www.mozilla.org/security/known-vulnerabilities/\n firefox35.html#firefox3.5.15\n\nUpdate also includes packages depending on gecko-libs rebuilt against\nnew version of Firefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-11-01T00:00:00", "title": "Fedora 12 : firefox-3.5.15-1.fc12 / galeon-2.0.7-27.fc12 / gnome-python2-extras-2.25.3-22.fc12 / etc (2010-16885)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2010-11-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xulrunner", "p-cpe:/a:fedoraproject:fedora:firefox", "p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed", "cpe:/o:fedoraproject:fedora:12", "p-cpe:/a:fedoraproject:fedora:gnome-python2-extras", "p-cpe:/a:fedoraproject:fedora:gnome-web-photo", "p-cpe:/a:fedoraproject:fedora:galeon", "p-cpe:/a:fedoraproject:fedora:mozvoikko"], "id": "FEDORA_2010-16885.NASL", "href": "https://www.tenable.com/plugins/nessus/50422", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16885.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50422);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n script_bugtraq_id(44243, 44245, 44247, 44248, 44249, 44251, 44252, 44253, 44425);\n script_xref(name:\"FEDORA\", value:\"2010-16885\");\n\n script_name(english:\"Fedora 12 : firefox-3.5.15-1.fc12 / galeon-2.0.7-27.fc12 / gnome-python2-extras-2.25.3-22.fc12 / etc (2010-16885)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream Firefox version 3.5.15, fixing multiple\nsecurity issues detailed in the upstream advisories :\n\n -\n http://www.mozilla.org/security/known-vulnerabilities/fi\n refox35.html#firefox3.5.14\n\n -\n http://www.mozilla.org/security/known-vulnerabilities/\n firefox35.html#firefox3.5.15\n\nUpdate also includes packages depending on gecko-libs rebuilt against\nnew version of Firefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e2e67ea\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.15\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c331941d\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642272\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=646997\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050153.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b38de3df\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f01fc443\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050155.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?413f0147\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050156.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5084c6e0\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050157.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cd4f6a09\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050158.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e237b4ed\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050159.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7b4c5e7c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-web-photo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"firefox-3.5.15-1.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"galeon-2.0.7-27.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"gnome-python2-extras-2.25.3-22.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"gnome-web-photo-0.9-11.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"mozvoikko-1.0-14.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"perl-Gtk2-MozEmbed-0.08-6.fc12.17\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"xulrunner-1.9.1.15-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / galeon / gnome-python2-extras / gnome-web-photo / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:08:29", "description": "Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nA race condition flaw was found in the way Firefox handled Document\nObject Model (DOM) element properties. Malicious HTML content could\ncause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179,\nCVE-2010-3183, CVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in Firefox converted\ntext into HTML. A malformed file name on a Gopher server could, when\naccessed by a victim running Firefox, allow arbitrary JavaScript to be\nexecuted in the context of the Gopher domain. (CVE-2010-3177)\n\nA same-origin policy bypass flaw was found in Firefox. An attacker\ncould create a malicious web page that, when viewed by a victim, could\nsteal private data from a different website the victim had loaded with\nFirefox. (CVE-2010-3178)\n\nA flaw was found in the script that launches Firefox. The\nLD_LIBRARY_PATH variable was appending a '.' character, which could\nallow a local attacker to execute arbitrary code with the privileges\nof a different user running Firefox, if that user ran Firefox from\nwithin an attacker-controlled directory. (CVE-2010-3182)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.11 and 3.6.12. You can find links\nto the Mozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.12, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 31, "published": "2010-11-18T00:00:00", "title": "RHEL 6 : firefox (RHSA-2010:0861)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2010-11-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xulrunner", "p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xulrunner-devel", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "REDHAT-RHSA-2010-0861.NASL", "href": "https://www.tenable.com/plugins/nessus/50633", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0861. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50633);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n script_bugtraq_id(44243, 44245, 44247, 44248, 44249, 44251, 44252, 44253, 44425);\n script_xref(name:\"RHSA\", value:\"2010:0861\");\n\n script_name(english:\"RHEL 6 : firefox (RHSA-2010:0861)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nA race condition flaw was found in the way Firefox handled Document\nObject Model (DOM) element properties. Malicious HTML content could\ncause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179,\nCVE-2010-3183, CVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in Firefox converted\ntext into HTML. A malformed file name on a Gopher server could, when\naccessed by a victim running Firefox, allow arbitrary JavaScript to be\nexecuted in the context of the Gopher domain. (CVE-2010-3177)\n\nA same-origin policy bypass flaw was found in Firefox. An attacker\ncould create a malicious web page that, when viewed by a victim, could\nsteal private data from a different website the victim had loaded with\nFirefox. (CVE-2010-3178)\n\nA flaw was found in the script that launches Firefox. The\nLD_LIBRARY_PATH variable was appending a '.' character, which could\nallow a local attacker to execute arbitrary code with the privileges\nof a different user running Firefox, if that user ran Firefox from\nwithin an attacker-controlled directory. (CVE-2010-3182)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.11 and 3.6.12. You can find links\nto the Mozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.12, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3765\"\n );\n # http://www.mozilla.com/en-US/firefox/3.6.11/releasenotes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2327ede6\"\n );\n # http://www.mozilla.com/en-US/firefox/3.6.12/releasenotes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e1e7b47d\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ab0bbddd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0861\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0861\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"firefox-3.6.12-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"firefox-3.6.12-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"firefox-3.6.12-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"firefox-debuginfo-3.6.12-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"firefox-debuginfo-3.6.12-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"firefox-debuginfo-3.6.12-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-1.9.2.12-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-debuginfo-1.9.2.12-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-devel-1.9.2.12-1.el6_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo / xulrunner / xulrunner-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:09:22", "description": "This update brings Mozilla Firefox to version 3.6.12, fixing various\nbugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor\n Bukanov and Josh Soref reported memory safety problems\n that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal\n reported memory safety problems that affected Firefox\n 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that\n passing an excessively long string to document.write\n could cause text rendering routines to end up in an\n inconsistent state with sections of stack memory being\n overwritten with the string data. An attacker could use\n this flaw to crash a victim's browser and potentially\n run arbitrary code on their computer. (MFSA 2010-65 /\n CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was\n possible to access the locationbar property of a window\n object after it had been closed. Since the closed\n window's memory could have been subsequently reused by\n the system it was possible that an attempt to access the\n locationbar property could result in the execution of\n attacker-controlled memory. (MFSA 2010-66 /\n CVE-2010-3180)\n\n - Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that when\n window.lookupGetter is called with no arguments the code\n assumes the top JavaScript stack value is a property\n name. Since there were no arguments passed into the\n function, the top value could represent uninitialized\n memory or a pointer to a previously freed JavaScript\n object. Under such circumstances the value is passed to\n another subroutine which calls through the dangling\n pointer, potentially executing attacker-controlled\n memory. (MFSA 2010-67 / CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that\n functions used by the Gopher parser to convert text to\n HTML tags could be exploited to turn text into\n executable JavaScript. If an attacker could create a\n file or directory on a Gopher server with the encoded\n script as part of its name the script would then run in\n a victim's browser within the context of the site. (MFSA\n 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a\n web page opened a new window and used a javascript: URL\n to make a modal call, such as alert(), then subsequently\n navigated the page to a different domain, once the modal\n call returned the opener of the window could get access\n to objects in the navigated window. This is a violation\n of the same-origin policy and could be used by an\n attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an\n SSL certificate was created with a common name\n containing a wildcard followed by a partial IP address a\n valid SSL connection could be established with a server\n whose IP address matched the wildcard range by browsing\n directly to the IP address. It is extremely unlikely\n that such a certificate would be issued by a Certificate\n Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch\n Mozilla applications on Linux was effectively including\n the current working directory in the LDLIBRARYPATH\n environment variable. If an attacker was able to place\n into the current working directory a malicious shared\n library with the same name as a library that the\n bootstrapping script depends on the attacker could have\n their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten Krokvik of Telenor SOC reported an exploit\n targeting particular versions of Firefox 3.6 on Windows\n XP that Telenor found while investigating an intrusion\n attempt on a customer network. The underlying\n vulnerability, however, was present on both the Firefox\n 3.5 and Firefox 3.6 development branches and affected\n all supported platforms. (MFSA 2010-73 / CVE-2010-3765)", "edition": 24, "published": "2010-12-02T00:00:00", "title": "SuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 3455 / 3456)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3174", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "modified": "2010-12-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome-32bit"], "id": "SUSE_11_MOZILLAFIREFOX-101103.NASL", "href": "https://www.tenable.com/plugins/nessus/50876", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50876);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3170\", \"CVE-2010-3174\", \"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 3455 / 3456)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla Firefox to version 3.6.12, fixing various\nbugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor\n Bukanov and Josh Soref reported memory safety problems\n that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal\n reported memory safety problems that affected Firefox\n 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that\n passing an excessively long string to document.write\n could cause text rendering routines to end up in an\n inconsistent state with sections of stack memory being\n overwritten with the string data. An attacker could use\n this flaw to crash a victim's browser and potentially\n run arbitrary code on their computer. (MFSA 2010-65 /\n CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was\n possible to access the locationbar property of a window\n object after it had been closed. Since the closed\n window's memory could have been subsequently reused by\n the system it was possible that an attempt to access the\n locationbar property could result in the execution of\n attacker-controlled memory. (MFSA 2010-66 /\n CVE-2010-3180)\n\n - Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that when\n window.lookupGetter is called with no arguments the code\n assumes the top JavaScript stack value is a property\n name. Since there were no arguments passed into the\n function, the top value could represent uninitialized\n memory or a pointer to a previously freed JavaScript\n object. Under such circumstances the value is passed to\n another subroutine which calls through the dangling\n pointer, potentially executing attacker-controlled\n memory. (MFSA 2010-67 / CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that\n functions used by the Gopher parser to convert text to\n HTML tags could be exploited to turn text into\n executable JavaScript. If an attacker could create a\n file or directory on a Gopher server with the encoded\n script as part of its name the script would then run in\n a victim's browser within the context of the site. (MFSA\n 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a\n web page opened a new window and used a javascript: URL\n to make a modal call, such as alert(), then subsequently\n navigated the page to a different domain, once the modal\n call returned the opener of the window could get access\n to objects in the navigated window. This is a violation\n of the same-origin policy and could be used by an\n attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an\n SSL certificate was created with a common name\n containing a wildcard followed by a partial IP address a\n valid SSL connection could be established with a server\n whose IP address matched the wildcard range by browsing\n directly to the IP address. It is extremely unlikely\n that such a certificate would be issued by a Certificate\n Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch\n Mozilla applications on Linux was effectively including\n the current working directory in the LDLIBRARYPATH\n environment variable. If an attacker was able to place\n into the current working directory a malicious shared\n library with the same name as a library that the\n bootstrapping script depends on the attacker could have\n their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten Krokvik of Telenor SOC reported an exploit\n targeting particular versions of Firefox 3.6 on Windows\n XP that Telenor found while investigating an intrusion\n attempt on a customer network. The underlying\n vulnerability, however, was present on both the Firefox\n 3.5 and Firefox 3.6 development branches and affected\n all supported platforms. (MFSA 2010-73 / CVE-2010-3765)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-64.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-65.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-66.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-67.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-68.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-69.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-70.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-71.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-73.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=645315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3170.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3174.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3176.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3177.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3179.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3180.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3183.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3765.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 3455 / 3456 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"MozillaFirefox-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"MozillaFirefox-translations-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner192-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner192-gnome-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner192-translations-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"MozillaFirefox-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"MozillaFirefox-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"MozillaFirefox-translations-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner192-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner192-gnome-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner192-translations-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"MozillaFirefox-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"MozillaFirefox-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"MozillaFirefox-translations-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner192-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner192-gnome-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner192-translations-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"mozilla-xulrunner192-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"MozillaFirefox-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"MozillaFirefox-translations-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner192-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner192-gnome-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner192-translations-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"mozilla-xulrunner192-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.12-0.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:06:44", "description": "This update brings Mozilla Firefox to version 3.6.12, fixing various\nbugs and security issues.\n\nThe following security issues were fixed: MFSA 2010-64: Mozilla\ndevelopers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some\nof these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code. References\n\nPaul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh\nSoref reported memory safety problems that affected Firefox 3.6 and\nFirefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - CVE-2010-3176\n\nGary Kwong, Martijn Wargers and Siddharth Agarwal reported memory\nsafety problems that affected Firefox 3.6 only.\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\nMFSA 2010-65 / CVE-2010-3179: Security researcher Alexander Miller\nreported that passing an excessively long string to document.write\ncould cause text rendering routines to end up in an inconsistent state\nwith sections of stack memory being overwritten with the string data.\nAn attacker could use this flaw to crash a victim's browser and\npotentially run arbitrary code on their computer.\n\nMFSA 2010-66 / CVE-2010-3180: Security researcher Sergey Glazunov\nreported that it was possible to access the locationbar property of a\nwindow object after it had been closed. Since the closed window's\nmemory could have been subsequently reused by the system it was\npossible that an attempt to access the locationbar property could\nresult in the execution of attacker-controlled memory.\n\nMFSA 2010-67 / CVE-2010-3183: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative that when\nwindow.__lookupGetter__ is called with no arguments the code assumes\nthe top JavaScript stack value is a property name. Since there were no\narguments passed into the function, the top value could represent\nuninitialized memory or a pointer to a previously freed JavaScript\nobject. Under such circumstances the value is passed to another\nsubroutine which calls through the dangling pointer, potentially\nexecuting attacker-controlled memory.\n\nMFSA 2010-68 / CVE-2010-3177: Google security researcher Robert\nSwiecki reported that functions used by the Gopher parser to convert\ntext to HTML tags could be exploited to turn text into executable\nJavaScript. If an attacker could create a file or directory on a\nGopher server with the encoded script as part of its name the script\nwould then run in a victim's browser within the context of the site.\n\nMFSA 2010-69 / CVE-2010-3178: Security researcher Eduardo Vela Nava\nreported that if a web page opened a new window and used a javascript:\nURL to make a modal call, such as alert(), then subsequently navigated\nthe page to a different domain, once the modal call returned the\nopener of the window could get access to objects in the navigated\nwindow. This is a violation of the same-origin policy and could be\nused by an attacker to steal information from another website.\n\nMFSA 2010-70 / CVE-2010-3170: Security researcher Richard Moore\nreported that when an SSL certificate was created with a common name\ncontaining a wildcard followed by a partial IP address a valid SSL\nconnection could be established with a server whose IP address matched\nthe wildcard range by browsing directly to the IP address. It is\nextremely unlikely that such a certificate would be issued by a\nCertificate Authority.\n\nMFSA 2010-71 / CVE-2010-3182: Dmitri Gribenko reported that the script\nused to launch Mozilla applications on Linux was effectively including\nthe current working directory in the LD_LIBRARY_PATH environment\nvariable. If an attacker was able to place into the current working\ndirectory a malicious shared library with the same name as a library\nthat the bootstrapping script depends on the attacker could have their\nlibrary loaded instead of the legitimate library.\n\nMFSA 2010-73 / CVE-2010-3765: Morten Kråkvik of Telenor SOC\nreported an exploit targeting particular versions of Firefox 3.6 on\nWindows XP that Telenor found while investigating an intrusion attempt\non a customer network. The underlying vulnerability, however, was\npresent on both the Firefox 3.5 and Firefox 3.6 development branches\nand affected all supported platforms.", "edition": 24, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (MozillaFirefox-3422)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3174", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols", "p-cpe:/a:novell:opensuse:mozilla-js192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit", "cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:mozilla-js192-32bit"], "id": "SUSE_11_3_MOZILLAFIREFOX-101029.NASL", "href": "https://www.tenable.com/plugins/nessus/75648", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-3422.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75648);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3170\", \"CVE-2010-3174\", \"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (MozillaFirefox-3422)\");\n script_summary(english:\"Check for the MozillaFirefox-3422 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla Firefox to version 3.6.12, fixing various\nbugs and security issues.\n\nThe following security issues were fixed: MFSA 2010-64: Mozilla\ndevelopers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some\nof these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code. References\n\nPaul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh\nSoref reported memory safety problems that affected Firefox 3.6 and\nFirefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - CVE-2010-3176\n\nGary Kwong, Martijn Wargers and Siddharth Agarwal reported memory\nsafety problems that affected Firefox 3.6 only.\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\nMFSA 2010-65 / CVE-2010-3179: Security researcher Alexander Miller\nreported that passing an excessively long string to document.write\ncould cause text rendering routines to end up in an inconsistent state\nwith sections of stack memory being overwritten with the string data.\nAn attacker could use this flaw to crash a victim's browser and\npotentially run arbitrary code on their computer.\n\nMFSA 2010-66 / CVE-2010-3180: Security researcher Sergey Glazunov\nreported that it was possible to access the locationbar property of a\nwindow object after it had been closed. Since the closed window's\nmemory could have been subsequently reused by the system it was\npossible that an attempt to access the locationbar property could\nresult in the execution of attacker-controlled memory.\n\nMFSA 2010-67 / CVE-2010-3183: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative that when\nwindow.__lookupGetter__ is called with no arguments the code assumes\nthe top JavaScript stack value is a property name. Since there were no\narguments passed into the function, the top value could represent\nuninitialized memory or a pointer to a previously freed JavaScript\nobject. Under such circumstances the value is passed to another\nsubroutine which calls through the dangling pointer, potentially\nexecuting attacker-controlled memory.\n\nMFSA 2010-68 / CVE-2010-3177: Google security researcher Robert\nSwiecki reported that functions used by the Gopher parser to convert\ntext to HTML tags could be exploited to turn text into executable\nJavaScript. If an attacker could create a file or directory on a\nGopher server with the encoded script as part of its name the script\nwould then run in a victim's browser within the context of the site.\n\nMFSA 2010-69 / CVE-2010-3178: Security researcher Eduardo Vela Nava\nreported that if a web page opened a new window and used a javascript:\nURL to make a modal call, such as alert(), then subsequently navigated\nthe page to a different domain, once the modal call returned the\nopener of the window could get access to objects in the navigated\nwindow. This is a violation of the same-origin policy and could be\nused by an attacker to steal information from another website.\n\nMFSA 2010-70 / CVE-2010-3170: Security researcher Richard Moore\nreported that when an SSL certificate was created with a common name\ncontaining a wildcard followed by a partial IP address a valid SSL\nconnection could be established with a server whose IP address matched\nthe wildcard range by browsing directly to the IP address. It is\nextremely unlikely that such a certificate would be issued by a\nCertificate Authority.\n\nMFSA 2010-71 / CVE-2010-3182: Dmitri Gribenko reported that the script\nused to launch Mozilla applications on Linux was effectively including\nthe current working directory in the LD_LIBRARY_PATH environment\nvariable. If an attacker was able to place into the current working\ndirectory a malicious shared library with the same name as a library\nthat the bootstrapping script depends on the attacker could have their\nlibrary loaded instead of the legitimate library.\n\nMFSA 2010-73 / CVE-2010-3765: Morten Kråkvik of Telenor SOC\nreported an exploit targeting particular versions of Firefox 3.6 on\nWindows XP that Telenor found while investigating an intrusion attempt\non a customer network. The underlying vulnerability, however, was\npresent on both the Firefox 3.5 and Firefox 3.6 development branches\nand affected all supported platforms.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=645315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649492\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaFirefox-3.6.12-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaFirefox-branding-upstream-3.6.12-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaFirefox-translations-common-3.6.12-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaFirefox-translations-other-3.6.12-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-js192-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-buildsymbols-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-devel-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-gnome-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-translations-common-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-translations-other-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-js192-32bit-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-common-32bit-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-other-32bit-1.9.2.12-0.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:03:54", "description": "This update brings Mozilla Firefox to version 3.6.12, fixing various\nbugs and security issues.\n\nThe following security issues were fixed: MFSA 2010-64: Mozilla\ndevelopers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some\nof these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code. References\n\nPaul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh\nSoref reported memory safety problems that affected Firefox 3.6 and\nFirefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - CVE-2010-3176\n\nGary Kwong, Martijn Wargers and Siddharth Agarwal reported memory\nsafety problems that affected Firefox 3.6 only.\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\nMFSA 2010-65 / CVE-2010-3179: Security researcher Alexander Miller\nreported that passing an excessively long string to document.write\ncould cause text rendering routines to end up in an inconsistent state\nwith sections of stack memory being overwritten with the string data.\nAn attacker could use this flaw to crash a victim's browser and\npotentially run arbitrary code on their computer.\n\nMFSA 2010-66 / CVE-2010-3180: Security researcher Sergey Glazunov\nreported that it was possible to access the locationbar property of a\nwindow object after it had been closed. Since the closed window's\nmemory could have been subsequently reused by the system it was\npossible that an attempt to access the locationbar property could\nresult in the execution of attacker-controlled memory.\n\nMFSA 2010-67 / CVE-2010-3183: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative that when\nwindow.__lookupGetter__ is called with no arguments the code assumes\nthe top JavaScript stack value is a property name. Since there were no\narguments passed into the function, the top value could represent\nuninitialized memory or a pointer to a previously freed JavaScript\nobject. Under such circumstances the value is passed to another\nsubroutine which calls through the dangling pointer, potentially\nexecuting attacker-controlled memory.\n\nMFSA 2010-68 / CVE-2010-3177: Google security researcher Robert\nSwiecki reported that functions used by the Gopher parser to convert\ntext to HTML tags could be exploited to turn text into executable\nJavaScript. If an attacker could create a file or directory on a\nGopher server with the encoded script as part of its name the script\nwould then run in a victim's browser within the context of the site.\n\nMFSA 2010-69 / CVE-2010-3178: Security researcher Eduardo Vela Nava\nreported that if a web page opened a new window and used a javascript:\nURL to make a modal call, such as alert(), then subsequently navigated\nthe page to a different domain, once the modal call returned the\nopener of the window could get access to objects in the navigated\nwindow. This is a violation of the same-origin policy and could be\nused by an attacker to steal information from another website.\n\nMFSA 2010-70 / CVE-2010-3170: Security researcher Richard Moore\nreported that when an SSL certificate was created with a common name\ncontaining a wildcard followed by a partial IP address a valid SSL\nconnection could be established with a server whose IP address matched\nthe wildcard range by browsing directly to the IP address. It is\nextremely unlikely that such a certificate would be issued by a\nCertificate Authority.\n\nMFSA 2010-71 / CVE-2010-3182: Dmitri Gribenko reported that the script\nused to launch Mozilla applications on Linux was effectively including\nthe current working directory in the LD_LIBRARY_PATH environment\nvariable. If an attacker was able to place into the current working\ndirectory a malicious shared library with the same name as a library\nthat the bootstrapping script depends on the attacker could have their\nlibrary loaded instead of the legitimate library.\n\nMFSA 2010-73 / CVE-2010-3765: Morten Kråkvik of Telenor SOC\nreported an exploit targeting particular versions of Firefox 3.6 on\nWindows XP that Telenor found while investigating an intrusion attempt\non a customer network. The underlying vulnerability, however, was\npresent on both the Firefox 3.5 and Firefox 3.6 development branches\nand affected all supported platforms.", "edition": 24, "published": "2010-11-03T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (MozillaFirefox-3422)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3174", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "modified": "2010-11-03T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols", "p-cpe:/a:novell:opensuse:mozilla-js192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:mozilla-js192-32bit"], "id": "SUSE_11_1_MOZILLAFIREFOX-101028.NASL", "href": "https://www.tenable.com/plugins/nessus/50460", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-3422.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50460);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3170\", \"CVE-2010-3174\", \"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (MozillaFirefox-3422)\");\n script_summary(english:\"Check for the MozillaFirefox-3422 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla Firefox to version 3.6.12, fixing various\nbugs and security issues.\n\nThe following security issues were fixed: MFSA 2010-64: Mozilla\ndevelopers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some\nof these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code. References\n\nPaul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh\nSoref reported memory safety problems that affected Firefox 3.6 and\nFirefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - CVE-2010-3176\n\nGary Kwong, Martijn Wargers and Siddharth Agarwal reported memory\nsafety problems that affected Firefox 3.6 only.\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\nMFSA 2010-65 / CVE-2010-3179: Security researcher Alexander Miller\nreported that passing an excessively long string to document.write\ncould cause text rendering routines to end up in an inconsistent state\nwith sections of stack memory being overwritten with the string data.\nAn attacker could use this flaw to crash a victim's browser and\npotentially run arbitrary code on their computer.\n\nMFSA 2010-66 / CVE-2010-3180: Security researcher Sergey Glazunov\nreported that it was possible to access the locationbar property of a\nwindow object after it had been closed. Since the closed window's\nmemory could have been subsequently reused by the system it was\npossible that an attempt to access the locationbar property could\nresult in the execution of attacker-controlled memory.\n\nMFSA 2010-67 / CVE-2010-3183: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative that when\nwindow.__lookupGetter__ is called with no arguments the code assumes\nthe top JavaScript stack value is a property name. Since there were no\narguments passed into the function, the top value could represent\nuninitialized memory or a pointer to a previously freed JavaScript\nobject. Under such circumstances the value is passed to another\nsubroutine which calls through the dangling pointer, potentially\nexecuting attacker-controlled memory.\n\nMFSA 2010-68 / CVE-2010-3177: Google security researcher Robert\nSwiecki reported that functions used by the Gopher parser to convert\ntext to HTML tags could be exploited to turn text into executable\nJavaScript. If an attacker could create a file or directory on a\nGopher server with the encoded script as part of its name the script\nwould then run in a victim's browser within the context of the site.\n\nMFSA 2010-69 / CVE-2010-3178: Security researcher Eduardo Vela Nava\nreported that if a web page opened a new window and used a javascript:\nURL to make a modal call, such as alert(), then subsequently navigated\nthe page to a different domain, once the modal call returned the\nopener of the window could get access to objects in the navigated\nwindow. This is a violation of the same-origin policy and could be\nused by an attacker to steal information from another website.\n\nMFSA 2010-70 / CVE-2010-3170: Security researcher Richard Moore\nreported that when an SSL certificate was created with a common name\ncontaining a wildcard followed by a partial IP address a valid SSL\nconnection could be established with a server whose IP address matched\nthe wildcard range by browsing directly to the IP address. It is\nextremely unlikely that such a certificate would be issued by a\nCertificate Authority.\n\nMFSA 2010-71 / CVE-2010-3182: Dmitri Gribenko reported that the script\nused to launch Mozilla applications on Linux was effectively including\nthe current working directory in the LD_LIBRARY_PATH environment\nvariable. If an attacker was able to place into the current working\ndirectory a malicious shared library with the same name as a library\nthat the bootstrapping script depends on the attacker could have their\nlibrary loaded instead of the legitimate library.\n\nMFSA 2010-73 / CVE-2010-3765: Morten Kråkvik of Telenor SOC\nreported an exploit targeting particular versions of Firefox 3.6 on\nWindows XP that Telenor found while investigating an intrusion attempt\non a customer network. The underlying vulnerability, however, was\npresent on both the Firefox 3.5 and Firefox 3.6 development branches\nand affected all supported platforms.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=645315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649492\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-3.6.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-branding-upstream-3.6.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-translations-common-3.6.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-translations-other-3.6.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-js192-1.9.2.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner192-1.9.2.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner192-buildsymbols-1.9.2.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner192-devel-1.9.2.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner192-gnome-1.9.2.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner192-translations-common-1.9.2.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner192-translations-other-1.9.2.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mozilla-js192-32bit-1.9.2.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-common-32bit-1.9.2.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-other-32bit-1.9.2.12-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:05:18", "description": "This update brings Mozilla Firefox to version 3.6.12, fixing various\nbugs and security issues.\n\nThe following security issues were fixed: MFSA 2010-64: Mozilla\ndevelopers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some\nof these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code. References\n\nPaul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh\nSoref reported memory safety problems that affected Firefox 3.6 and\nFirefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - CVE-2010-3176\n\nGary Kwong, Martijn Wargers and Siddharth Agarwal reported memory\nsafety problems that affected Firefox 3.6 only.\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\nMFSA 2010-65 / CVE-2010-3179: Security researcher Alexander Miller\nreported that passing an excessively long string to document.write\ncould cause text rendering routines to end up in an inconsistent state\nwith sections of stack memory being overwritten with the string data.\nAn attacker could use this flaw to crash a victim's browser and\npotentially run arbitrary code on their computer.\n\nMFSA 2010-66 / CVE-2010-3180: Security researcher Sergey Glazunov\nreported that it was possible to access the locationbar property of a\nwindow object after it had been closed. Since the closed window's\nmemory could have been subsequently reused by the system it was\npossible that an attempt to access the locationbar property could\nresult in the execution of attacker-controlled memory.\n\nMFSA 2010-67 / CVE-2010-3183: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative that when\nwindow.__lookupGetter__ is called with no arguments the code assumes\nthe top JavaScript stack value is a property name. Since there were no\narguments passed into the function, the top value could represent\nuninitialized memory or a pointer to a previously freed JavaScript\nobject. Under such circumstances the value is passed to another\nsubroutine which calls through the dangling pointer, potentially\nexecuting attacker-controlled memory.\n\nMFSA 2010-68 / CVE-2010-3177: Google security researcher Robert\nSwiecki reported that functions used by the Gopher parser to convert\ntext to HTML tags could be exploited to turn text into executable\nJavaScript. If an attacker could create a file or directory on a\nGopher server with the encoded script as part of its name the script\nwould then run in a victim's browser within the context of the site.\n\nMFSA 2010-69 / CVE-2010-3178: Security researcher Eduardo Vela Nava\nreported that if a web page opened a new window and used a javascript:\nURL to make a modal call, such as alert(), then subsequently navigated\nthe page to a different domain, once the modal call returned the\nopener of the window could get access to objects in the navigated\nwindow. This is a violation of the same-origin policy and could be\nused by an attacker to steal information from another website.\n\nMFSA 2010-70 / CVE-2010-3170: Security researcher Richard Moore\nreported that when an SSL certificate was created with a common name\ncontaining a wildcard followed by a partial IP address a valid SSL\nconnection could be established with a server whose IP address matched\nthe wildcard range by browsing directly to the IP address. It is\nextremely unlikely that such a certificate would be issued by a\nCertificate Authority.\n\nMFSA 2010-71 / CVE-2010-3182: Dmitri Gribenko reported that the script\nused to launch Mozilla applications on Linux was effectively including\nthe current working directory in the LD_LIBRARY_PATH environment\nvariable. If an attacker was able to place into the current working\ndirectory a malicious shared library with the same name as a library\nthat the bootstrapping script depends on the attacker could have their\nlibrary loaded instead of the legitimate library.\n\nMFSA 2010-73 / CVE-2010-3765: Morten Kråkvik of Telenor SOC\nreported an exploit targeting particular versions of Firefox 3.6 on\nWindows XP that Telenor found while investigating an intrusion attempt\non a customer network. The underlying vulnerability, however, was\npresent on both the Firefox 3.5 and Firefox 3.6 development branches\nand affected all supported platforms.", "edition": 24, "published": "2010-11-03T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (MozillaFirefox-3422)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3174", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "modified": "2010-11-03T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols", "p-cpe:/a:novell:opensuse:mozilla-js192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:mozilla-js192-32bit"], "id": "SUSE_11_2_MOZILLAFIREFOX-101028.NASL", "href": "https://www.tenable.com/plugins/nessus/50464", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-3422.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50464);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3170\", \"CVE-2010-3174\", \"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (MozillaFirefox-3422)\");\n script_summary(english:\"Check for the MozillaFirefox-3422 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla Firefox to version 3.6.12, fixing various\nbugs and security issues.\n\nThe following security issues were fixed: MFSA 2010-64: Mozilla\ndevelopers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some\nof these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code. References\n\nPaul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh\nSoref reported memory safety problems that affected Firefox 3.6 and\nFirefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - CVE-2010-3176\n\nGary Kwong, Martijn Wargers and Siddharth Agarwal reported memory\nsafety problems that affected Firefox 3.6 only.\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\nMFSA 2010-65 / CVE-2010-3179: Security researcher Alexander Miller\nreported that passing an excessively long string to document.write\ncould cause text rendering routines to end up in an inconsistent state\nwith sections of stack memory being overwritten with the string data.\nAn attacker could use this flaw to crash a victim's browser and\npotentially run arbitrary code on their computer.\n\nMFSA 2010-66 / CVE-2010-3180: Security researcher Sergey Glazunov\nreported that it was possible to access the locationbar property of a\nwindow object after it had been closed. Since the closed window's\nmemory could have been subsequently reused by the system it was\npossible that an attempt to access the locationbar property could\nresult in the execution of attacker-controlled memory.\n\nMFSA 2010-67 / CVE-2010-3183: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative that when\nwindow.__lookupGetter__ is called with no arguments the code assumes\nthe top JavaScript stack value is a property name. Since there were no\narguments passed into the function, the top value could represent\nuninitialized memory or a pointer to a previously freed JavaScript\nobject. Under such circumstances the value is passed to another\nsubroutine which calls through the dangling pointer, potentially\nexecuting attacker-controlled memory.\n\nMFSA 2010-68 / CVE-2010-3177: Google security researcher Robert\nSwiecki reported that functions used by the Gopher parser to convert\ntext to HTML tags could be exploited to turn text into executable\nJavaScript. If an attacker could create a file or directory on a\nGopher server with the encoded script as part of its name the script\nwould then run in a victim's browser within the context of the site.\n\nMFSA 2010-69 / CVE-2010-3178: Security researcher Eduardo Vela Nava\nreported that if a web page opened a new window and used a javascript:\nURL to make a modal call, such as alert(), then subsequently navigated\nthe page to a different domain, once the modal call returned the\nopener of the window could get access to objects in the navigated\nwindow. This is a violation of the same-origin policy and could be\nused by an attacker to steal information from another website.\n\nMFSA 2010-70 / CVE-2010-3170: Security researcher Richard Moore\nreported that when an SSL certificate was created with a common name\ncontaining a wildcard followed by a partial IP address a valid SSL\nconnection could be established with a server whose IP address matched\nthe wildcard range by browsing directly to the IP address. It is\nextremely unlikely that such a certificate would be issued by a\nCertificate Authority.\n\nMFSA 2010-71 / CVE-2010-3182: Dmitri Gribenko reported that the script\nused to launch Mozilla applications on Linux was effectively including\nthe current working directory in the LD_LIBRARY_PATH environment\nvariable. If an attacker was able to place into the current working\ndirectory a malicious shared library with the same name as a library\nthat the bootstrapping script depends on the attacker could have their\nlibrary loaded instead of the legitimate library.\n\nMFSA 2010-73 / CVE-2010-3765: Morten Kråkvik of Telenor SOC\nreported an exploit targeting particular versions of Firefox 3.6 on\nWindows XP that Telenor found while investigating an intrusion attempt\non a customer network. The underlying vulnerability, however, was\npresent on both the Firefox 3.5 and Firefox 3.6 development branches\nand affected all supported platforms.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=645315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649492\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaFirefox-3.6.12-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaFirefox-branding-upstream-3.6.12-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaFirefox-translations-common-3.6.12-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaFirefox-translations-other-3.6.12-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-js192-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner192-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner192-buildsymbols-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner192-devel-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner192-gnome-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner192-translations-common-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mozilla-xulrunner192-translations-other-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"mozilla-js192-32bit-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-common-32bit-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-other-32bit-1.9.2.12-0.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:45:16", "description": "A race condition flaw was found in the way Thunderbird handled\nDocument Object Model (DOM) element properties. An HTML mail message\ncontaining malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-3175,\nCVE-2010-3176, CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird had loaded. (CVE-2010-3178)\n\nNote: JavaScript support is disabled by default in Thunderbird. The\nabove issues are not exploitable unless JavaScript is enabled.\n\nA flaw was found in the script that launches Thunderbird. The\nLD_LIBRARY_PATH variable was appending a '.' character, which could\nallow a local attacker to execute arbitrary code with the privileges\nof a different user running Thunderbird, if that user ran Thunderbird\nfrom within an attacker-controlled directory. (CVE-2010-3182)\n\nAll running instances of Thunderbird must be restarted for the update\nto take effect.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20101117_THUNDERBIRD_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60905", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60905);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A race condition flaw was found in the way Thunderbird handled\nDocument Object Model (DOM) element properties. An HTML mail message\ncontaining malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-3175,\nCVE-2010-3176, CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird had loaded. (CVE-2010-3178)\n\nNote: JavaScript support is disabled by default in Thunderbird. The\nabove issues are not exploitable unless JavaScript is enabled.\n\nA flaw was found in the script that launches Thunderbird. The\nLD_LIBRARY_PATH variable was appending a '.' character, which could\nallow a local attacker to execute arbitrary code with the privileges\nof a different user running Thunderbird, if that user ran Thunderbird\nfrom within an attacker-controlled directory. (CVE-2010-3182)\n\nAll running instances of Thunderbird must be restarted for the update\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=6154\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1ed498fa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-3.1.6-1.el6_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:08:34", "description": "An updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA race condition flaw was found in the way Thunderbird handled\nDocument Object Model (DOM) element properties. An HTML mail message\ncontaining malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-3175,\nCVE-2010-3176, CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird had loaded. (CVE-2010-3178)\n\nNote: JavaScript support is disabled by default in Thunderbird. The\nabove issues are not exploitable unless JavaScript is enabled.\n\nA flaw was found in the script that launches Thunderbird. The\nLD_LIBRARY_PATH variable was appending a '.' character, which could\nallow a local attacker to execute arbitrary code with the privileges\nof a different user running Thunderbird, if that user ran Thunderbird\nfrom within an attacker-controlled directory. (CVE-2010-3182)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.", "edition": 30, "published": "2010-11-18T00:00:00", "title": "RHEL 6 : thunderbird (RHSA-2010:0896)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2010-11-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:thunderbird", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "REDHAT-RHSA-2010-0896.NASL", "href": "https://www.tenable.com/plugins/nessus/50648", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0896. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50648);\n script_version(\"1.29\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n script_bugtraq_id(44243, 44245, 44247, 44248, 44249, 44251, 44252, 44425);\n script_xref(name:\"RHSA\", value:\"2010:0896\");\n\n script_name(english:\"RHEL 6 : thunderbird (RHSA-2010:0896)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA race condition flaw was found in the way Thunderbird handled\nDocument Object Model (DOM) element properties. An HTML mail message\ncontaining malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-3175,\nCVE-2010-3176, CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird had loaded. (CVE-2010-3178)\n\nNote: JavaScript support is disabled by default in Thunderbird. The\nabove issues are not exploitable unless JavaScript is enabled.\n\nA flaw was found in the script that launches Thunderbird. The\nLD_LIBRARY_PATH variable was appending a '.' character, which could\nallow a local attacker to execute arbitrary code with the privileges\nof a different user running Thunderbird, if that user ran Thunderbird\nfrom within an attacker-controlled directory. (CVE-2010-3182)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3765\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0896\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0896\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-3.1.6-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-3.1.6-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-3.1.6-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-debuginfo-3.1.6-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-debuginfo-3.1.6-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-3.1.6-1.el6_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:09", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765"], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nA race condition flaw was found in the way Firefox handled Document Object\nModel (DOM) element properties. Malicious HTML content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Firefox. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183,\nCVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in Firefox converted text\ninto HTML. A malformed file name on a Gopher server could, when accessed by\na victim running Firefox, allow arbitrary JavaScript to be executed in the\ncontext of the Gopher domain. (CVE-2010-3177)\n\nA same-origin policy bypass flaw was found in Firefox. An attacker could\ncreate a malicious web page that, when viewed by a victim, could steal\nprivate data from a different website the victim had loaded with Firefox.\n(CVE-2010-3178)\n\nA flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH\nvariable was appending a \".\" character, which could allow a local attacker\nto execute arbitrary code with the privileges of a different user running\nFirefox, if that user ran Firefox from within an attacker-controlled\ndirectory. (CVE-2010-3182)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.11 and 3.6.12. You can find links to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.12, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n", "modified": "2018-06-06T20:24:18", "published": "2010-11-10T05:00:00", "id": "RHSA-2010:0861", "href": "https://access.redhat.com/errata/RHSA-2010:0861", "type": "redhat", "title": "(RHSA-2010:0861) Critical: firefox security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:47:14", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nA race condition flaw was found in the way Thunderbird handled Document\nObject Model (DOM) element properties. An HTML mail message containing\nmalicious content could cause Thunderbird to crash or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179,\nCVE-2010-3180, CVE-2010-3183)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird had loaded. (CVE-2010-3178)\n\nNote: JavaScript support is disabled by default in Thunderbird. The above\nissues are not exploitable unless JavaScript is enabled.\n\nA flaw was found in the script that launches Thunderbird. The\nLD_LIBRARY_PATH variable was appending a \".\" character, which could allow a\nlocal attacker to execute arbitrary code with the privileges of a different\nuser running Thunderbird, if that user ran Thunderbird from within an\nattacker-controlled directory. (CVE-2010-3182)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n", "modified": "2018-06-06T20:24:28", "published": "2010-11-17T05:00:00", "id": "RHSA-2010:0896", "href": "https://access.redhat.com/errata/RHSA-2010:0896", "type": "redhat", "title": "(RHSA-2010:0896) Moderate: thunderbird security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:53", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3170", "CVE-2010-3173", "CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183"], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox. Network Security Services (NSS) is\na set of libraries designed to support the development of security-enabled\nclient and server applications.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183,\nCVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in Firefox converted text\ninto HTML. A malformed file name on a Gopher server could, when accessed by\na victim running Firefox, allow arbitrary JavaScript to be executed in the\ncontext of the Gopher domain. (CVE-2010-3177)\n\nA same-origin policy bypass flaw was found in Firefox. An attacker could\ncreate a malicious web page that, when viewed by a victim, could steal\nprivate data from a different website the victim has loaded with Firefox.\n(CVE-2010-3178)\n\nA flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH\nvariable was appending a \".\" character, which could allow a local attacker\nto execute arbitrary code with the privileges of a different user running\nFirefox, if that user ran Firefox from within an attacker-controlled\ndirectory. (CVE-2010-3182)\n\nThis update also provides NSS version 3.12.8 which is required by the\nupdated Firefox version, fixing the following security issues:\n\nIt was found that the SSL DHE (Diffie-Hellman Ephemeral) mode\nimplementation for key exchanges in Firefox accepted DHE keys that were 256\nbits in length. This update removes support for 256 bit DHE keys, as such\nkeys are easily broken using modern hardware. (CVE-2010-3173)\n\nA flaw was found in the way NSS matched SSL certificates when the\ncertificates had a Common Name containing a wildcard and a partial IP\naddress. NSS incorrectly accepted connections to IP addresses that fell\nwithin the SSL certificate's wildcard range as valid SSL connections,\npossibly allowing an attacker to conduct a man-in-the-middle attack.\n(CVE-2010-3170)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.11. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.11, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n", "modified": "2017-09-08T12:08:55", "published": "2010-10-19T04:00:00", "id": "RHSA-2010:0782", "href": "https://access.redhat.com/errata/RHSA-2010:0782", "type": "redhat", "title": "(RHSA-2010:0782) Critical: firefox security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-12-21T11:32:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "description": "Check for the Version of mozvoikko", "modified": "2017-12-20T00:00:00", "published": "2010-11-16T00:00:00", "id": "OPENVAS:862531", "href": "http://plugins.openvas.org/nasl.php?oid=862531", "type": "openvas", "title": "Fedora Update for mozvoikko FEDORA-2010-16885", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mozvoikko FEDORA-2010-16885\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mozvoikko on Fedora 12\";\ntag_insight = \"This is mozvoikko, an extension for Mozilla programs for using the Finnish\n spell-checker Voikko.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050159.html\");\n script_id(862531);\n script_version(\"$Revision: 8186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16885\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for mozvoikko FEDORA-2010-16885\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mozvoikko\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"mozvoikko\", rpm:\"mozvoikko~1.0~14.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "description": "Check for the Version of xulrunner", "modified": "2017-12-22T00:00:00", "published": "2010-12-02T00:00:00", "id": "OPENVAS:862651", "href": "http://plugins.openvas.org/nasl.php?oid=862651", "type": "openvas", "title": "Fedora Update for xulrunner FEDORA-2010-16897", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xulrunner FEDORA-2010-16897\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xulrunner on Fedora 14\";\ntag_insight = \"XULRunner provides the XUL Runtime environment for Gecko applications.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050078.html\");\n script_id(862651);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16897\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for xulrunner FEDORA-2010-16897\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xulrunner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.12~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:48:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "description": "Check for the Version of gnome-web-photo", "modified": "2017-12-13T00:00:00", "published": "2010-12-02T00:00:00", "id": "OPENVAS:862581", "href": "http://plugins.openvas.org/nasl.php?oid=862581", "type": "openvas", "title": "Fedora Update for gnome-web-photo FEDORA-2010-16897", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-web-photo FEDORA-2010-16897\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-web-photo on Fedora 14\";\ntag_insight = \"gnome-web-photo contains a thumbnailer that will be used by GNOME applications,\n including the file manager, to generate screenshots of web pages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050080.html\");\n script_id(862581);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16897\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for gnome-web-photo FEDORA-2010-16897\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnome-web-photo\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-web-photo\", rpm:\"gnome-web-photo~0.9~15.fc14.1\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:33:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "description": "Check for the Version of perl-Gtk2-MozEmbed", "modified": "2017-12-20T00:00:00", "published": "2010-11-16T00:00:00", "id": "OPENVAS:1361412562310862503", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862503", "type": "openvas", "title": "Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16885", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16885\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"perl-Gtk2-MozEmbed on Fedora 12\";\ntag_insight = \"This module allows you to use the Mozilla embedding widget from Perl.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050157.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862503\");\n script_version(\"$Revision: 8187 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 08:30:09 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16885\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16885\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of perl-Gtk2-MozEmbed\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-Gtk2-MozEmbed\", rpm:\"perl-Gtk2-MozEmbed~0.08~6.fc12.17\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:53:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "description": "Check for the Version of gnome-python2-extras", "modified": "2017-12-22T00:00:00", "published": "2010-11-16T00:00:00", "id": "OPENVAS:862512", "href": "http://plugins.openvas.org/nasl.php?oid=862512", "type": "openvas", "title": "Fedora Update for gnome-python2-extras FEDORA-2010-16885", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-python2-extras FEDORA-2010-16885\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-python2-extras on Fedora 12\";\ntag_insight = \"The gnome-python-extra package contains the source packages for additional\n Python bindings for GNOME. It should be used together with gnome-python.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050155.html\");\n script_id(862512);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16885\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for gnome-python2-extras FEDORA-2010-16885\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnome-python2-extras\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-extras\", rpm:\"gnome-python2-extras~2.25.3~22.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-22T13:05:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "description": "Check for the Version of gnome-python2-extras", "modified": "2018-01-22T00:00:00", "published": "2010-11-16T00:00:00", "id": "OPENVAS:1361412562310862512", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862512", "type": "openvas", "title": "Fedora Update for gnome-python2-extras FEDORA-2010-16885", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-python2-extras FEDORA-2010-16885\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-python2-extras on Fedora 12\";\ntag_insight = \"The gnome-python-extra package contains the source packages for additional\n Python bindings for GNOME. It should be used together with gnome-python.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050155.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862512\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16885\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for gnome-python2-extras FEDORA-2010-16885\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnome-python2-extras\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-extras\", rpm:\"gnome-python2-extras~2.25.3~22.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:04:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "description": "Check for the Version of mozvoikko", "modified": "2018-01-17T00:00:00", "published": "2010-11-16T00:00:00", "id": "OPENVAS:1361412562310862531", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862531", "type": "openvas", "title": "Fedora Update for mozvoikko FEDORA-2010-16885", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mozvoikko FEDORA-2010-16885\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mozvoikko on Fedora 12\";\ntag_insight = \"This is mozvoikko, an extension for Mozilla programs for using the Finnish\n spell-checker Voikko.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050159.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862531\");\n script_version(\"$Revision: 8447 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:12:19 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16885\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for mozvoikko FEDORA-2010-16885\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mozvoikko\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"mozvoikko\", rpm:\"mozvoikko~1.0~14.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:11:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "description": "Check for the Version of perl-Gtk2-MozEmbed", "modified": "2017-12-11T00:00:00", "published": "2010-11-16T00:00:00", "id": "OPENVAS:862503", "href": "http://plugins.openvas.org/nasl.php?oid=862503", "type": "openvas", "title": "Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16885", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16885\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"perl-Gtk2-MozEmbed on Fedora 12\";\ntag_insight = \"This module allows you to use the Mozilla embedding widget from Perl.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050157.html\");\n script_id(862503);\n script_version(\"$Revision: 8068 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-11 07:31:34 +0100 (Mon, 11 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16885\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16885\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of perl-Gtk2-MozEmbed\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-Gtk2-MozEmbed\", rpm:\"perl-Gtk2-MozEmbed~0.08~6.fc12.17\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-17T11:05:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "description": "Check for the Version of xulrunner", "modified": "2018-01-16T00:00:00", "published": "2010-11-16T00:00:00", "id": "OPENVAS:1361412562310862508", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862508", "type": "openvas", "title": "Fedora Update for xulrunner FEDORA-2010-16885", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xulrunner FEDORA-2010-16885\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xulrunner on Fedora 12\";\ntag_insight = \"XULRunner provides the XUL Runtime environment for Gecko applications.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050156.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862508\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16885\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for xulrunner FEDORA-2010-16885\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xulrunner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.1.15~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:33:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "description": "Check for the Version of gnome-web-photo", "modified": "2017-12-20T00:00:00", "published": "2010-11-16T00:00:00", "id": "OPENVAS:1361412562310862504", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862504", "type": "openvas", "title": "Fedora Update for gnome-web-photo FEDORA-2010-16885", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-web-photo FEDORA-2010-16885\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-web-photo on Fedora 12\";\ntag_insight = \"gnome-web-photo contains a thumbnailer that will be used by GNOME applications,\n including the file manager, to generate screenshots of web pages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050158.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862504\");\n script_version(\"$Revision: 8187 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 08:30:09 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16885\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for gnome-web-photo FEDORA-2010-16885\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnome-web-photo\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-web-photo\", rpm:\"gnome-web-photo~0.9~11.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765"], "description": "This module allows you to use the Mozilla embedding widget from Perl. ", "modified": "2010-10-30T23:43:33", "published": "2010-10-30T23:43:33", "id": "FEDORA:888F91114C4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: perl-Gtk2-MozEmbed-0.08-6.fc12.17", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765"], "description": "The gnome-python-extra package contains the source packages for additional Python bindings for GNOME. It should be used together with gnome-python. ", "modified": "2010-10-30T23:43:33", "published": "2010-10-30T23:43:33", "id": "FEDORA:8D8561114FA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: gnome-python2-extras-2.25.3-22.fc12", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765"], "description": "This module allows you to use the Mozilla embedding widget from Perl. ", "modified": "2010-10-28T22:18:30", "published": "2010-10-28T22:18:30", "id": "FEDORA:2BDFB110B9D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: perl-Gtk2-MozEmbed-0.08-6.fc14.21", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765"], "description": "gnome-web-photo contains a thumbnailer that will be used by GNOME applicati ons, including the file manager, to generate screenshots of web pages. ", "modified": "2010-10-28T22:18:30", "published": "2010-10-28T22:18:30", "id": "FEDORA:28B3A110A7E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: gnome-web-photo-0.9-15.fc14.1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765"], "description": "The gnome-python-extra package contains the source packages for additional Python bindings for GNOME. It should be used together with gnome-python. ", "modified": "2010-10-28T22:18:30", "published": "2010-10-28T22:18:30", "id": "FEDORA:2EE4A110C13", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: gnome-python2-extras-2.25.3-25.fc14.1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765"], "description": "XULRunner provides the XUL Runtime environment for Gecko applications. ", "modified": "2010-10-30T23:43:33", "published": "2010-10-30T23:43:33", "id": "FEDORA:23B8C11134C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: xulrunner-1.9.1.15-1.fc12", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. ", "modified": "2010-10-28T22:18:30", "published": "2010-10-28T22:18:30", "id": "FEDORA:11C5310F9AA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: firefox-3.6.12-1.fc14", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765"], "description": "Galeon is a web browser built around Gecko (Mozilla's rendering engine) and Necko (Mozilla's networking engine). It's a GNOME web browser, designed to take advantage of as many GNOME technologies as makes sense. Galeon was written to do just one thing - browse the web. ", "modified": "2010-10-30T23:43:33", "published": "2010-10-30T23:43:33", "id": "FEDORA:9385211155E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: galeon-2.0.7-27.fc12", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765"], "description": "This is mozvoikko, an extension for Mozilla programs for using the Finnish spell-checker Voikko. ", "modified": "2010-10-28T22:18:30", "published": "2010-10-28T22:18:30", "id": "FEDORA:241B01108E5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: mozvoikko-1.0-16.fc14.1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765"], "description": "Galeon is a web browser built around Gecko (Mozilla's rendering engine) and Necko (Mozilla's networking engine). It's a GNOME web browser, designed to take advantage of as many GNOME technologies as makes sense. Galeon was written to do just one thing - browse the web. ", "modified": "2010-10-28T22:18:30", "published": "2010-10-28T22:18:30", "id": "FEDORA:31BB4110C58", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: galeon-2.0.7-35.fc14.1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T01:38:31", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "description": "Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary \nKwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered \nvarious flaws in the browser engine. An attacker could exploit this to \ncrash the browser or possibly run arbitrary code as the user invoking the \nprogram. (CVE-2010-3175, CVE-2010-3176)\n\nAlexander Miller, Sergey Glazunov, and others discovered several flaws in \nthe JavaScript engine. An attacker could exploit this to crash the browser \nor possibly run arbitrary code as the user invoking the program. \n(CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)\n\nRobert Swiecki discovered that Firefox did not properly validate Gopher \nURLs. If a user were tricked into opening a crafted file via Gopher, an \nattacker could possibly run arbitrary JavaScript. (CVE-2010-3177)\n\nEduardo Vela Nava discovered that Firefox could be made to violate the \nsame-origin policy by using modal calls with JavaScript. An attacker could \nexploit this to steal information from another site. (CVE-2010-3178)\n\nDmitri GribenkoDmitri Gribenko discovered that Firefox did not properly \nsetup the LD_LIBRARY_PATH environment variable. A local attacker could \nexploit this to execute arbitrary code as the user invoking the program. \n(CVE-2010-3182)", "edition": 5, "modified": "2010-10-20T00:00:00", "published": "2010-10-20T00:00:00", "id": "USN-997-1", "href": "https://ubuntu.com/security/notices/USN-997-1", "title": "Firefox and Xulrunner vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:27:03", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "description": "Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary \nKwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered \nvarious flaws in the browser engine. An attacker could exploit this to \ncrash Thunderbird or possibly run arbitrary code as the user invoking the \nprogram. (CVE-2010-3175, CVE-2010-3176)\n\nAlexander Miller, Sergey Glazunov, and others discovered several flaws in \nthe JavaScript engine. If JavaScript were enabled, an attacker could \nexploit this to crash Thunderbird or possibly run arbitrary code as the \nuser invoking the program. (CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)\n\nEduardo Vela Nava discovered that Thunderbird could be made to violate the \nsame-origin policy by using modal calls with JavaScript. If JavaScript were \nenabled, an attacker could exploit this to steal information from another \nsite. (CVE-2010-3178)\n\nDmitri GribenkoDmitri Gribenko discovered that Thunderbird did not properly \nsetup the LD_LIBRARY_PATH environment variable. A local attacker could \nexploit this to execute arbitrary code as the user invoking the program. \n(CVE-2010-3182)", "edition": 5, "modified": "2010-10-20T00:00:00", "published": "2010-10-20T00:00:00", "id": "USN-998-1", "href": "https://ubuntu.com/security/notices/USN-998-1", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:25:04", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0782\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox. Network Security Services (NSS) is\na set of libraries designed to support the development of security-enabled\nclient and server applications.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183,\nCVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in Firefox converted text\ninto HTML. A malformed file name on a Gopher server could, when accessed by\na victim running Firefox, allow arbitrary JavaScript to be executed in the\ncontext of the Gopher domain. (CVE-2010-3177)\n\nA same-origin policy bypass flaw was found in Firefox. An attacker could\ncreate a malicious web page that, when viewed by a victim, could steal\nprivate data from a different website the victim has loaded with Firefox.\n(CVE-2010-3178)\n\nA flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH\nvariable was appending a \".\" character, which could allow a local attacker\nto execute arbitrary code with the privileges of a different user running\nFirefox, if that user ran Firefox from within an attacker-controlled\ndirectory. (CVE-2010-3182)\n\nThis update also provides NSS version 3.12.8 which is required by the\nupdated Firefox version, fixing the following security issues:\n\nIt was found that the SSL DHE (Diffie-Hellman Ephemeral) mode\nimplementation for key exchanges in Firefox accepted DHE keys that were 256\nbits in length. This update removes support for 256 bit DHE keys, as such\nkeys are easily broken using modern hardware. (CVE-2010-3173)\n\nA flaw was found in the way NSS matched SSL certificates when the\ncertificates had a Common Name containing a wildcard and a partial IP\naddress. NSS incorrectly accepted connections to IP addresses that fell\nwithin the SSL certificate's wildcard range as valid SSL connections,\npossibly allowing an attacker to conduct a man-in-the-middle attack.\n(CVE-2010-3170)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.11. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.11, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029131.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029132.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029151.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029152.html\n\n**Affected packages:**\nfirefox\nnss\nnss-devel\nnss-pkcs11-devel\nnss-tools\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0782.html", "edition": 3, "modified": "2010-10-25T12:24:38", "published": "2010-10-20T14:29:05", "href": "http://lists.centos.org/pipermail/centos-announce/2010-October/029131.html", "id": "CESA-2010:0782", "title": "firefox, nss, xulrunner security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:46", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "description": "firefox:\n[3.6.11-2.0.1.el5]\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding Red Hat ones\n[3.6.11-2]\n- Update to 3.6.11 Build 2\n[3.6.11-1]\n- Update to 3.6.11\nnss:\n[3.12.8-1.0.1.el5]\n- Update clean.gif in the nss-3.12.8-stripped.tar.bz2 tarball\n[3.12.8-1]\n- Update to 3.12.8\nxulrunner:\n[1.9.2.11-2.0.1.el5]\n- Added xulrunner-oracle-default-prefs.js and removed the corresponding\n RedHat one.\n[1.9.2.11-2]\n- Update to 1.9.2.11 Build 2\n[1.9.2.11-1]\n- Update to 1.9.2.11", "edition": 4, "modified": "2010-10-20T00:00:00", "published": "2010-10-20T00:00:00", "id": "ELSA-2010-0782", "href": "http://linux.oracle.com/errata/ELSA-2010-0782.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}