Search...

SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 6425)

2013-01-25T00:00:00

ID SUSE_11_MOZILLAFIREFOX-120611.NASL
Type nessus
Reporter This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.
Modified 2013-01-25T00:00:00

Description

Mozilla Firefox has been updated to 10.0.5ESR fixing various bugs and security issues.

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2012-34)

In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References

Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy reported memory safety problems and crashes that affect Firefox 12. (CVE-2012-1938)

Christian Holler reported a memory safety problem that affects Firefox ESR. (CVE-2012-1939)

Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman reported memory safety problems and crashes that affect Firefox ESR and Firefox 13. (CVE-2012-1937)

Ken Russell of Google reported a bug in NVIDIA graphics drivers that they needed to work around in the Chromium WebGL implementation. Mozilla has done the same in Firefox 13 and ESR 10.0.5. (CVE-2011-3101)

Security researcher James Forshaw of Context Information Security found two issues with the Mozilla updater and the Mozilla updater service introduced in Firefox 12 for Windows. The first issue allows Mozilla's updater to load a local DLL file in a privileged context. The updater can be called by the Updater Service or independently on systems that do not use the service. The second of these issues allows for the updater service to load an arbitrary local DLL file, which can then be run with the same system privileges used by the service. Both of these issues require local file system access to be exploitable. (MFSA 2012-35)

Possible Arbitrary Code Execution by Update Service (CVE-2012-1942) Updater.exe loads wsock32.dll from application directory. (CVE-2012-1943)

Security researcher Adam Barth found that inline event handlers, such as onclick, were no longer blocked by Content Security Policy's (CSP) inline-script blocking feature. Web applications relying on this feature of CSP to protect against cross-site scripting (XSS) were not fully protected. (CVE-2012-1944). (MFSA 2012-36)

Security researcher Paul Stone reported an attack where an HTML page hosted on a Windows share and then loaded could then load Windows shortcut files (.lnk) in the same share. These shortcut files could then link to arbitrary locations on the local file system of the individual loading the HTML page. That page could show the contents of these linked files or directories from the local file system in an iframe, causing information disclosure. (MFSA 2012-37)

This issue could potentially affect Linux machines with samba shares enabled. (CVE-2012-1945)

Security researcher Arthur Gerkis used the Address Sanitizer tool to find a use-after-free while replacing/inserting a node in a document. This use-after-free could possibly allow for remote code execution. (CVE-2012-1946). (MFSA 2012-38)

Security researcher Kaspar Brand found a flaw in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. Effects of this issue depend on the field. One known symptom is an unexploitable crash in handling OCSP responses. NSS also mishandles zero-length basic constraints, assuming default values for some types that should be rejected as malformed. These issues have been addressed in NSS 3.13.4, which is now being used by Mozilla. (CVE-2012-0441). (MFSA 2012-39)

Security researcher Abhishek Arya of Google used the Address Sanitizer tool to uncover several issues: two heap buffer overflow bugs and a use-after-free problem. The first heap buffer overflow was found in conversion from unicode to native character sets when the function fails. The use-after-free occurs in nsFrameList when working with column layout with absolute positioning in a container that changes size. The second buffer overflow occurs in nsHTMLReflowState when a window is resized on a page with nested columns and a combination of absolute and relative positioning. All three of these issues are potentially exploitable. (MFSA 2012-40)

Heap-buffer-overflow in utf16_to_isolatin1 (CVE-2012-1947) Heap-use-after-free in nsFrameList::FirstChild. (CVE-2012-1940)

Heap-buffer-overflow in nsHTMLReflowState::CalculateHypotheticalBox, with nested multi-column, relative position, and absolute position. (CVE-2012-1941)

More information on security issues can be found on: http://www.mozilla.org/security/announce/

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL &lt; 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(64208);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2011-3101", "CVE-2012-0441", "CVE-2012-1937", "CVE-2012-1938", "CVE-2012-1939", "CVE-2012-1940", "CVE-2012-1941", "CVE-2012-1942", "CVE-2012-1943", "CVE-2012-1944", "CVE-2012-1945", "CVE-2012-1946", "CVE-2012-1947");

  script_name(english:"SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 6425)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Mozilla Firefox has been updated to 10.0.5ESR fixing various bugs and
security issues.

  - Mozilla developers identified and fixed several memory
    safety bugs in the browser engine used in Firefox and
    other Mozilla-based products. Some of these bugs showed
    evidence of memory corruption under certain
    circumstances, and we presume that with enough effort at
    least some of these could be exploited to run arbitrary
    code. (MFSA 2012-34)

    In general these flaws cannot be exploited through email
    in the Thunderbird and SeaMonkey products because
    scripting is disabled, but are potentially a risk in
    browser or browser-like contexts in those products.
    References

    Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian
    Holler, Andrew McCreight, and Brian Bondy reported
    memory safety problems and crashes that affect Firefox
    12. (CVE-2012-1938)

    Christian Holler reported a memory safety problem that
    affects Firefox ESR. (CVE-2012-1939)

    Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse
    Ruderman reported memory safety problems and crashes
    that affect Firefox ESR and Firefox 13. (CVE-2012-1937)

    Ken Russell of Google reported a bug in NVIDIA graphics
    drivers that they needed to work around in the Chromium
    WebGL implementation. Mozilla has done the same in
    Firefox 13 and ESR 10.0.5. (CVE-2011-3101)

  - Security researcher James Forshaw of Context Information
    Security found two issues with the Mozilla updater and
    the Mozilla updater service introduced in Firefox 12 for
    Windows. The first issue allows Mozilla's updater to
    load a local DLL file in a privileged context. The
    updater can be called by the Updater Service or
    independently on systems that do not use the service.
    The second of these issues allows for the updater
    service to load an arbitrary local DLL file, which can
    then be run with the same system privileges used by the
    service. Both of these issues require local file system
    access to be exploitable. (MFSA 2012-35)

    Possible Arbitrary Code Execution by Update Service
    (CVE-2012-1942) Updater.exe loads wsock32.dll from
    application directory. (CVE-2012-1943)

  - Security researcher Adam Barth found that inline event
    handlers, such as onclick, were no longer blocked by
    Content Security Policy's (CSP) inline-script blocking
    feature. Web applications relying on this feature of CSP
    to protect against cross-site scripting (XSS) were not
    fully protected. (CVE-2012-1944). (MFSA 2012-36)

  - Security researcher Paul Stone reported an attack where
    an HTML page hosted on a Windows share and then loaded
    could then load Windows shortcut files (.lnk) in the
    same share. These shortcut files could then link to
    arbitrary locations on the local file system of the
    individual loading the HTML page. That page could show
    the contents of these linked files or directories from
    the local file system in an iframe, causing information
    disclosure. (MFSA 2012-37)

    This issue could potentially affect Linux machines with
    samba shares enabled. (CVE-2012-1945)

  - Security researcher Arthur Gerkis used the Address
    Sanitizer tool to find a use-after-free while
    replacing/inserting a node in a document. This
    use-after-free could possibly allow for remote code
    execution. (CVE-2012-1946). (MFSA 2012-38)

  - Security researcher Kaspar Brand found a flaw in how the
    Network Security Services (NSS) ASN.1 decoder handles
    zero length items. Effects of this issue depend on the
    field. One known symptom is an unexploitable crash in
    handling OCSP responses. NSS also mishandles zero-length
    basic constraints, assuming default values for some
    types that should be rejected as malformed. These issues
    have been addressed in NSS 3.13.4, which is now being
    used by Mozilla. (CVE-2012-0441). (MFSA 2012-39)

  - Security researcher Abhishek Arya of Google used the
    Address Sanitizer tool to uncover several issues: two
    heap buffer overflow bugs and a use-after-free problem.
    The first heap buffer overflow was found in conversion
    from unicode to native character sets when the function
    fails. The use-after-free occurs in nsFrameList when
    working with column layout with absolute positioning in
    a container that changes size. The second buffer
    overflow occurs in nsHTMLReflowState when a window is
    resized on a page with nested columns and a combination
    of absolute and relative positioning. All three of these
    issues are potentially exploitable. (MFSA 2012-40)

    Heap-buffer-overflow in utf16_to_isolatin1
    (CVE-2012-1947) Heap-use-after-free in
    nsFrameList::FirstChild. (CVE-2012-1940)

    Heap-buffer-overflow in
    nsHTMLReflowState::CalculateHypotheticalBox, with nested
    multi-column, relative position, and absolute position.
    (CVE-2012-1941)

More information on security issues can be found on:
http://www.mozilla.org/security/announce/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.mozilla.org/security/announce/2012/mfsa2012-34.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.mozilla.org/security/announce/2012/mfsa2012-35.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.mozilla.org/security/announce/2012/mfsa2012-36.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.mozilla.org/security/announce/2012/mfsa2012-37.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.mozilla.org/security/announce/2012/mfsa2012-38.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.mozilla.org/security/announce/2012/mfsa2012-39.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.mozilla.org/security/announce/2012/mfsa2012-40.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=765204"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-3101.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-0441.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-1937.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-1938.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-1939.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-1940.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-1941.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-1942.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-1943.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-1944.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-1945.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-1946.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-1947.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply SAT patch number 6425.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:MozillaFirefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libfreebl3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nspr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nspr-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nss");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/06/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" &gt;!&lt; cpu && "s390x" &gt;!&lt; cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1");


flag = 0;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"MozillaFirefox-10.0.5-0.3.6")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"MozillaFirefox-translations-10.0.5-0.3.6")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libfreebl3-3.13.5-0.4.2")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"mozilla-nspr-4.9.1-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"mozilla-nss-3.13.5-0.4.2")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"mozilla-nss-tools-3.13.5-0.4.2")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"MozillaFirefox-10.0.5-0.3.6")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"MozillaFirefox-translations-10.0.5-0.3.6")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libfreebl3-3.13.5-0.4.2")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libfreebl3-32bit-3.13.5-0.4.2")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-nspr-4.9.1-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-nspr-32bit-4.9.1-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-nss-3.13.5-0.4.2")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-nss-32bit-3.13.5-0.4.2")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-nss-tools-3.13.5-0.4.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"MozillaFirefox-10.0.5-0.3.6")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"MozillaFirefox-translations-10.0.5-0.3.6")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"libfreebl3-3.13.5-0.4.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"mozilla-nspr-4.9.1-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"mozilla-nss-3.13.5-0.4.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"mozilla-nss-tools-3.13.5-0.4.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"libfreebl3-32bit-3.13.5-0.4.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"mozilla-nspr-32bit-4.9.1-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"mozilla-nss-32bit-3.13.5-0.4.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"libfreebl3-32bit-3.13.5-0.4.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"mozilla-nspr-32bit-4.9.1-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"mozilla-nss-32bit-3.13.5-0.4.2")) flag++;


if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

JSON Vulners Source

Initial Source

{"id": "SUSE_11_MOZILLAFIREFOX-120611.NASL", "bulletinFamily": "scanner", "title": "SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 6425)", "description": "Mozilla Firefox has been updated to 10.0.5ESR fixing various bugs and\nsecurity issues.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2012-34)\n\n In general these flaws cannot be exploited through email\n in the Thunderbird and SeaMonkey products because\n scripting is disabled, but are potentially a risk in\n browser or browser-like contexts in those products.\n References\n\n Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian\n Holler, Andrew McCreight, and Brian Bondy reported\n memory safety problems and crashes that affect Firefox\n 12. (CVE-2012-1938)\n\n Christian Holler reported a memory safety problem that\n affects Firefox ESR. (CVE-2012-1939)\n\n Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse\n Ruderman reported memory safety problems and crashes\n that affect Firefox ESR and Firefox 13. (CVE-2012-1937)\n\n Ken Russell of Google reported a bug in NVIDIA graphics\n drivers that they needed to work around in the Chromium\n WebGL implementation. Mozilla has done the same in\n Firefox 13 and ESR 10.0.5. (CVE-2011-3101)\n\n - Security researcher James Forshaw of Context Information\n Security found two issues with the Mozilla updater and\n the Mozilla updater service introduced in Firefox 12 for\n Windows. The first issue allows Mozilla's updater to\n load a local DLL file in a privileged context. The\n updater can be called by the Updater Service or\n independently on systems that do not use the service.\n The second of these issues allows for the updater\n service to load an arbitrary local DLL file, which can\n then be run with the same system privileges used by the\n service. Both of these issues require local file system\n access to be exploitable. (MFSA 2012-35)\n\n Possible Arbitrary Code Execution by Update Service\n (CVE-2012-1942) Updater.exe loads wsock32.dll from\n application directory. (CVE-2012-1943)\n\n - Security researcher Adam Barth found that inline event\n handlers, such as onclick, were no longer blocked by\n Content Security Policy's (CSP) inline-script blocking\n feature. Web applications relying on this feature of CSP\n to protect against cross-site scripting (XSS) were not\n fully protected. (CVE-2012-1944). (MFSA 2012-36)\n\n - Security researcher Paul Stone reported an attack where\n an HTML page hosted on a Windows share and then loaded\n could then load Windows shortcut files (.lnk) in the\n same share. These shortcut files could then link to\n arbitrary locations on the local file system of the\n individual loading the HTML page. That page could show\n the contents of these linked files or directories from\n the local file system in an iframe, causing information\n disclosure. (MFSA 2012-37)\n\n This issue could potentially affect Linux machines with\n samba shares enabled. (CVE-2012-1945)\n\n - Security researcher Arthur Gerkis used the Address\n Sanitizer tool to find a use-after-free while\n replacing/inserting a node in a document. This\n use-after-free could possibly allow for remote code\n execution. (CVE-2012-1946). (MFSA 2012-38)\n\n - Security researcher Kaspar Brand found a flaw in how the\n Network Security Services (NSS) ASN.1 decoder handles\n zero length items. Effects of this issue depend on the\n field. One known symptom is an unexploitable crash in\n handling OCSP responses. NSS also mishandles zero-length\n basic constraints, assuming default values for some\n types that should be rejected as malformed. These issues\n have been addressed in NSS 3.13.4, which is now being\n used by Mozilla. (CVE-2012-0441). (MFSA 2012-39)\n\n - Security researcher Abhishek Arya of Google used the\n Address Sanitizer tool to uncover several issues: two\n heap buffer overflow bugs and a use-after-free problem.\n The first heap buffer overflow was found in conversion\n from unicode to native character sets when the function\n fails. The use-after-free occurs in nsFrameList when\n working with column layout with absolute positioning in\n a container that changes size. The second buffer\n overflow occurs in nsHTMLReflowState when a window is\n resized on a page with nested columns and a combination\n of absolute and relative positioning. All three of these\n issues are potentially exploitable. (MFSA 2012-40)\n\n Heap-buffer-overflow in utf16_to_isolatin1\n (CVE-2012-1947) Heap-use-after-free in\n nsFrameList::FirstChild. (CVE-2012-1940)\n\n Heap-buffer-overflow in\n nsHTMLReflowState::CalculateHypotheticalBox, with nested\n multi-column, relative position, and absolute position.\n (CVE-2012-1941)\n\nMore information on security issues can be found on:\nhttp://www.mozilla.org/security/announce/", "published": "2013-01-25T00:00:00", "modified": "2013-01-25T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/64208", "reporter": "This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.", "references": ["http://www.mozilla.org/security/announce/2012/mfsa2012-36.html", "http://www.mozilla.org/security/announce/2012/mfsa2012-37.html", "http://support.novell.com/security/cve/CVE-2012-1940.html", "http://support.novell.com/security/cve/CVE-2012-1941.html", "http://www.mozilla.org/security/announce/2012/mfsa2012-34.html", "http://support.novell.com/security/cve/CVE-2012-1939.html", "http://support.novell.com/security/cve/CVE-2012-1943.html", "http://support.novell.com/security/cve/CVE-2012-1947.html", "https://bugzilla.novell.com/show_bug.cgi?id=765204", "http://support.novell.com/security/cve/CVE-2012-1945.html", "http://www.mozilla.org/security/announce/2012/mfsa2012-40.html", "http://support.novell.com/security/cve/CVE-2011-3101.html", "http://www.mozilla.org/security/announce/2012/mfsa2012-38.html", "http://support.novell.com/security/cve/CVE-2012-1942.html", "http://www.mozilla.org/security/announce/2012/mfsa2012-35.html", "http://support.novell.com/security/cve/CVE-2012-1938.html", "http://support.novell.com/security/cve/CVE-2012-0441.html", "http://www.mozilla.org/security/announce/2012/mfsa2012-39.html", "http://support.novell.com/security/cve/CVE-2012-1946.html", "http://support.novell.com/security/cve/CVE-2012-1944.html", "http://support.novell.com/security/cve/CVE-2012-1937.html"], "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-1942", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937", "CVE-2012-1943"], "type": "nessus", "lastseen": "2021-01-20T14:37:10", "edition": 18, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "suse", "idList": ["SUSE-SU-2012:0746-1", "OPENSUSE-SU-2012:0760-1"]}, {"type": "nessus", "idList": ["UBUNTU_USN-1463-6.NASL", "FREEBSD_PKG_BFECF7C1AF4711E195804061862B8C22.NASL", "SL_20120605_FIREFOX_ON_SL5_X.NASL", "MANDRIVA_MDVSA-2012-088.NASL", "SUSE_MOZILLAFIREFOX-8189.NASL", "SL_20120606_THUNDERBIRD_ON_SL5_X.NASL", "OPENSUSE-2012-333.NASL", "UBUNTU_USN-1463-1.NASL", "UBUNTU_USN-1463-3.NASL", "UBUNTU_USN-1463-4.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12410"]}, {"type": "freebsd", "idList": ["BFECF7C1-AF47-11E1-9580-4061862B8C22"]}, {"type": "openvas", "idList": ["OPENVAS:881109", "OPENVAS:1361412562310831674", "OPENVAS:1361412562310123910", "OPENVAS:1361412562310881200", "OPENVAS:1361412562310831690", "OPENVAS:1361412562310870748", "OPENVAS:831674", "OPENVAS:881200", "OPENVAS:870748", "OPENVAS:831690"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0715", "ELSA-2012-0710"]}, {"type": "ubuntu", "idList": ["USN-1463-1", "USN-1463-4", "USN-1463-3", "USN-1463-6"]}, {"type": "centos", "idList": ["CESA-2012:0715", "CESA-2012:0710"]}, {"type": "redhat", "idList": ["RHSA-2012:0710", "RHSA-2012:0715"]}, {"type": "cve", "idList": ["CVE-2012-1946", "CVE-2012-1942", "CVE-2012-1943", "CVE-2011-3101", "CVE-2012-1947", "CVE-2012-1941", "CVE-2012-1940", "CVE-2012-0441", "CVE-2012-1937", "CVE-2012-1939"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2488-1:66B15", "DEBIAN:DSA-2499-1:C79EB", "DEBIAN:DSA-2489-1:91C90"]}, {"type": "mozilla", "idList": ["MFSA2012-40"]}], "modified": "2021-01-20T14:37:10", "rev": 2}, "score": {"value": 9.6, "vector": "NONE", "modified": "2021-01-20T14:37:10", "rev": 2}, "vulnersScore": 9.6}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64208);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3101\", \"CVE-2012-0441\", \"CVE-2012-1937\", \"CVE-2012-1938\", \"CVE-2012-1939\", \"CVE-2012-1940\", \"CVE-2012-1941\", \"CVE-2012-1942\", \"CVE-2012-1943\", \"CVE-2012-1944\", \"CVE-2012-1945\", \"CVE-2012-1946\", \"CVE-2012-1947\");\n\n script_name(english:\"SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 6425)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox has been updated to 10.0.5ESR fixing various bugs and\nsecurity issues.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2012-34)\n\n In general these flaws cannot be exploited through email\n in the Thunderbird and SeaMonkey products because\n scripting is disabled, but are potentially a risk in\n browser or browser-like contexts in those products.\n References\n\n Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian\n Holler, Andrew McCreight, and Brian Bondy reported\n memory safety problems and crashes that affect Firefox\n 12. (CVE-2012-1938)\n\n Christian Holler reported a memory safety problem that\n affects Firefox ESR. (CVE-2012-1939)\n\n Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse\n Ruderman reported memory safety problems and crashes\n that affect Firefox ESR and Firefox 13. (CVE-2012-1937)\n\n Ken Russell of Google reported a bug in NVIDIA graphics\n drivers that they needed to work around in the Chromium\n WebGL implementation. Mozilla has done the same in\n Firefox 13 and ESR 10.0.5. (CVE-2011-3101)\n\n - Security researcher James Forshaw of Context Information\n Security found two issues with the Mozilla updater and\n the Mozilla updater service introduced in Firefox 12 for\n Windows. The first issue allows Mozilla's updater to\n load a local DLL file in a privileged context. The\n updater can be called by the Updater Service or\n independently on systems that do not use the service.\n The second of these issues allows for the updater\n service to load an arbitrary local DLL file, which can\n then be run with the same system privileges used by the\n service. Both of these issues require local file system\n access to be exploitable. (MFSA 2012-35)\n\n Possible Arbitrary Code Execution by Update Service\n (CVE-2012-1942) Updater.exe loads wsock32.dll from\n application directory. (CVE-2012-1943)\n\n - Security researcher Adam Barth found that inline event\n handlers, such as onclick, were no longer blocked by\n Content Security Policy's (CSP) inline-script blocking\n feature. Web applications relying on this feature of CSP\n to protect against cross-site scripting (XSS) were not\n fully protected. (CVE-2012-1944). (MFSA 2012-36)\n\n - Security researcher Paul Stone reported an attack where\n an HTML page hosted on a Windows share and then loaded\n could then load Windows shortcut files (.lnk) in the\n same share. These shortcut files could then link to\n arbitrary locations on the local file system of the\n individual loading the HTML page. That page could show\n the contents of these linked files or directories from\n the local file system in an iframe, causing information\n disclosure. (MFSA 2012-37)\n\n This issue could potentially affect Linux machines with\n samba shares enabled. (CVE-2012-1945)\n\n - Security researcher Arthur Gerkis used the Address\n Sanitizer tool to find a use-after-free while\n replacing/inserting a node in a document. This\n use-after-free could possibly allow for remote code\n execution. (CVE-2012-1946). (MFSA 2012-38)\n\n - Security researcher Kaspar Brand found a flaw in how the\n Network Security Services (NSS) ASN.1 decoder handles\n zero length items. Effects of this issue depend on the\n field. One known symptom is an unexploitable crash in\n handling OCSP responses. NSS also mishandles zero-length\n basic constraints, assuming default values for some\n types that should be rejected as malformed. These issues\n have been addressed in NSS 3.13.4, which is now being\n used by Mozilla. (CVE-2012-0441). (MFSA 2012-39)\n\n - Security researcher Abhishek Arya of Google used the\n Address Sanitizer tool to uncover several issues: two\n heap buffer overflow bugs and a use-after-free problem.\n The first heap buffer overflow was found in conversion\n from unicode to native character sets when the function\n fails. The use-after-free occurs in nsFrameList when\n working with column layout with absolute positioning in\n a container that changes size. The second buffer\n overflow occurs in nsHTMLReflowState when a window is\n resized on a page with nested columns and a combination\n of absolute and relative positioning. All three of these\n issues are potentially exploitable. (MFSA 2012-40)\n\n Heap-buffer-overflow in utf16_to_isolatin1\n (CVE-2012-1947) Heap-use-after-free in\n nsFrameList::FirstChild. (CVE-2012-1940)\n\n Heap-buffer-overflow in\n nsHTMLReflowState::CalculateHypotheticalBox, with nested\n multi-column, relative position, and absolute position.\n (CVE-2012-1941)\n\nMore information on security issues can be found on:\nhttp://www.mozilla.org/security/announce/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-34.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-35.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-36.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-37.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-38.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-39.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-40.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=765204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3101.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0441.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1937.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1938.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1939.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1940.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1941.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1942.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1943.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1944.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1945.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1946.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1947.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6425.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nspr-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"MozillaFirefox-10.0.5-0.3.6\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"MozillaFirefox-translations-10.0.5-0.3.6\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libfreebl3-3.13.5-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-nspr-4.9.1-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-nss-3.13.5-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-nss-tools-3.13.5-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"MozillaFirefox-10.0.5-0.3.6\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-10.0.5-0.3.6\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libfreebl3-3.13.5-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.13.5-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-nspr-4.9.1-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.1-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-nss-3.13.5-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.13.5-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-nss-tools-3.13.5-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"MozillaFirefox-10.0.5-0.3.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"MozillaFirefox-translations-10.0.5-0.3.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libfreebl3-3.13.5-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-nspr-4.9.1-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-nss-3.13.5-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-nss-tools-3.13.5-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libfreebl3-32bit-3.13.5-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"mozilla-nspr-32bit-4.9.1-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"mozilla-nss-32bit-3.13.5-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.13.5-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.1-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.13.5-0.4.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "64208", "cpe": ["p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-nspr-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-nss", "p-cpe:/a:novell:suse_linux:11:mozilla-nspr", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox", "p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools", "p-cpe:/a:novell:suse_linux:11:libfreebl3", "p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit"], "scheme": null}

{"suse": [{"lastseen": "2016-09-04T12:11:40", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-1942", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937", "CVE-2012-1943"], "description": "MozillaFirefox has been updated to 10.0.5ESR fixing various\n bugs and security issues.\n\n *\n\n MFSA 2012-34 Mozilla developers identified and fixed\n several memory safety bugs in the browser engine used in\n Firefox and other Mozilla-based products. Some of these\n bugs showed evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n In general these flaws cannot be exploited through\n email in the Thunderbird and SeaMonkey products because\n scripting is disabled, but are potentially a risk in\n browser or browser-like contexts in those products.\n References\n\n Jesse Ruderman, Igor Bukanov, Bill McCloskey,\n Christian Holler, Andrew McCreight, and Brian Bondy\n reported memory safety problems and crashes that affect\n Firefox 12.(CVE-2012-1938)\n\n Christian Holler reported a memory safety problem\n that affects Firefox ESR. (CVE-2012-1939)\n\n Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse\n Ruderman reported memory safety problems and crashes that\n affect Firefox ESR and Firefox 13. (CVE-2012-1937)\n\n Ken Russell of Google reported a bug in NVIDIA\n graphics drivers that they needed to work around in the\n Chromium WebGL implementation. Mozilla has done the same in\n Firefox 13 and ESR 10.0.5. (CVE-2011-3101)\n\n *\n\n MFSA 2012-35 Security researcher James Forshaw of\n Context Information Security found two issues with the\n Mozilla updater and the Mozilla updater service introduced\n in Firefox 12 for Windows. The first issue allows Mozilla's\n updater to load a local DLL file in a privileged context.\n The updater can be called by the Updater Service or\n independently on systems that do not use the service. The\n second of these issues allows for the updater service to\n load an arbitrary local DLL file, which can then be run\n with the same system privileges used by the service. Both\n of these issues require local file system access to be\n exploitable.\n\n Possible Arbitrary Code Execution by Update Service\n (CVE-2012-1942) Updater.exe loads wsock32.dll from\n application directory (CVE-2012-1943)\n\n *\n\n MFSA 2012-36 Security researcher Adam Barth found\n that inline event handlers, such as onclick, were no longer\n blocked by Content Security Policy's (CSP) inline-script\n blocking feature. Web applications relying on this feature\n of CSP to protect against cross-site scripting (XSS) were\n not fully protected. (CVE-2012-1944)\n\n *\n\n MFSA 2012-37 Security researcher Paul Stone reported\n an attack where an HTML page hosted on a Windows share and\n then loaded could then load Windows shortcut files (.lnk)\n in the same share. These shortcut files could then link to\n arbitrary locations on the local file system of the\n individual loading the HTML page. That page could show the\n contents of these linked files or directories from the\n local file system in an iframe, causing information\n disclosure.\n\n This issue could potentially affect Linux machines\n with samba shares enabled. (CVE-2012-1945)\n\n *\n\n MFSA 2012-38 Security researcher Arthur Gerkis used\n the Address Sanitizer tool to find a use-after-free while\n replacing/inserting a node in a document. This\n use-after-free could possibly allow for remote code\n execution. (CVE-2012-1946)\n\n *\n\n MFSA 2012-39 Security researcher Kaspar Brand found a\n flaw in how the Network Security Services (NSS) ASN.1\n decoder handles zero length items. Effects of this issue\n depend on the field. One known symptom is an unexploitable\n crash in handling OCSP responses. NSS also mishandles\n zero-length basic constraints, assuming default values for\n some types that should be rejected as malformed. These\n issues have been addressed in NSS 3.13.4, which is now\n being used by Mozilla. (CVE-2012-0441)\n\n *\n\n MFSA 2012-40 Security researcher Abhishek Arya of\n Google used the Address Sanitizer tool to uncover several\n issues: two heap buffer overflow bugs and a use-after-free\n problem. The first heap buffer overflow was found in\n conversion from unicode to native character sets when the\n function fails. The use-after-free occurs in nsFrameList\n when working with column layout with absolute positioning\n in a container that changes size. The second buffer\n overflow occurs in nsHTMLReflowState when a window is\n resized on a page with nested columns and a combination of\n absolute and relative positioning. All three of these\n issues are potentially exploitable.\n\n Heap-buffer-overflow in utf16_to_isolatin1\n (CVE-2012-1947) Heap-use-after-free in\n nsFrameList::FirstChild (CVE-2012-1940)\n\n Heap-buffer-overflow in\n nsHTMLReflowState::CalculateHypotheticalBox, with nested\n multi-column, relative position, and absolute position\n (CVE-2012-1941)\n\n More information on security issues can be found on:\n <a rel=\"nofollow\" href=\"http://www.mozilla.org/security/announce/\">http://www.mozilla.org/security/announce/</a>\n <<a rel=\"nofollow\" href=\"http://www.mozilla.org/security/announce/\">http://www.mozilla.org/security/announce/</a>>\n\n", "edition": 1, "modified": "2012-06-15T22:08:23", "published": "2012-06-15T22:08:23", "id": "SUSE-SU-2012:0746-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html", "type": "suse", "title": "Security update for Mozilla Firefox (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:08:46", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937"], "description": "Changes in MozillaFirefox:\n - update to Firefox 13.0 (bnc#765204)\n * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101\n Miscellaneous memory safety hazards\n * MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content\n Security Policy inline-script bypass\n * MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information\n disclosure though Windows file shares and shortcut files\n * MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free\n while replacing/inserting a node in a document\n * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941\n Buffer overflow and use-after-free issues found using\n Address Sanitizer\n - require NSS 3.13.4\n * MFSA 2012-39/CVE-2012-0441 (bmo#715073)\n - fix sound notifications when filename/path contains a\n whitespace (bmo#749739)\n\n - fix build on arm\n\n - reenabled crashreporter for Factory/12.2 (fix in\n mozilla-gcc47.patch)\n\n Changes in MozillaThunderbird:\n - update to Thunderbird 13.0 (bnc#765204)\n * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101\n Miscellaneous memory safety hazards\n * MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content\n Security Policy inline-script bypass\n * MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information\n disclosure though Windows file shares and shortcut files\n * MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free\n while replacing/inserting a node in a document\n * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941\n Buffer overflow and use-after-free issues found using\n Address Sanitizer\n - require NSS 3.13.4\n * MFSA 2012-39/CVE-2012-0441 (bmo#715073)\n - fix build with system NSPR (mozilla-system-nspr.patch)\n - add dependentlibs.list for improved XRE startup\n - update enigmail to 1.4.2\n\n - reenabled crashreporter for Factory/12.2 (fix in\n mozilla-gcc47.patch)\n\n - update to Thunderbird 12.0.1\n * fix regressions\n - POP3 filters (bmo#748090)\n - Message Body not loaded when using "Fetch Headers\n Only" (bmo#748865)\n - Received messages contain parts of other messages\n with movemail account (bmo#748726)\n - New mail notification issue (bmo#748997)\n - crash in nsMsgDatabase::MatchDbName (bmo#748432)\n\n - fixed build with gcc 4.7\n\n Changes in seamonkey:\n - update to Seamonkey 2.10 (bnc#765204)\n * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101\n Miscellaneous memory safety hazards\n * MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content\n Security Policy inline-script bypass\n * MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information\n disclosure though Windows file shares and shortcut files\n * MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free\n while replacing/inserting a node in a document\n * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941\n Buffer overflow and use-after-free issues found using\n Address Sanitizer\n - requires NSS 3.13.4\n * MFSA 2012-39/CVE-2012-0441 (bmo#715073)\n\n - update to Seamonkey 2.9.1\n * fix regressions\n - POP3 filters (bmo#748090)\n - Message Body not loaded when using "Fetch Headers\n Only" (bmo#748865)\n - Received messages contain parts of other messages\n with movemail account (bmo#748726)\n - New mail notification issue (bmo#748997)\n - crash in nsMsgDatabase::MatchDbName (bmo#748432)\n\n - fixed build with gcc 4.7\n\n Changes in mozilla-nss:\n - update to 3.13.5 RTM\n\n - update to 3.13.4 RTM\n * fixed some bugs\n * fixed cert verification regression in PKIX mode\n (bmo#737802) introduced in 3.13.2\n\n Changes in xulrunner:\n - update to 13.0 (bnc#765204)\n * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101\n Miscellaneous memory safety hazards\n * MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content\n Security Policy inline-script bypass\n * MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information\n disclosure though Windows file shares and shortcut files\n * MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free\n while replacing/inserting a node in a document\n * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941\n Buffer overflow and use-after-free issues found using\n Address Sanitizer\n - require NSS 3.13.4\n * MFSA 2012-39/CVE-2012-0441 (bmo#715073)\n - reenabled crashreporter for Factory/12.2 (fixed in\n mozilla-gcc47.patch)\n\n", "edition": 1, "modified": "2012-06-19T12:08:31", "published": "2012-06-19T12:08:31", "id": "OPENSUSE-SU-2012:0760-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html", "title": "MozillaFirefox, MozillaThunderbird, mozilla-nss, seamonkey, xulrunner: June (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-20T14:42:42", "description": "MozillaFirefox has been updated to 10.0.5ESR fixing various bugs and\nsecurity issues.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2012-34)\n\n In general these flaws cannot be exploited through email\n in the Thunderbird and SeaMonkey products because\n scripting is disabled, but are potentially a risk in\n browser or browser-like contexts in those products.\n References\n\n Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian\n Holler, Andrew McCreight, and Brian Bondy reported\n memory safety problems and crashes that affect Firefox\n 12. (CVE-2012-1938)\n\n Christian Holler reported a memory safety problem that\n affects Firefox ESR. (CVE-2012-1939)\n\n Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse\n Ruderman reported memory safety problems and crashes\n that affect Firefox ESR and Firefox 13. (CVE-2012-1937)\n\n Ken Russell of Google reported a bug in NVIDIA graphics\n drivers that they needed to work around in the Chromium\n WebGL implementation. Mozilla has done the same in\n Firefox 13 and ESR 10.0.5. (CVE-2011-3101)\n\n - Security researcher James Forshaw of Context Information\n Security found two issues with the Mozilla updater and\n the Mozilla updater service introduced in Firefox 12 for\n Windows. The first issue allows Mozilla's updater to\n load a local DLL file in a privileged context. The\n updater can be called by the Updater Service or\n independently on systems that do not use the service.\n The second of these issues allows for the updater\n service to load an arbitrary local DLL file, which can\n then be run with the same system privileges used by the\n service. Both of these issues require local file system\n access to be exploitable. (MFSA 2012-35)\n\n Possible Arbitrary Code Execution by Update Service\n (CVE-2012-1942) Updater.exe loads wsock32.dll from\n application directory. (CVE-2012-1943)\n\n - Security researcher Adam Barth found that inline event\n handlers, such as onclick, were no longer blocked by\n Content Security Policy's (CSP) inline-script blocking\n feature. Web applications relying on this feature of CSP\n to protect against cross-site scripting (XSS) were not\n fully protected. (CVE-2012-1944). (MFSA 2012-36)\n\n - Security researcher Paul Stone reported an attack where\n an HTML page hosted on a Windows share and then loaded\n could then load Windows shortcut files (.lnk) in the\n same share. These shortcut files could then link to\n arbitrary locations on the local file system of the\n individual loading the HTML page. That page could show\n the contents of these linked files or directories from\n the local file system in an iframe, causing information\n disclosure. (MFSA 2012-37)\n\n This issue could potentially affect Linux machines with\n samba shares enabled. (CVE-2012-1945)\n\n - Security researcher Arthur Gerkis used the Address\n Sanitizer tool to find a use-after-free while\n replacing/inserting a node in a document. This\n use-after-free could possibly allow for remote code\n execution. (CVE-2012-1946). (MFSA 2012-38)\n\n - Security researcher Kaspar Brand found a flaw in how the\n Network Security Services (NSS) ASN.1 decoder handles\n zero length items. Effects of this issue depend on the\n field. One known symptom is an unexploitable crash in\n handling OCSP responses. NSS also mishandles zero-length\n basic constraints, assuming default values for some\n types that should be rejected as malformed. These issues\n have been addressed in NSS 3.13.4, which is now being\n used by Mozilla. (CVE-2012-0441). (MFSA 2012-39)\n\n - Security researcher Abhishek Arya of Google used the\n Address Sanitizer tool to uncover several issues: two\n heap buffer overflow bugs and a use-after-free problem.\n The first heap buffer overflow was found in conversion\n from unicode to native character sets when the function\n fails. The use-after-free occurs in nsFrameList when\n working with column layout with absolute positioning in\n a container that changes size. The second buffer\n overflow occurs in nsHTMLReflowState when a window is\n resized on a page with nested columns and a combination\n of absolute and relative positioning. All three of these\n issues are potentially exploitable. (MFSA 2012-40)\n\n Heap-buffer-overflow in utf16_to_isolatin1\n (CVE-2012-1947) Heap-use-after-free in\n nsFrameList::FirstChild. (CVE-2012-1940)\n\n Heap-buffer-overflow in\n nsHTMLReflowState::CalculateHypotheticalBox, with nested\n multi-column, relative position, and absolute position.\n (CVE-2012-1941)\n\nMore information on security issues can be found on:\nhttp://www.mozilla.org/security/announce/", "edition": 18, "published": "2012-06-15T00:00:00", "title": "SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8189)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-1942", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937", "CVE-2012-1943"], "modified": "2012-06-15T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_MOZILLAFIREFOX-8189.NASL", "href": "https://www.tenable.com/plugins/nessus/59520", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59520);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3101\", \"CVE-2012-0441\", \"CVE-2012-1937\", \"CVE-2012-1938\", \"CVE-2012-1939\", \"CVE-2012-1940\", \"CVE-2012-1941\", \"CVE-2012-1942\", \"CVE-2012-1943\", \"CVE-2012-1944\", \"CVE-2012-1945\", \"CVE-2012-1946\", \"CVE-2012-1947\");\n\n script_name(english:\"SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8189)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MozillaFirefox has been updated to 10.0.5ESR fixing various bugs and\nsecurity issues.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2012-34)\n\n In general these flaws cannot be exploited through email\n in the Thunderbird and SeaMonkey products because\n scripting is disabled, but are potentially a risk in\n browser or browser-like contexts in those products.\n References\n\n Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian\n Holler, Andrew McCreight, and Brian Bondy reported\n memory safety problems and crashes that affect Firefox\n 12. (CVE-2012-1938)\n\n Christian Holler reported a memory safety problem that\n affects Firefox ESR. (CVE-2012-1939)\n\n Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse\n Ruderman reported memory safety problems and crashes\n that affect Firefox ESR and Firefox 13. (CVE-2012-1937)\n\n Ken Russell of Google reported a bug in NVIDIA graphics\n drivers that they needed to work around in the Chromium\n WebGL implementation. Mozilla has done the same in\n Firefox 13 and ESR 10.0.5. (CVE-2011-3101)\n\n - Security researcher James Forshaw of Context Information\n Security found two issues with the Mozilla updater and\n the Mozilla updater service introduced in Firefox 12 for\n Windows. The first issue allows Mozilla's updater to\n load a local DLL file in a privileged context. The\n updater can be called by the Updater Service or\n independently on systems that do not use the service.\n The second of these issues allows for the updater\n service to load an arbitrary local DLL file, which can\n then be run with the same system privileges used by the\n service. Both of these issues require local file system\n access to be exploitable. (MFSA 2012-35)\n\n Possible Arbitrary Code Execution by Update Service\n (CVE-2012-1942) Updater.exe loads wsock32.dll from\n application directory. (CVE-2012-1943)\n\n - Security researcher Adam Barth found that inline event\n handlers, such as onclick, were no longer blocked by\n Content Security Policy's (CSP) inline-script blocking\n feature. Web applications relying on this feature of CSP\n to protect against cross-site scripting (XSS) were not\n fully protected. (CVE-2012-1944). (MFSA 2012-36)\n\n - Security researcher Paul Stone reported an attack where\n an HTML page hosted on a Windows share and then loaded\n could then load Windows shortcut files (.lnk) in the\n same share. These shortcut files could then link to\n arbitrary locations on the local file system of the\n individual loading the HTML page. That page could show\n the contents of these linked files or directories from\n the local file system in an iframe, causing information\n disclosure. (MFSA 2012-37)\n\n This issue could potentially affect Linux machines with\n samba shares enabled. (CVE-2012-1945)\n\n - Security researcher Arthur Gerkis used the Address\n Sanitizer tool to find a use-after-free while\n replacing/inserting a node in a document. This\n use-after-free could possibly allow for remote code\n execution. (CVE-2012-1946). (MFSA 2012-38)\n\n - Security researcher Kaspar Brand found a flaw in how the\n Network Security Services (NSS) ASN.1 decoder handles\n zero length items. Effects of this issue depend on the\n field. One known symptom is an unexploitable crash in\n handling OCSP responses. NSS also mishandles zero-length\n basic constraints, assuming default values for some\n types that should be rejected as malformed. These issues\n have been addressed in NSS 3.13.4, which is now being\n used by Mozilla. (CVE-2012-0441). (MFSA 2012-39)\n\n - Security researcher Abhishek Arya of Google used the\n Address Sanitizer tool to uncover several issues: two\n heap buffer overflow bugs and a use-after-free problem.\n The first heap buffer overflow was found in conversion\n from unicode to native character sets when the function\n fails. The use-after-free occurs in nsFrameList when\n working with column layout with absolute positioning in\n a container that changes size. The second buffer\n overflow occurs in nsHTMLReflowState when a window is\n resized on a page with nested columns and a combination\n of absolute and relative positioning. All three of these\n issues are potentially exploitable. (MFSA 2012-40)\n\n Heap-buffer-overflow in utf16_to_isolatin1\n (CVE-2012-1947) Heap-use-after-free in\n nsFrameList::FirstChild. (CVE-2012-1940)\n\n Heap-buffer-overflow in\n nsHTMLReflowState::CalculateHypotheticalBox, with nested\n multi-column, relative position, and absolute position.\n (CVE-2012-1941)\n\nMore information on security issues can be found on:\nhttp://www.mozilla.org/security/announce/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-34.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-34/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-35.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-35/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-36.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-36/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-37.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-37/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-38.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-38/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-39.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-39/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-40.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-40/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3101.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0441.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1937.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1938.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1939.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1940.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1941.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1942.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1943.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1944.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1945.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1946.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1947.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8189.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"MozillaFirefox-10.0.5-0.8.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"MozillaFirefox-translations-10.0.5-0.8.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"mozilla-nspr-4.9.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"mozilla-nspr-devel-4.9.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"mozilla-nss-3.13.5-0.7.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"mozilla-nss-devel-3.13.5-0.7.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"mozilla-nss-tools-3.13.5-0.7.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.13.5-0.7.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"MozillaFirefox-10.0.5-0.8.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"MozillaFirefox-translations-10.0.5-0.8.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"mozilla-nspr-4.9.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"mozilla-nspr-devel-4.9.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"mozilla-nss-3.13.5-0.7.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"mozilla-nss-devel-3.13.5-0.7.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"mozilla-nss-tools-3.13.5-0.7.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.13.5-0.7.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:53:46", "description": "Security issues were identified and fixed in mozilla firefox and\nthunderbird :\n\nHeap-based buffer overflow in the utf16_to_isolatin1 function in\nMozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,\nThunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and\nSeaMonkey before 2.10 allows remote attackers to execute arbitrary\ncode via vectors that trigger a character-set conversion failure\n(CVE-2012-1947)\n\nUse-after-free vulnerability in the nsFrameList::FirstChild function\nin Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,\nThunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and\nSeaMonkey before 2.10 allows remote attackers to execute arbitrary\ncode or cause a denial of service (heap memory corruption and\napplication crash) by changing the size of a container of absolutely\npositioned elements in a column (CVE-2012-1940).\n\nHeap-based buffer overflow in the\nnsHTMLReflowState::CalculateHypotheticalBox function in Mozilla\nFirefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird\n5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey\nbefore 2.10 allows remote attackers to execute arbitrary code by\nresizing a window displaying absolutely positioned and relatively\npositioned elements in nested columns (CVE-2012-1941).\n\nUse-after-free vulnerability in the nsINode::ReplaceOrInsertBefore\nfunction in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before\n10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before\n10.0.5, and SeaMonkey before 2.10 might allow remote attackers to\nexecute arbitrary code via document changes involving replacement or\ninsertion of a node (CVE-2012-1946).\n\nMozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,\nThunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and\nSeaMonkey before 2.10 allow local users to obtain sensitive\ninformation via an HTML document that loads a shortcut (aka .lnk) file\nfor display within an IFRAME element, as demonstrated by a network\nshare implemented by (1) Microsoft Windows or (2) Samba\n(CVE-2012-1945).\n\nThe Content Security Policy (CSP) implementation in Mozilla Firefox\n4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0\nthrough 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before\n2.10 does not block inline event handlers, which makes it easier for\nremote attackers to conduct cross-site scripting (XSS) attacks via a\ncrafted HTML document (CVE-2012-1944).\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla\nFirefox before 13.0, Thunderbird before 13.0, and SeaMonkey before\n2.10 allow remote attackers to cause a denial of service (memory\ncorruption and application crash) or possibly execute arbitrary code\nvia vectors related to (1) methodjit/ImmutableSync.cpp, (2) the\nJSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and\nunknown other components (CVE-2012-1938).\n\njsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird\nESR 10.x before 10.0.5 does not properly determine data types, which\nallows remote attackers to cause a denial of service (memory\ncorruption and application crash) or possibly execute arbitrary code\nvia crafted JavaScript code (CVE-2012-1939).\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla\nFirefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird\n5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey\nbefore 2.10 allow remote attackers to cause a denial of service\n(memory corruption and application crash) or possibly execute\narbitrary code via unknown vectors (CVE-2012-1937).\n\nKen Russell of Google reported a bug in NVIDIA graphics drivers that\nthey needed to work around in the Chromium WebGL implementation.\nMozilla has done the same in Firefox 13 and ESR 10.0.5\n(CVE-2011-3101).\n\nThe ASN.1 decoder in the QuickDER decoder in Mozilla Network Security\nServices (NSS) before 3.13.4, as used in Firefox 4.x through 12.0,\nFirefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0,\nThunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows\nremote attackers to cause a denial of service (application crash) via\na zero-length item, as demonstrated by (1) a zero-length basic\nconstraint or (2) a zero-length field in an OCSP response\n(CVE-2012-0441). NOTE: This flaw was addressed earlier with the\nMDVA-2012:036 advisory.\n\nThe mozilla firefox and thunderbird packages has been upgraded to the\nlatest respective versions which is unaffected by these security\nflaws.\n\nAdditionally the NSPR and the NSS packages has been upgraded to the\nlatest versions which resolves various upstream bugs.", "edition": 25, "published": "2012-06-25T00:00:00", "title": "Mandriva Linux Security Advisory : mozilla (MDVSA-2012:088-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937"], "modified": "2012-06-25T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libnss-static-devel", "p-cpe:/a:mandriva:linux:firefox-br", "p-cpe:/a:mandriva:linux:firefox-en_ZA", "p-cpe:/a:mandriva:linux:firefox-zh_CN", "p-cpe:/a:mandriva:linux:libnspr4", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-bn_BD", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-tr", "p-cpe:/a:mandriva:linux:firefox-gd", "p-cpe:/a:mandriva:linux:libxulrunner-devel", "cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:firefox-sv_SE", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-el", "p-cpe:/a:mandriva:linux:firefox-fa", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-sv_SE", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-nl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-da", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-lt", "p-cpe:/a:mandriva:linux:firefox-sk", "p-cpe:/a:mandriva:linux:nsinstall", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-vi", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-sl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-id", "p-cpe:/a:mandriva:linux:lib64nspr-devel", "p-cpe:/a:mandriva:linux:firefox-eu", "p-cpe:/a:mandriva:linux:firefox-oc", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ru", "p-cpe:/a:mandriva:linux:firefox-de", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_ES", "p-cpe:/a:mandriva:linux:firefox-id", "p-cpe:/a:mandriva:linux:firefox", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_TW", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ja", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ta_LK", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_BR", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-de", "p-cpe:/a:mandriva:linux:lib64xulrunner10.0.5", "p-cpe:/a:mandriva:linux:firefox-sl", "p-cpe:/a:mandriva:linux:firefox-es_ES", "p-cpe:/a:mandriva:linux:firefox-ta", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-el", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-br", "p-cpe:/a:mandriva:linux:firefox-el", "p-cpe:/a:mandriva:linux:icedtea-web", "p-cpe:/a:mandriva:linux:lib64xulrunner-devel", "p-cpe:/a:mandriva:linux:xulrunner", "p-cpe:/a:mandriva:linux:firefox-bn_BD", "p-cpe:/a:mandriva:linux:firefox-nso", "p-cpe:/a:mandriva:linux:firefox-gl", "p-cpe:/a:mandriva:linux:firefox-fi", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-fy", "p-cpe:/a:mandriva:linux:firefox-be", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sl", "p-cpe:/a:mandriva:linux:firefox-af", "p-cpe:/a:mandriva:linux:lib64xulrunner13.0", "p-cpe:/a:mandriva:linux:libnspr-devel", "p-cpe:/a:mandriva:linux:firefox-ja", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-pl", "p-cpe:/a:mandriva:linux:libnss-devel", "p-cpe:/a:mandriva:linux:firefox-ku", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ar", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sv", "p-cpe:/a:mandriva:linux:firefox-is", "p-cpe:/a:mandriva:linux:firefox-lv", "p-cpe:/a:mandriva:linux:lib64nspr4", "p-cpe:/a:mandriva:linux:firefox-pa_IN", "p-cpe:/a:mandriva:linux:firefox-vi", "p-cpe:/a:mandriva:linux:firefox-tr", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-it", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-eu", "p-cpe:/a:mandriva:linux:lib64nss-devel", "p-cpe:/a:mandriva:linux:firefox-ga_IE", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ga", "p-cpe:/a:mandriva:linux:firefox-nl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-gd", "p-cpe:/a:mandriva:linux:firefox-lt", "p-cpe:/a:mandriva:linux:lib64nss3", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-bg", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ca", "p-cpe:/a:mandriva:linux:firefox-ro", "p-cpe:/a:mandriva:linux:firefox-bn_IN", "p-cpe:/a:mandriva:linux:firefox-it", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nb", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-sq", "p-cpe:/a:mandriva:linux:lib64nss-static-devel", "p-cpe:/a:mandriva:linux:firefox-fy", "p-cpe:/a:mandriva:linux:firefox-es_AR", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-cs", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_CN", "p-cpe:/a:mandriva:linux:icedtea-web-javadoc", "p-cpe:/a:mandriva:linux:firefox-bn", "p-cpe:/a:mandriva:linux:firefox-sq", "p-cpe:/a:mandriva:linux:firefox-ka", "p-cpe:/a:mandriva:linux:firefox-ru", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ko", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-fr", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ru", "p-cpe:/a:mandriva:linux:firefox-zu", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fi", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-en_GB", "p-cpe:/a:mandriva:linux:firefox-fr", "p-cpe:/a:mandriva:linux:firefox-zh_TW", "p-cpe:/a:mandriva:linux:firefox-bs", "p-cpe:/a:mandriva:linux:firefox-kk", "p-cpe:/a:mandriva:linux:firefox-te", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:nss", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-fi", "p-cpe:/a:mandriva:linux:firefox-eo", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_PT", "p-cpe:/a:mandriva:linux:firefox-mk", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_AR", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-gl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-tr", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-is", "p-cpe:/a:mandriva:linux:firefox-ca", "p-cpe:/a:mandriva:linux:firefox-bg", "p-cpe:/a:mandriva:linux:firefox-et", "p-cpe:/a:mandriva:linux:firefox-lg", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ro", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-uk", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pl", "p-cpe:/a:mandriva:linux:firefox-or", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-it", "p-cpe:/a:mandriva:linux:firefox-si", "p-cpe:/a:mandriva:linux:firefox-pt_PT", "p-cpe:/a:mandriva:linux:firefox-ast", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ko", "p-cpe:/a:mandriva:linux:libnss3", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-lightning", "p-cpe:/a:mandriva:linux:firefox-cy", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-he", "p-cpe:/a:mandriva:linux:firefox-ko", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_CN", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ja", "p-cpe:/a:mandriva:linux:firefox-nb_NO", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-de", "p-cpe:/a:mandriva:linux:firefox-uk", "p-cpe:/a:mandriva:linux:firefox-hy", "p-cpe:/a:mandriva:linux:firefox-kn", "p-cpe:/a:mandriva:linux:firefox-devel", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-nb_NO", "p-cpe:/a:mandriva:linux:mozilla-thunderbird", "p-cpe:/a:mandriva:linux:firefox-mai", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fr", "p-cpe:/a:mandriva:linux:firefox-ar", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-si", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-vi", "p-cpe:/a:mandriva:linux:firefox-nn_NO", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-hu", "p-cpe:/a:mandriva:linux:firefox-pt_BR", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-be", "p-cpe:/a:mandriva:linux:firefox-da", "p-cpe:/a:mandriva:linux:firefox-hu", "p-cpe:/a:mandriva:linux:firefox-sr", "p-cpe:/a:mandriva:linux:firefox-pl", "p-cpe:/a:mandriva:linux:firefox-es_CL", "p-cpe:/a:mandriva:linux:firefox-gu_IN", "p-cpe:/a:mandriva:linux:firefox-cs", "p-cpe:/a:mandriva:linux:firefox-ta_LK", "p-cpe:/a:mandriva:linux:firefox-ml", "p-cpe:/a:mandriva:linux:libxulrunner13.0", "p-cpe:/a:mandriva:linux:firefox-hi", "p-cpe:/a:mandriva:linux:firefox-es_MX", "p-cpe:/a:mandriva:linux:firefox-th", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-et", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nl", "p-cpe:/a:mandriva:linux:firefox-hr", "p-cpe:/a:mandriva:linux:firefox-en_GB", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt_BR", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-nn_NO", "p-cpe:/a:mandriva:linux:firefox-mr", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_TW", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ar", "p-cpe:/a:mandriva:linux:firefox-he", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ca", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-sk", "p-cpe:/a:mandriva:linux:libxulrunner10.0.5", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-cs"], "id": "MANDRIVA_MDVSA-2012-088.NASL", "href": "https://www.tenable.com/plugins/nessus/59681", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:088. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59681);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2011-3101\",\n \"CVE-2012-0441\",\n \"CVE-2012-1937\",\n \"CVE-2012-1938\",\n \"CVE-2012-1939\",\n \"CVE-2012-1940\",\n \"CVE-2012-1941\",\n \"CVE-2012-1944\",\n \"CVE-2012-1945\",\n \"CVE-2012-1946\",\n \"CVE-2012-1947\"\n );\n script_bugtraq_id(\n 53540,\n 53791,\n 53792,\n 53793,\n 53794,\n 53796,\n 53797,\n 53798,\n 53799,\n 53800,\n 53801,\n 53808\n );\n script_xref(name:\"MDVSA\", value:\"2012:088\");\n script_xref(name:\"MDVSA\", value:\"2012:088-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : mozilla (MDVSA-2012:088-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security issues were identified and fixed in mozilla firefox and\nthunderbird :\n\nHeap-based buffer overflow in the utf16_to_isolatin1 function in\nMozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,\nThunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and\nSeaMonkey before 2.10 allows remote attackers to execute arbitrary\ncode via vectors that trigger a character-set conversion failure\n(CVE-2012-1947)\n\nUse-after-free vulnerability in the nsFrameList::FirstChild function\nin Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,\nThunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and\nSeaMonkey before 2.10 allows remote attackers to execute arbitrary\ncode or cause a denial of service (heap memory corruption and\napplication crash) by changing the size of a container of absolutely\npositioned elements in a column (CVE-2012-1940).\n\nHeap-based buffer overflow in the\nnsHTMLReflowState::CalculateHypotheticalBox function in Mozilla\nFirefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird\n5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey\nbefore 2.10 allows remote attackers to execute arbitrary code by\nresizing a window displaying absolutely positioned and relatively\npositioned elements in nested columns (CVE-2012-1941).\n\nUse-after-free vulnerability in the nsINode::ReplaceOrInsertBefore\nfunction in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before\n10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before\n10.0.5, and SeaMonkey before 2.10 might allow remote attackers to\nexecute arbitrary code via document changes involving replacement or\ninsertion of a node (CVE-2012-1946).\n\nMozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,\nThunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and\nSeaMonkey before 2.10 allow local users to obtain sensitive\ninformation via an HTML document that loads a shortcut (aka .lnk) file\nfor display within an IFRAME element, as demonstrated by a network\nshare implemented by (1) Microsoft Windows or (2) Samba\n(CVE-2012-1945).\n\nThe Content Security Policy (CSP) implementation in Mozilla Firefox\n4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0\nthrough 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before\n2.10 does not block inline event handlers, which makes it easier for\nremote attackers to conduct cross-site scripting (XSS) attacks via a\ncrafted HTML document (CVE-2012-1944).\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla\nFirefox before 13.0, Thunderbird before 13.0, and SeaMonkey before\n2.10 allow remote attackers to cause a denial of service (memory\ncorruption and application crash) or possibly execute arbitrary code\nvia vectors related to (1) methodjit/ImmutableSync.cpp, (2) the\nJSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and\nunknown other components (CVE-2012-1938).\n\njsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird\nESR 10.x before 10.0.5 does not properly determine data types, which\nallows remote attackers to cause a denial of service (memory\ncorruption and application crash) or possibly execute arbitrary code\nvia crafted JavaScript code (CVE-2012-1939).\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla\nFirefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird\n5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey\nbefore 2.10 allow remote attackers to cause a denial of service\n(memory corruption and application crash) or possibly execute\narbitrary code via unknown vectors (CVE-2012-1937).\n\nKen Russell of Google reported a bug in NVIDIA graphics drivers that\nthey needed to work around in the Chromium WebGL implementation.\nMozilla has done the same in Firefox 13 and ESR 10.0.5\n(CVE-2011-3101).\n\nThe ASN.1 decoder in the QuickDER decoder in Mozilla Network Security\nServices (NSS) before 3.13.4, as used in Firefox 4.x through 12.0,\nFirefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0,\nThunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows\nremote attackers to cause a denial of service (application crash) via\na zero-length item, as demonstrated by (1) a zero-length basic\nconstraint or (2) a zero-length field in an OCSP response\n(CVE-2012-0441). NOTE: This flaw was addressed earlier with the\nMDVA-2012:036 advisory.\n\nThe mozilla firefox and thunderbird packages has been upgraded to the\nlatest respective versions which is unaffected by these security\nflaws.\n\nAdditionally the NSPR and the NSS packages has been upgraded to the\nlatest versions which resolves various upstream bugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-34.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-36.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-37.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-38.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-39.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-40.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bn_BD\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bn_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-en_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-en_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_AR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_CL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_MX\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ga_IE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-gu_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-lg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nb_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nn_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-oc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pa_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pt_PT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sv_SE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ta_LK\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-zu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:icedtea-web-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nspr4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nss-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nss3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xulrunner10.0.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xulrunner13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnspr4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnss-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnss3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxulrunner10.0.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxulrunner13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-bn_BD\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-en_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_AR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-lightning\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nb_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nn_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_PT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sv_SE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ta_LK\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nsinstall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-af-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ar-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-be-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-bg-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-bn-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ca-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-cs-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-cy-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-da-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-de-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-devel-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-el-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-en_GB-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-eo-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-es_AR-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-es_ES-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-et-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-eu-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-fi-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-fr-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-fy-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ga_IE-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-gl-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-gu_IN-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-he-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-hi-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-hu-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-id-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-is-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-it-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ja-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ka-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-kn-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ko-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ku-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-lt-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-lv-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-mk-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-mr-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-nb_NO-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-nl-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-nn_NO-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-oc-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-pa_IN-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-pl-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-pt_BR-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-pt_PT-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ro-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ru-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-si-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-sk-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-sl-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-sq-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-sr-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-sv_SE-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-te-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-th-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-tr-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-uk-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-zh_CN-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-zh_TW-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"icedtea-web-1.1.5-0.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"icedtea-web-javadoc-1.1.5-0.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64nspr-devel-4.9.1-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64nspr4-4.9.1-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64nss-devel-3.13.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64nss-static-devel-3.13.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64nss3-3.13.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64xulrunner-devel-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64xulrunner10.0.5-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libnspr-devel-4.9.1-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libnspr4-4.9.1-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libnss-devel-3.13.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libnss-static-devel-3.13.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libnss3-3.13.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libxulrunner-devel-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libxulrunner10.0.5-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ar-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-be-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-bg-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-bn_BD-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-br-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ca-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-cs-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-da-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-de-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-el-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-en_GB-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-ar-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-ca-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-cs-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-de-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-el-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-es-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-fi-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-fr-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-it-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-ja-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-ko-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-nb-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-nl-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-pl-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-pt-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-pt_BR-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-ru-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-sl-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-sv-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-tr-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-vi-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-zh_CN-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-zh_TW-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-es_AR-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-es_ES-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-et-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-eu-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-fi-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-fr-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-fy-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ga-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-gd-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-gl-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-he-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-hu-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-id-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-is-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-it-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ja-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ko-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-lightning-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-lt-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-nb_NO-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-nl-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-nn_NO-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-pl-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-pt_BR-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-pt_PT-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ro-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ru-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-si-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-sk-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-sl-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-sq-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-sv_SE-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ta_LK-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-tr-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-uk-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-vi-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-zh_CN-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-zh_TW-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"nsinstall-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"nss-3.13.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"xulrunner-10.0.5-0.1mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-af-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ar-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ast-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-be-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-bg-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-bn_BD-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-bn_IN-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-br-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-bs-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ca-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-cs-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-cy-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-da-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-de-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-devel-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-el-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-en_GB-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-en_ZA-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-eo-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-es_AR-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-es_CL-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-es_ES-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-es_MX-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-et-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-eu-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-fa-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-fi-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-fr-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-fy-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ga_IE-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-gd-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-gl-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-gu_IN-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-he-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-hi-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-hr-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-hu-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-hy-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-id-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-is-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-it-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ja-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-kk-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-kn-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ko-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ku-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-lg-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-lt-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-lv-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-mai-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-mk-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ml-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-mr-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-nb_NO-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-nl-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-nn_NO-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-nso-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-or-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-pa_IN-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-pl-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-pt_BR-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-pt_PT-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ro-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ru-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-si-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-sk-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-sl-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-sq-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-sr-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-sv_SE-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ta-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ta_LK-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-te-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-th-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-tr-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-uk-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-vi-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-zh_CN-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-zh_TW-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-zu-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"icedtea-web-1.1.5-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"icedtea-web-javadoc-1.1.5-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64nspr-devel-4.9.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64nspr4-4.9.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64nss-devel-3.13.5-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64nss-static-devel-3.13.5-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64nss3-3.13.5-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64xulrunner-devel-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64xulrunner13.0-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libnspr-devel-4.9.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libnspr4-4.9.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libnss-devel-3.13.5-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libnss-static-devel-3.13.5-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libnss3-3.13.5-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libxulrunner-devel-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libxulrunner13.0-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-ar-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-be-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-bg-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-bn_BD-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-br-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-ca-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-cs-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-da-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-de-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-el-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-en_GB-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-ar-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-ca-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-cs-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-de-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-el-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-es-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-fi-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-fr-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-it-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-ja-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-ko-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-nb-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-nl-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-pl-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-pt-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-pt_BR-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-ru-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-sl-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-sv-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-tr-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-vi-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-zh_CN-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-enigmail-zh_TW-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-es_AR-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-es_ES-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-et-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-eu-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-fi-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-fr-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-fy-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-ga-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-gd-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-gl-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-he-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-hu-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-id-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-is-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-it-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-ja-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-ko-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-lightning-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-lt-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-nb_NO-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-nl-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-nn_NO-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-pl-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-pt_BR-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-pt_PT-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-ro-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-ru-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-si-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-sk-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-sl-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-sq-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-sv_SE-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-ta_LK-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-tr-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-uk-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-vi-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-zh_CN-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mozilla-thunderbird-zh_TW-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"nsinstall-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"nss-3.13.5-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"xulrunner-13.0-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:49:41", "description": "The Mozilla Project reports :\n\nMFSA 2012-34 Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5)\n\nMFSA 2012-36 Content Security Policy inline-script bypass\n\nMFSA 2012-37 Information disclosure though Windows file shares and\nshortcut files\n\nMFSA 2012-38 Use-after-free while replacing/inserting a node in a\ndocument\n\nMFSA 2012-39 NSS parsing errors with zero length items\n\nMFSA 2012-40 Buffer overflow and use-after-free issues found using\nAddress Sanitizer", "edition": 22, "published": "2012-06-06T00:00:00", "title": "FreeBSD : mozilla -- multiple vulnerabilities (bfecf7c1-af47-11e1-9580-4061862b8c22)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937"], "modified": "2012-06-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-thunderbird", "p-cpe:/a:freebsd:freebsd:linux-firefox", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:libxul", "p-cpe:/a:freebsd:freebsd:seamonkey", "p-cpe:/a:freebsd:freebsd:linux-seamonkey", "p-cpe:/a:freebsd:freebsd:firefox", "p-cpe:/a:freebsd:freebsd:thunderbird"], "id": "FREEBSD_PKG_BFECF7C1AF4711E195804061862B8C22.NASL", "href": "https://www.tenable.com/plugins/nessus/59381", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59381);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-3101\", \"CVE-2012-0441\", \"CVE-2012-1937\", \"CVE-2012-1938\", \"CVE-2012-1939\", \"CVE-2012-1940\", \"CVE-2012-1941\", \"CVE-2012-1944\", \"CVE-2012-1945\", \"CVE-2012-1946\", \"CVE-2012-1947\");\n\n script_name(english:\"FreeBSD : mozilla -- multiple vulnerabilities (bfecf7c1-af47-11e1-9580-4061862b8c22)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla Project reports :\n\nMFSA 2012-34 Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5)\n\nMFSA 2012-36 Content Security Policy inline-script bypass\n\nMFSA 2012-37 Information disclosure though Windows file shares and\nshortcut files\n\nMFSA 2012-38 Use-after-free while replacing/inserting a node in a\ndocument\n\nMFSA 2012-39 NSS parsing errors with zero length items\n\nMFSA 2012-40 Buffer overflow and use-after-free issues found using\nAddress Sanitizer\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/known-vulnerabilities/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-34.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-34/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-36.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-36/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-37.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-37/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-38.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-38/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-39.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-39/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-40.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-40/\"\n );\n # https://vuxml.freebsd.org/freebsd/bfecf7c1-af47-11e1-9580-4061862b8c22.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c5e22f18\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxul\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox>11.0,1<13.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"firefox<10.0.5,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<10.0.5,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey<2.10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-thunderbird<10.0.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<2.10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird>11.0<13.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<10.0.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libxul>1.9.2.*<10.0.5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:46:37", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938,\nCVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946,\nCVE-2012-1947)\n\nNote: CVE-2011-3101 only affected users of certain NVIDIA display\ndrivers with graphics cards that have hardware acceleration enabled.\n\nIt was found that the Content Security Policy (CSP) implementation in\nFirefox no longer blocked Firefox inline event handlers. A remote\nattacker could use this flaw to possibly bypass a web application's\nintended restrictions, if that application relied on CSP to protect\nagainst flaws such as cross-site scripting (XSS). (CVE-2012-1944)\n\nIf a web server hosted HTML files that are stored on a Microsoft\nWindows share, or a Samba share, loading such files with Firefox could\nresult in Windows shortcut files (.lnk) in the same share also being\nloaded. An attacker could use this flaw to view the contents of local\nfiles and directories on the victim's system. This issue also affected\nusers opening HTML files from Microsoft Windows shares, or Samba\nshares, that are mounted on their systems. (CVE-2012-1945)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 10.0.5 ESR.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 10.0.5 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 15, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20120605)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-1947", "CVE-2012-1937"], "modified": "2012-08-01T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:xulrunner-debuginfo", "p-cpe:/a:fermilab:scientific_linux:firefox", "p-cpe:/a:fermilab:scientific_linux:xulrunner-devel", "p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:xulrunner"], "id": "SL_20120605_FIREFOX_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61322", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61322);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3101\", \"CVE-2012-1940\", \"CVE-2012-1944\", \"CVE-2012-1945\", \"CVE-2012-1946\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20120605)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938,\nCVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946,\nCVE-2012-1947)\n\nNote: CVE-2011-3101 only affected users of certain NVIDIA display\ndrivers with graphics cards that have hardware acceleration enabled.\n\nIt was found that the Content Security Policy (CSP) implementation in\nFirefox no longer blocked Firefox inline event handlers. A remote\nattacker could use this flaw to possibly bypass a web application's\nintended restrictions, if that application relied on CSP to protect\nagainst flaws such as cross-site scripting (XSS). (CVE-2012-1944)\n\nIf a web server hosted HTML files that are stored on a Microsoft\nWindows share, or a Samba share, loading such files with Firefox could\nresult in Windows shortcut files (.lnk) in the same share also being\nloaded. An attacker could use this flaw to view the contents of local\nfiles and directories on the victim's system. This issue also affected\nusers opening HTML files from Microsoft Windows shares, or Samba\nshares, that are mounted on their systems. (CVE-2012-1945)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 10.0.5 ESR.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 10.0.5 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1206&L=scientific-linux-errata&T=0&P=579\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?50d6d333\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"firefox-10.0.5-1.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"firefox-debuginfo-10.0.5-1.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-10.0.5-1.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-debuginfo-10.0.5-1.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-devel-10.0.5-1.el5_8\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"firefox-10.0.5-1.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"firefox-debuginfo-10.0.5-1.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-10.0.5-1.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-debuginfo-10.0.5-1.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-devel-10.0.5-1.el6_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo / xulrunner / xulrunner-debuginfo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:46:37", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938,\nCVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946,\nCVE-2012-1947)\n\nNote: CVE-2011-3101 only affected users of certain NVIDIA display\ndrivers with graphics cards that have hardware acceleration enabled.\n\nIt was found that the Content Security Policy (CSP) implementation in\nThunderbird no longer blocked Thunderbird inline event handlers.\nMalicious content could possibly bypass intended restrictions if that\ncontent relied on CSP to protect against flaws such as cross-site\nscripting (XSS). (CVE-2012-1944)\n\nIf a web server hosted content that is stored on a Microsoft Windows\nshare, or a Samba share, loading such content with Thunderbird could\nresult in Windows shortcut files (.lnk) in the same share also being\nloaded. An attacker could use this flaw to view the contents of local\nfiles and directories on the victim's system. This issue also affected\nusers opening content from Microsoft Windows shares, or Samba shares,\nthat are mounted on their systems. (CVE-2012-1945)\n\nNote: None of the issues in this advisory can be exploited by a\nspecially crafted HTML mail message as JavaScript is disabled by\ndefault for mail messages. They could be exploited another way in\nThunderbird, for example, when viewing the full remote content of an\nRSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 10.0.5 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.", "edition": 15, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20120606)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-1947", "CVE-2012-1937"], "modified": "2012-08-01T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:thunderbird", "p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120606_THUNDERBIRD_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61323", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61323);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3101\", \"CVE-2012-1940\", \"CVE-2012-1944\", \"CVE-2012-1945\", \"CVE-2012-1946\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20120606)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938,\nCVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946,\nCVE-2012-1947)\n\nNote: CVE-2011-3101 only affected users of certain NVIDIA display\ndrivers with graphics cards that have hardware acceleration enabled.\n\nIt was found that the Content Security Policy (CSP) implementation in\nThunderbird no longer blocked Thunderbird inline event handlers.\nMalicious content could possibly bypass intended restrictions if that\ncontent relied on CSP to protect against flaws such as cross-site\nscripting (XSS). (CVE-2012-1944)\n\nIf a web server hosted content that is stored on a Microsoft Windows\nshare, or a Samba share, loading such content with Thunderbird could\nresult in Windows shortcut files (.lnk) in the same share also being\nloaded. An attacker could use this flaw to view the contents of local\nfiles and directories on the victim's system. This issue also affected\nusers opening content from Microsoft Windows shares, or Samba shares,\nthat are mounted on their systems. (CVE-2012-1945)\n\nNote: None of the issues in this advisory can be exploited by a\nspecially crafted HTML mail message as JavaScript is disabled by\ndefault for mail messages. They could be exploited another way in\nThunderbird, for example, when viewing the full remote content of an\nRSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 10.0.5 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1206&L=scientific-linux-errata&T=0&P=715\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?66425ea1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-10.0.5-2.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-debuginfo-10.0.5-2.el5_8\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-10.0.5-2.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-debuginfo-10.0.5-2.el6_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:25:12", "description": "Changes in MozillaFirefox :\n\n - update to Firefox 13.0 (bnc#765204)\n\n - MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101\n Miscellaneous memory safety hazards\n\n - MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security\n Policy inline-script bypass\n\n - MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information\n disclosure though Windows file shares and shortcut files\n\n - MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free\n while replacing/inserting a node in a document\n\n - MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941\n Buffer overflow and use-after-free issues found using\n Address Sanitizer\n\n - require NSS 3.13.4\n\n - MFSA 2012-39/CVE-2012-0441 (bmo#715073)\n\n - fix sound notifications when filename/path contains a\n whitespace (bmo#749739)\n\n - fix build on arm\n\n - reenabled crashreporter for Factory/12.2 (fix in\n mozilla-gcc47.patch)\n\nChanges in MozillaThunderbird :\n\n - update to Thunderbird 13.0 (bnc#765204)\n\n - MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101\n Miscellaneous memory safety hazards\n\n - MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security\n Policy inline-script bypass\n\n - MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information\n disclosure though Windows file shares and shortcut files\n\n - MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free\n while replacing/inserting a node in a document\n\n - MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941\n Buffer overflow and use-after-free issues found using\n Address Sanitizer\n\n - require NSS 3.13.4\n\n - MFSA 2012-39/CVE-2012-0441 (bmo#715073)\n\n - fix build with system NSPR (mozilla-system-nspr.patch)\n\n - add dependentlibs.list for improved XRE startup\n\n - update enigmail to 1.4.2\n\n - reenabled crashreporter for Factory/12.2 (fix in\n mozilla-gcc47.patch)\n\n - update to Thunderbird 12.0.1\n\n - fix regressions\n\n - POP3 filters (bmo#748090)\n\n - Message Body not loaded when using 'Fetch Headers Only'\n (bmo#748865)\n\n - Received messages contain parts of other messages with\n movemail account (bmo#748726)\n\n - New mail notification issue (bmo#748997)\n\n - crash in nsMsgDatabase::MatchDbName (bmo#748432)\n\n - fixed build with gcc 4.7\n\nChanges in seamonkey :\n\n - update to SeaMonkey 2.10 (bnc#765204)\n\n - MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101\n Miscellaneous memory safety hazards\n\n - MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security\n Policy inline-script bypass\n\n - MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information\n disclosure though Windows file shares and shortcut files\n\n - MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free\n while replacing/inserting a node in a document\n\n - MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941\n Buffer overflow and use-after-free issues found using\n Address Sanitizer\n\n - requires NSS 3.13.4\n\n - MFSA 2012-39/CVE-2012-0441 (bmo#715073)\n\n - update to SeaMonkey 2.9.1\n\n - fix regressions\n\n - POP3 filters (bmo#748090)\n\n - Message Body not loaded when using 'Fetch Headers Only'\n (bmo#748865)\n\n - Received messages contain parts of other messages with\n movemail account (bmo#748726)\n\n - New mail notification issue (bmo#748997)\n\n - crash in nsMsgDatabase::MatchDbName (bmo#748432)\n\n - fixed build with gcc 4.7\n\nChanges in mozilla-nss :\n\n - update to 3.13.5 RTM\n\n - update to 3.13.4 RTM\n\n - fixed some bugs\n\n - fixed cert verification regression in PKIX mode\n (bmo#737802) introduced in 3.13.2\n\nChanges in xulrunner :\n\n - update to 13.0 (bnc#765204)\n\n - MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101\n Miscellaneous memory safety hazards\n\n - MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security\n Policy inline-script bypass\n\n - MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information\n disclosure though Windows file shares and shortcut files\n\n - MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free\n while replacing/inserting a node in a document\n\n - MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941\n Buffer overflow and use-after-free issues found using\n Address Sanitizer\n\n - require NSS 3.13.4\n\n - MFSA 2012-39/CVE-2012-0441 (bmo#715073)\n\n - reenabled crashreporter for Factory/12.2 (fixed in\n mozilla-gcc47.patch)", "edition": 19, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-nss / etc (openSUSE-SU-2012:0760-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:mozilla-js", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:xulrunner-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:xulrunner-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:chmsee-debugsource", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xulrunner-debugsource", "p-cpe:/a:novell:opensuse:mozilla-js-32bit", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo", "p-cpe:/a:novell:opensuse:chmsee", "p-cpe:/a:novell:opensuse:xulrunner", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:enigmail", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-buildsymbols", "p-cpe:/a:novell:opensuse:seamonkey", "p-cpe:/a:novell:opensuse:chmsee-debuginfo", "p-cpe:/a:novell:opensuse:enigmail-debuginfo"], "id": "OPENSUSE-2012-333.NASL", "href": "https://www.tenable.com/plugins/nessus/74655", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-333.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74655);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3101\", \"CVE-2012-0441\", \"CVE-2012-1937\", \"CVE-2012-1938\", \"CVE-2012-1940\", \"CVE-2012-1941\", \"CVE-2012-1944\", \"CVE-2012-1945\", \"CVE-2012-1946\", \"CVE-2012-1947\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-nss / etc (openSUSE-SU-2012:0760-1)\");\n script_summary(english:\"Check for the openSUSE-2012-333 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Changes in MozillaFirefox :\n\n - update to Firefox 13.0 (bnc#765204)\n\n - MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101\n Miscellaneous memory safety hazards\n\n - MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security\n Policy inline-script bypass\n\n - MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information\n disclosure though Windows file shares and shortcut files\n\n - MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free\n while replacing/inserting a node in a document\n\n - MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941\n Buffer overflow and use-after-free issues found using\n Address Sanitizer\n\n - require NSS 3.13.4\n\n - MFSA 2012-39/CVE-2012-0441 (bmo#715073)\n\n - fix sound notifications when filename/path contains a\n whitespace (bmo#749739)\n\n - fix build on arm\n\n - reenabled crashreporter for Factory/12.2 (fix in\n mozilla-gcc47.patch)\n\nChanges in MozillaThunderbird :\n\n - update to Thunderbird 13.0 (bnc#765204)\n\n - MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101\n Miscellaneous memory safety hazards\n\n - MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security\n Policy inline-script bypass\n\n - MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information\n disclosure though Windows file shares and shortcut files\n\n - MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free\n while replacing/inserting a node in a document\n\n - MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941\n Buffer overflow and use-after-free issues found using\n Address Sanitizer\n\n - require NSS 3.13.4\n\n - MFSA 2012-39/CVE-2012-0441 (bmo#715073)\n\n - fix build with system NSPR (mozilla-system-nspr.patch)\n\n - add dependentlibs.list for improved XRE startup\n\n - update enigmail to 1.4.2\n\n - reenabled crashreporter for Factory/12.2 (fix in\n mozilla-gcc47.patch)\n\n - update to Thunderbird 12.0.1\n\n - fix regressions\n\n - POP3 filters (bmo#748090)\n\n - Message Body not loaded when using 'Fetch Headers Only'\n (bmo#748865)\n\n - Received messages contain parts of other messages with\n movemail account (bmo#748726)\n\n - New mail notification issue (bmo#748997)\n\n - crash in nsMsgDatabase::MatchDbName (bmo#748432)\n\n - fixed build with gcc 4.7\n\nChanges in seamonkey :\n\n - update to SeaMonkey 2.10 (bnc#765204)\n\n - MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101\n Miscellaneous memory safety hazards\n\n - MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security\n Policy inline-script bypass\n\n - MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information\n disclosure though Windows file shares and shortcut files\n\n - MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free\n while replacing/inserting a node in a document\n\n - MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941\n Buffer overflow and use-after-free issues found using\n Address Sanitizer\n\n - requires NSS 3.13.4\n\n - MFSA 2012-39/CVE-2012-0441 (bmo#715073)\n\n - update to SeaMonkey 2.9.1\n\n - fix regressions\n\n - POP3 filters (bmo#748090)\n\n - Message Body not loaded when using 'Fetch Headers Only'\n (bmo#748865)\n\n - Received messages contain parts of other messages with\n movemail account (bmo#748726)\n\n - New mail notification issue (bmo#748997)\n\n - crash in nsMsgDatabase::MatchDbName (bmo#748432)\n\n - fixed build with gcc 4.7\n\nChanges in mozilla-nss :\n\n - update to 3.13.5 RTM\n\n - update to 3.13.4 RTM\n\n - fixed some bugs\n\n - fixed cert verification regression in PKIX mode\n (bmo#737802) introduced in 3.13.2\n\nChanges in xulrunner :\n\n - update to 13.0 (bnc#765204)\n\n - MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101\n Miscellaneous memory safety hazards\n\n - MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security\n Policy inline-script bypass\n\n - MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information\n disclosure though Windows file shares and shortcut files\n\n - MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free\n while replacing/inserting a node in a document\n\n - MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941\n Buffer overflow and use-after-free issues found using\n Address Sanitizer\n\n - require NSS 3.13.4\n\n - MFSA 2012-39/CVE-2012-0441 (bmo#715073)\n\n - reenabled crashreporter for Factory/12.2 (fixed in\n mozilla-gcc47.patch)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=765204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-06/msg00023.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox / MozillaThunderbird / mozilla-nss / etc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chmsee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chmsee-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chmsee-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-13.0-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-branding-upstream-13.0-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-buildsymbols-13.0-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debuginfo-13.0-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debugsource-13.0-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-devel-13.0-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-common-13.0-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-other-13.0-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-13.0-33.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-buildsymbols-13.0-33.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debuginfo-13.0-33.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debugsource-13.0-33.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-13.0-33.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-common-13.0-33.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-other-13.0-33.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"chmsee-1.99.08-2.18.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"chmsee-debuginfo-1.99.08-2.18.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"chmsee-debugsource-1.99.08-2.18.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-1.4.2+13.0-33.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-debuginfo-1.4.2+13.0-33.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-3.13.5-9.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-debuginfo-3.13.5-9.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-3.13.5-9.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-debuginfo-3.13.5-9.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-13.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-debuginfo-13.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-3.13.5-9.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-3.13.5-9.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-debuginfo-3.13.5-9.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debuginfo-3.13.5-9.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debugsource-3.13.5-9.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-devel-3.13.5-9.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-3.13.5-9.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.13.5-9.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-3.13.5-9.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-debuginfo-3.13.5-9.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-2.10-2.21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debuginfo-2.10-2.21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debugsource-2.10-2.21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-dom-inspector-2.10-2.21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-irc-2.10-2.21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-common-2.10-2.21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-other-2.10-2.21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-venkman-2.10-2.21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-13.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-buildsymbols-13.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debuginfo-13.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debugsource-13.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-13.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-debuginfo-13.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.13.5-9.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.13.5-9.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.13.5-9.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.13.5-9.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-13.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-13.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.13.5-9.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.13.5-9.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.13.5-9.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.13.5-9.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.13.5-9.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.13.5-9.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-32bit-13.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-13.0-2.29.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaThunderbird / mozilla-nss / seamonkey / xulrunner\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:23:59", "description": "Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew\nMcCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered\nmemory safety issues affecting Firefox. If the user were tricked into\nopening a specially crafted page, an attacker could possibly exploit\nthese to cause a denial of service via application crash, or\npotentially execute code with the privileges of the user invoking\nFirefox. (CVE-2012-1937, CVE-2012-1938)\n\nIt was discovered that Mozilla's WebGL implementation exposed a bug in\ncertain NVIDIA graphics drivers. The impact of this issue has not been\ndisclosed at this time. (CVE-2011-3101)\n\nAdam Barth discovered that certain inline event handlers were not\nbeing blocked properly by the Content Security Policy's (CSP)\ninline-script blocking feature. Web applications relying on this\nfeature of CSP to protect against cross-site scripting (XSS) were not\nfully protected. With cross-site scripting vulnerabilities, if a user\nwere tricked into viewing a specially crafted page, a remote attacker\ncould exploit this to modify the contents, or steal confidential data,\nwithin the same domain. (CVE-2012-1944)\n\nPaul Stone discovered that a viewed HTML page hosted on a Windows or\nSamba share could load Windows shortcut files (.lnk) in the same\nshare. These shortcut files could then link to arbitrary locations on\nthe local file system of the individual loading the HTML page. An\nattacker could potentially use this vulnerability to show the contents\nof these linked files or directories in an iframe, resulting in\ninformation disclosure. (CVE-2012-1945)\n\nArthur Gerkis discovered a use-after-free vulnerability while\nreplacing/inserting a node in a document. If the user were tricked\ninto opening a specially crafted page, an attacker could possibly\nexploit this to cause a denial of service via application crash, or\npotentially execute code with the privileges of the user invoking\nFirefox. (CVE-2012-1946)\n\nKaspar Brand discovered a vulnerability in how the Network Security\nServices (NSS) ASN.1 decoder handles zero length items. If the user\nwere tricked into opening a specially crafted page, an attacker could\npossibly exploit this to cause a denial of service via application\ncrash. (CVE-2012-0441)\n\nAbhishek Arya discovered two buffer overflow and one use-after-free\nvulnerabilities. If the user were tricked into opening a specially\ncrafted page, an attacker could possibly exploit these to cause a\ndenial of service via application crash, or potentially execute code\nwith the privileges of the user invoking Firefox. (CVE-2012-1940,\nCVE-2012-1941, CVE-2012-1947).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2012-06-07T00:00:00", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox vulnerabilities (USN-1463-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1463-1.NASL", "href": "https://www.tenable.com/plugins/nessus/59394", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1463-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59394);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2011-3101\", \"CVE-2012-0441\", \"CVE-2012-1937\", \"CVE-2012-1938\", \"CVE-2012-1940\", \"CVE-2012-1941\", \"CVE-2012-1944\", \"CVE-2012-1945\", \"CVE-2012-1946\", \"CVE-2012-1947\");\n script_bugtraq_id(53791, 53792, 53793, 53794, 53796, 53798, 53799, 53800, 53801, 53808);\n script_xref(name:\"USN\", value:\"1463-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox vulnerabilities (USN-1463-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew\nMcCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered\nmemory safety issues affecting Firefox. If the user were tricked into\nopening a specially crafted page, an attacker could possibly exploit\nthese to cause a denial of service via application crash, or\npotentially execute code with the privileges of the user invoking\nFirefox. (CVE-2012-1937, CVE-2012-1938)\n\nIt was discovered that Mozilla's WebGL implementation exposed a bug in\ncertain NVIDIA graphics drivers. The impact of this issue has not been\ndisclosed at this time. (CVE-2011-3101)\n\nAdam Barth discovered that certain inline event handlers were not\nbeing blocked properly by the Content Security Policy's (CSP)\ninline-script blocking feature. Web applications relying on this\nfeature of CSP to protect against cross-site scripting (XSS) were not\nfully protected. With cross-site scripting vulnerabilities, if a user\nwere tricked into viewing a specially crafted page, a remote attacker\ncould exploit this to modify the contents, or steal confidential data,\nwithin the same domain. (CVE-2012-1944)\n\nPaul Stone discovered that a viewed HTML page hosted on a Windows or\nSamba share could load Windows shortcut files (.lnk) in the same\nshare. These shortcut files could then link to arbitrary locations on\nthe local file system of the individual loading the HTML page. An\nattacker could potentially use this vulnerability to show the contents\nof these linked files or directories in an iframe, resulting in\ninformation disclosure. (CVE-2012-1945)\n\nArthur Gerkis discovered a use-after-free vulnerability while\nreplacing/inserting a node in a document. If the user were tricked\ninto opening a specially crafted page, an attacker could possibly\nexploit this to cause a denial of service via application crash, or\npotentially execute code with the privileges of the user invoking\nFirefox. (CVE-2012-1946)\n\nKaspar Brand discovered a vulnerability in how the Network Security\nServices (NSS) ASN.1 decoder handles zero length items. If the user\nwere tricked into opening a specially crafted page, an attacker could\npossibly exploit this to cause a denial of service via application\ncrash. (CVE-2012-0441)\n\nAbhishek Arya discovered two buffer overflow and one use-after-free\nvulnerabilities. If the user were tricked into opening a specially\ncrafted page, an attacker could possibly exploit these to cause a\ndenial of service via application crash, or potentially execute code\nwith the privileges of the user invoking Firefox. (CVE-2012-1940,\nCVE-2012-1941, CVE-2012-1947).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1463-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|11\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox\", pkgver:\"13.0+build1-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"firefox\", pkgver:\"13.0+build1-0ubuntu0.11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"firefox\", pkgver:\"13.0+build1-0ubuntu0.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"13.0+build1-0ubuntu0.12.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:23:59", "description": "USN-1463-1 fixed vulnerabilities in Firefox. The new package caused a\nregression in the rendering of Hebrew text and the ability of the\nHotmail inbox to auto-update. This update fixes the problem.\n\nJesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew\nMcCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered\nmemory safety issues affecting Firefox. If the user were tricked into\nopening a specially crafted page, an attacker could possibly exploit\nthese to cause a denial of service via application crash, or\npotentially execute code with the privileges of the user invoking\nFirefox. (CVE-2012-1937, CVE-2012-1938)\n\nIt was discovered that Mozilla's WebGL implementation\nexposed a bug in certain NVIDIA graphics drivers. The impact\nof this issue has not been disclosed at this time.\n(CVE-2011-3101)\n\nAdam Barth discovered that certain inline event handlers\nwere not being blocked properly by the Content Security\nPolicy's (CSP) inline-script blocking feature. Web\napplications relying on this feature of CSP to protect\nagainst cross-site scripting (XSS) were not fully protected.\nWith cross-site scripting vulnerabilities, if a user were\ntricked into viewing a specially crafted page, a remote\nattacker could exploit this to modify the contents, or steal\nconfidential data, within the same domain. (CVE-2012-1944)\n\nPaul Stone discovered that a viewed HTML page hosted on a\nWindows or Samba share could load Windows shortcut files\n(.lnk) in the same share. These shortcut files could then\nlink to arbitrary locations on the local file system of the\nindividual loading the HTML page. An attacker could\npotentially use this vulnerability to show the contents of\nthese linked files or directories in an iframe, resulting in\ninformation disclosure. (CVE-2012-1945)\n\nArthur Gerkis discovered a use-after-free vulnerability\nwhile replacing/inserting a node in a document. If the user\nwere tricked into opening a specially crafted page, an\nattacker could possibly exploit this to cause a denial of\nservice via application crash, or potentially execute code\nwith the privileges of the user invoking Firefox.\n(CVE-2012-1946)\n\nKaspar Brand discovered a vulnerability in how the Network\nSecurity Services (NSS) ASN.1 decoder handles zero length\nitems. If the user were tricked into opening a specially\ncrafted page, an attacker could possibly exploit this to\ncause a denial of service via application crash.\n(CVE-2012-0441)\n\nAbhishek Arya discovered two buffer overflow and one\nuse-after-free vulnerabilities. If the user were tricked\ninto opening a specially crafted page, an attacker could\npossibly exploit these to cause a denial of service via\napplication crash, or potentially execute code with the\nprivileges of the user invoking Firefox. (CVE-2012-1940,\nCVE-2012-1941, CVE-2012-1947).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2012-06-21T00:00:00", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox regressions (USN-1463-3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1463-3.NASL", "href": "https://www.tenable.com/plugins/nessus/59640", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1463-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59640);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2011-3101\", \"CVE-2012-0441\", \"CVE-2012-1937\", \"CVE-2012-1938\", \"CVE-2012-1940\", \"CVE-2012-1941\", \"CVE-2012-1944\", \"CVE-2012-1945\", \"CVE-2012-1946\", \"CVE-2012-1947\");\n script_xref(name:\"USN\", value:\"1463-3\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox regressions (USN-1463-3)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1463-1 fixed vulnerabilities in Firefox. The new package caused a\nregression in the rendering of Hebrew text and the ability of the\nHotmail inbox to auto-update. This update fixes the problem.\n\nJesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew\nMcCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered\nmemory safety issues affecting Firefox. If the user were tricked into\nopening a specially crafted page, an attacker could possibly exploit\nthese to cause a denial of service via application crash, or\npotentially execute code with the privileges of the user invoking\nFirefox. (CVE-2012-1937, CVE-2012-1938)\n\nIt was discovered that Mozilla's WebGL implementation\nexposed a bug in certain NVIDIA graphics drivers. The impact\nof this issue has not been disclosed at this time.\n(CVE-2011-3101)\n\nAdam Barth discovered that certain inline event handlers\nwere not being blocked properly by the Content Security\nPolicy's (CSP) inline-script blocking feature. Web\napplications relying on this feature of CSP to protect\nagainst cross-site scripting (XSS) were not fully protected.\nWith cross-site scripting vulnerabilities, if a user were\ntricked into viewing a specially crafted page, a remote\nattacker could exploit this to modify the contents, or steal\nconfidential data, within the same domain. (CVE-2012-1944)\n\nPaul Stone discovered that a viewed HTML page hosted on a\nWindows or Samba share could load Windows shortcut files\n(.lnk) in the same share. These shortcut files could then\nlink to arbitrary locations on the local file system of the\nindividual loading the HTML page. An attacker could\npotentially use this vulnerability to show the contents of\nthese linked files or directories in an iframe, resulting in\ninformation disclosure. (CVE-2012-1945)\n\nArthur Gerkis discovered a use-after-free vulnerability\nwhile replacing/inserting a node in a document. If the user\nwere tricked into opening a specially crafted page, an\nattacker could possibly exploit this to cause a denial of\nservice via application crash, or potentially execute code\nwith the privileges of the user invoking Firefox.\n(CVE-2012-1946)\n\nKaspar Brand discovered a vulnerability in how the Network\nSecurity Services (NSS) ASN.1 decoder handles zero length\nitems. If the user were tricked into opening a specially\ncrafted page, an attacker could possibly exploit this to\ncause a denial of service via application crash.\n(CVE-2012-0441)\n\nAbhishek Arya discovered two buffer overflow and one\nuse-after-free vulnerabilities. If the user were tricked\ninto opening a specially crafted page, an attacker could\npossibly exploit these to cause a denial of service via\napplication crash, or potentially execute code with the\nprivileges of the user invoking Firefox. (CVE-2012-1940,\nCVE-2012-1941, CVE-2012-1947).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1463-3/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|11\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox\", pkgver:\"13.0.1+build1-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"firefox\", pkgver:\"13.0.1+build1-0ubuntu0.11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"firefox\", pkgver:\"13.0.1+build1-0ubuntu0.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"13.0.1+build1-0ubuntu0.12.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:23:59", "description": "USN-1463-1 fixed vulnerabilities in Firefox. This update provides the\ncorresponding fixes for Thunderbird.\n\nJesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew\nMcCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered\nmemory safety issues affecting Firefox. If the user were tricked into\nopening a specially crafted page, an attacker could possibly exploit\nthese to cause a denial of service via application crash, or\npotentially execute code with the privileges of the user invoking\nFirefox. (CVE-2012-1937, CVE-2012-1938)\n\nIt was discovered that Mozilla's WebGL implementation\nexposed a bug in certain NVIDIA graphics drivers. The impact\nof this issue has not been disclosed at this time.\n(CVE-2011-3101)\n\nAdam Barth discovered that certain inline event handlers\nwere not being blocked properly by the Content Security\nPolicy's (CSP) inline-script blocking feature. Web\napplications relying on this feature of CSP to protect\nagainst cross-site scripting (XSS) were not fully protected.\nWith cross-site scripting vulnerabilities, if a user were\ntricked into viewing a specially crafted page, a remote\nattacker could exploit this to modify the contents, or steal\nconfidential data, within the same domain. (CVE-2012-1944)\n\nPaul Stone discovered that a viewed HTML page hosted on a\nWindows or Samba share could load Windows shortcut files\n(.lnk) in the same share. These shortcut files could then\nlink to arbitrary locations on the local file system of the\nindividual loading the HTML page. An attacker could\npotentially use this vulnerability to show the contents of\nthese linked files or directories in an iframe, resulting in\ninformation disclosure. (CVE-2012-1945)\n\nArthur Gerkis discovered a use-after-free vulnerability\nwhile replacing/inserting a node in a document. If the user\nwere tricked into opening a specially crafted page, an\nattacker could possibly exploit this to cause a denial of\nservice via application crash, or potentially execute code\nwith the privileges of the user invoking Firefox.\n(CVE-2012-1946)\n\nKaspar Brand discovered a vulnerability in how the Network\nSecurity Services (NSS) ASN.1 decoder handles zero length\nitems. If the user were tricked into opening a specially\ncrafted page, an attacker could possibly exploit this to\ncause a denial of service via application crash.\n(CVE-2012-0441)\n\nAbhishek Arya discovered two buffer overflow and one\nuse-after-free vulnerabilities. If the user were tricked\ninto opening a specially crafted page, an attacker could\npossibly exploit these to cause a denial of service via\napplication crash, or potentially execute code with the\nprivileges of the user invoking Firefox. (CVE-2012-1940,\nCVE-2012-1941, CVE-2012-1947).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2012-06-22T00:00:00", "title": "Ubuntu 10.04 LTS / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1463-4)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:thunderbird", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1463-4.NASL", "href": "https://www.tenable.com/plugins/nessus/59654", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1463-4. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59654);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2011-3101\", \"CVE-2012-0441\", \"CVE-2012-1937\", \"CVE-2012-1938\", \"CVE-2012-1940\", \"CVE-2012-1941\", \"CVE-2012-1944\", \"CVE-2012-1945\", \"CVE-2012-1946\", \"CVE-2012-1947\");\n script_bugtraq_id(53540, 53791, 53792, 53793, 53794, 53796, 53798, 53799, 53800, 53801);\n script_xref(name:\"USN\", value:\"1463-4\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1463-4)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1463-1 fixed vulnerabilities in Firefox. This update provides the\ncorresponding fixes for Thunderbird.\n\nJesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew\nMcCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered\nmemory safety issues affecting Firefox. If the user were tricked into\nopening a specially crafted page, an attacker could possibly exploit\nthese to cause a denial of service via application crash, or\npotentially execute code with the privileges of the user invoking\nFirefox. (CVE-2012-1937, CVE-2012-1938)\n\nIt was discovered that Mozilla's WebGL implementation\nexposed a bug in certain NVIDIA graphics drivers. The impact\nof this issue has not been disclosed at this time.\n(CVE-2011-3101)\n\nAdam Barth discovered that certain inline event handlers\nwere not being blocked properly by the Content Security\nPolicy's (CSP) inline-script blocking feature. Web\napplications relying on this feature of CSP to protect\nagainst cross-site scripting (XSS) were not fully protected.\nWith cross-site scripting vulnerabilities, if a user were\ntricked into viewing a specially crafted page, a remote\nattacker could exploit this to modify the contents, or steal\nconfidential data, within the same domain. (CVE-2012-1944)\n\nPaul Stone discovered that a viewed HTML page hosted on a\nWindows or Samba share could load Windows shortcut files\n(.lnk) in the same share. These shortcut files could then\nlink to arbitrary locations on the local file system of the\nindividual loading the HTML page. An attacker could\npotentially use this vulnerability to show the contents of\nthese linked files or directories in an iframe, resulting in\ninformation disclosure. (CVE-2012-1945)\n\nArthur Gerkis discovered a use-after-free vulnerability\nwhile replacing/inserting a node in a document. If the user\nwere tricked into opening a specially crafted page, an\nattacker could possibly exploit this to cause a denial of\nservice via application crash, or potentially execute code\nwith the privileges of the user invoking Firefox.\n(CVE-2012-1946)\n\nKaspar Brand discovered a vulnerability in how the Network\nSecurity Services (NSS) ASN.1 decoder handles zero length\nitems. If the user were tricked into opening a specially\ncrafted page, an attacker could possibly exploit this to\ncause a denial of service via application crash.\n(CVE-2012-0441)\n\nAbhishek Arya discovered two buffer overflow and one\nuse-after-free vulnerabilities. If the user were tricked\ninto opening a specially crafted page, an attacker could\npossibly exploit these to cause a denial of service via\napplication crash, or potentially execute code with the\nprivileges of the user invoking Firefox. (CVE-2012-1940,\nCVE-2012-1941, CVE-2012-1947).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1463-4/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"thunderbird\", pkgver:\"13.0.1+build1-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"thunderbird\", pkgver:\"13.0.1+build1-0ubuntu0.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"thunderbird\", pkgver:\"13.0.1+build1-0ubuntu0.12.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:23:59", "description": "USN-1463-1 fixed vulnerabilities in Firefox. This update provides the\ncorresponding fixes for Thunderbird.\n\nJesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew\nMcCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered\nmemory safety issues affecting Firefox. If the user were tricked into\nopening a specially crafted page, an attacker could possibly exploit\nthese to cause a denial of service via application crash, or\npotentially execute code with the privileges of the user invoking\nFirefox. (CVE-2012-1937, CVE-2012-1938)\n\nIt was discovered that Mozilla's WebGL implementation\nexposed a bug in certain NVIDIA graphics drivers. The impact\nof this issue has not been disclosed at this time.\n(CVE-2011-3101)\n\nAdam Barth discovered that certain inline event handlers\nwere not being blocked properly by the Content Security\nPolicy's (CSP) inline-script blocking feature. Web\napplications relying on this feature of CSP to protect\nagainst cross-site scripting (XSS) were not fully protected.\nWith cross-site scripting vulnerabilities, if a user were\ntricked into viewing a specially crafted page, a remote\nattacker could exploit this to modify the contents, or steal\nconfidential data, within the same domain. (CVE-2012-1944)\n\nPaul Stone discovered that a viewed HTML page hosted on a\nWindows or Samba share could load Windows shortcut files\n(.lnk) in the same share. These shortcut files could then\nlink to arbitrary locations on the local file system of the\nindividual loading the HTML page. An attacker could\npotentially use this vulnerability to show the contents of\nthese linked files or directories in an iframe, resulting in\ninformation disclosure. (CVE-2012-1945)\n\nArthur Gerkis discovered a use-after-free vulnerability\nwhile replacing/inserting a node in a document. If the user\nwere tricked into opening a specially crafted page, an\nattacker could possibly exploit this to cause a denial of\nservice via application crash, or potentially execute code\nwith the privileges of the user invoking Firefox.\n(CVE-2012-1946)\n\nKaspar Brand discovered a vulnerability in how the Network\nSecurity Services (NSS) ASN.1 decoder handles zero length\nitems. If the user were tricked into opening a specially\ncrafted page, an attacker could possibly exploit this to\ncause a denial of service via application crash.\n(CVE-2012-0441)\n\nAbhishek Arya discovered two buffer overflow and one\nuse-after-free vulnerabilities. If the user were tricked\ninto opening a specially crafted page, an attacker could\npossibly exploit these to cause a denial of service via\napplication crash, or potentially execute code with the\nprivileges of the user invoking Firefox. (CVE-2012-1940,\nCVE-2012-1941, CVE-2012-1947).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2012-06-27T00:00:00", "title": "Ubuntu 11.04 : thunderbird vulnerabilities (USN-1463-6)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.04", "p-cpe:/a:canonical:ubuntu_linux:thunderbird"], "id": "UBUNTU_USN-1463-6.NASL", "href": "https://www.tenable.com/plugins/nessus/59725", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1463-6. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59725);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2011-3101\", \"CVE-2012-0441\", \"CVE-2012-1937\", \"CVE-2012-1938\", \"CVE-2012-1940\", \"CVE-2012-1941\", \"CVE-2012-1944\", \"CVE-2012-1945\", \"CVE-2012-1946\", \"CVE-2012-1947\");\n script_bugtraq_id(53791, 53793, 53794, 53796, 53798, 53799, 53800, 53801, 53808);\n script_xref(name:\"USN\", value:\"1463-6\");\n\n script_name(english:\"Ubuntu 11.04 : thunderbird vulnerabilities (USN-1463-6)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1463-1 fixed vulnerabilities in Firefox. This update provides the\ncorresponding fixes for Thunderbird.\n\nJesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew\nMcCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered\nmemory safety issues affecting Firefox. If the user were tricked into\nopening a specially crafted page, an attacker could possibly exploit\nthese to cause a denial of service via application crash, or\npotentially execute code with the privileges of the user invoking\nFirefox. (CVE-2012-1937, CVE-2012-1938)\n\nIt was discovered that Mozilla's WebGL implementation\nexposed a bug in certain NVIDIA graphics drivers. The impact\nof this issue has not been disclosed at this time.\n(CVE-2011-3101)\n\nAdam Barth discovered that certain inline event handlers\nwere not being blocked properly by the Content Security\nPolicy's (CSP) inline-script blocking feature. Web\napplications relying on this feature of CSP to protect\nagainst cross-site scripting (XSS) were not fully protected.\nWith cross-site scripting vulnerabilities, if a user were\ntricked into viewing a specially crafted page, a remote\nattacker could exploit this to modify the contents, or steal\nconfidential data, within the same domain. (CVE-2012-1944)\n\nPaul Stone discovered that a viewed HTML page hosted on a\nWindows or Samba share could load Windows shortcut files\n(.lnk) in the same share. These shortcut files could then\nlink to arbitrary locations on the local file system of the\nindividual loading the HTML page. An attacker could\npotentially use this vulnerability to show the contents of\nthese linked files or directories in an iframe, resulting in\ninformation disclosure. (CVE-2012-1945)\n\nArthur Gerkis discovered a use-after-free vulnerability\nwhile replacing/inserting a node in a document. If the user\nwere tricked into opening a specially crafted page, an\nattacker could possibly exploit this to cause a denial of\nservice via application crash, or potentially execute code\nwith the privileges of the user invoking Firefox.\n(CVE-2012-1946)\n\nKaspar Brand discovered a vulnerability in how the Network\nSecurity Services (NSS) ASN.1 decoder handles zero length\nitems. If the user were tricked into opening a specially\ncrafted page, an attacker could possibly exploit this to\ncause a denial of service via application crash.\n(CVE-2012-0441)\n\nAbhishek Arya discovered two buffer overflow and one\nuse-after-free vulnerabilities. If the user were tricked\ninto opening a specially crafted page, an attacker could\npossibly exploit these to cause a denial of service via\napplication crash, or potentially execute code with the\nprivileges of the user invoking Firefox. (CVE-2012-1940,\nCVE-2012-1941, CVE-2012-1947).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1463-6/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"thunderbird\", pkgver:\"13.0.1+build1-0ubuntu0.11.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:47", "bulletinFamily": "software", "cvelist": ["CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-1942", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937", "CVE-2012-1943"], "description": "Buffer overflows, memory corruptions, use-after-free, code executions, privilege escalations.", "edition": 1, "modified": "2012-06-13T00:00:00", "published": "2012-06-13T00:00:00", "id": "SECURITYVULNS:VULN:12410", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12410", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:49", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937"], "description": "\nThe Mozilla Project reports:\n\nMFSA 2012-34 Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5)\nMFSA 2012-36 Content Security Policy inline-script bypass\nMFSA 2012-37 Information disclosure though Windows file shares and shortcut files\nMFSA 2012-38 Use-after-free while replacing/inserting a node in a document\nMFSA 2012-39 NSS parsing errors with zero length items\nMFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer\n\n", "edition": 4, "modified": "2012-06-05T00:00:00", "published": "2012-06-05T00:00:00", "id": "BFECF7C1-AF47-11E1-9580-4061862B8C22", "href": "https://vuxml.freebsd.org/freebsd/bfecf7c1-af47-11e1-9580-4061862b8c22.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2018-01-02T10:57:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937"], "description": "Check for the Version of mozilla", "modified": "2017-12-29T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:831674", "href": "http://plugins.openvas.org/nasl.php?oid=831674", "type": "openvas", "title": "Mandriva Update for mozilla MDVSA-2012:088 (mozilla)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mozilla MDVSA-2012:088 (mozilla)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security issues were identified and fixed in mozilla firefox and\n thunderbird:\n\n Heap-based buffer overflow in the utf16_to_isolatin1 function in\n Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,\n Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and\n SeaMonkey before 2.10 allows remote attackers to execute arbitrary\n code via vectors that trigger a character-set conversion failure\n (CVE-2012-1947)\n\n Use-after-free vulnerability in the nsFrameList::FirstChild function\n in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,\n Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and\n SeaMonkey before 2.10 allows remote attackers to execute arbitrary code\n or cause a denial of service (heap memory corruption and application\n crash) by changing the size of a container of absolutely positioned\n elements in a column (CVE-2012-1940).\n\n Heap-based buffer overflow in the\n nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla\n Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird\n 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey\n before 2.10 allows remote attackers to execute arbitrary code by\n resizing a window displaying absolutely positioned and relatively\n positioned elements in nested columns (CVE-2012-1941).\n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"mozilla on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:088\");\n script_id(831674);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 10:00:40 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-1947\", \"CVE-2012-1940\", \"CVE-2012-1941\", \"CVE-2012-1946\",\n \"CVE-2012-1945\", \"CVE-2012-1944\", \"CVE-2012-1938\", \"CVE-2012-1939\",\n \"CVE-2012-1937\", \"CVE-2011-3101\", \"CVE-2012-0441\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2012:088\");\n script_name(\"Mandriva Update for mozilla MDVSA-2012:088 (mozilla)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mozilla\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ast\", rpm:\"firefox-ast~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn_BD\", rpm:\"firefox-bn_BD~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn_IN\", rpm:\"firefox-bn_IN~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-br\", rpm:\"firefox-br~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bs\", rpm:\"firefox-bs~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_ZA\", rpm:\"firefox-en_ZA~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_CL\", rpm:\"firefox-es_CL~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_MX\", rpm:\"firefox-es_MX~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fa\", rpm:\"firefox-fa~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gd\", rpm:\"firefox-gd~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hr\", rpm:\"firefox-hr~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hy\", rpm:\"firefox-hy~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kk\", rpm:\"firefox-kk~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lg\", rpm:\"firefox-lg~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mai\", rpm:\"firefox-mai~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ml\", rpm:\"firefox-ml~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nso\", rpm:\"firefox-nso~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-or\", rpm:\"firefox-or~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ta\", rpm:\"firefox-ta~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ta_LK\", rpm:\"firefox-ta_LK~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-vi\", rpm:\"firefox-vi~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zu\", rpm:\"firefox-zu~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.1.5~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-javadoc\", rpm:\"icedtea-web-javadoc~1.1.5~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.9.1~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.9.1~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.13.5~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.13.5~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.13.5~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner13.0\", rpm:\"libxulrunner13.0~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird\", rpm:\"mozilla-thunderbird~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ar\", rpm:\"mozilla-thunderbird-ar~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-be\", rpm:\"mozilla-thunderbird-be~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-bg\", rpm:\"mozilla-thunderbird-bg~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-bn_BD\", rpm:\"mozilla-thunderbird-bn_BD~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-br\", rpm:\"mozilla-thunderbird-br~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ca\", rpm:\"mozilla-thunderbird-ca~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-cs\", rpm:\"mozilla-thunderbird-cs~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-da\", rpm:\"mozilla-thunderbird-da~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-de\", rpm:\"mozilla-thunderbird-de~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-el\", rpm:\"mozilla-thunderbird-el~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-en_GB\", rpm:\"mozilla-thunderbird-en_GB~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail\", rpm:\"mozilla-thunderbird-enigmail~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ar\", rpm:\"mozilla-thunderbird-enigmail-ar~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ca\", rpm:\"mozilla-thunderbird-enigmail-ca~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-cs\", rpm:\"mozilla-thunderbird-enigmail-cs~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-de\", rpm:\"mozilla-thunderbird-enigmail-de~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-el\", rpm:\"mozilla-thunderbird-enigmail-el~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-es\", rpm:\"mozilla-thunderbird-enigmail-es~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-fi\", rpm:\"mozilla-thunderbird-enigmail-fi~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-fr\", rpm:\"mozilla-thunderbird-enigmail-fr~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-it\", rpm:\"mozilla-thunderbird-enigmail-it~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ja\", rpm:\"mozilla-thunderbird-enigmail-ja~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ko\", rpm:\"mozilla-thunderbird-enigmail-ko~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-nb\", rpm:\"mozilla-thunderbird-enigmail-nb~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-nl\", rpm:\"mozilla-thunderbird-enigmail-nl~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pl\", rpm:\"mozilla-thunderbird-enigmail-pl~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pt\", rpm:\"mozilla-thunderbird-enigmail-pt~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pt_BR\", rpm:\"mozilla-thunderbird-enigmail-pt_BR~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ru\", rpm:\"mozilla-thunderbird-enigmail-ru~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sl\", rpm:\"mozilla-thunderbird-enigmail-sl~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sv\", rpm:\"mozilla-thunderbird-enigmail-sv~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-tr\", rpm:\"mozilla-thunderbird-enigmail-tr~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-vi\", rpm:\"mozilla-thunderbird-enigmail-vi~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-zh_CN\", rpm:\"mozilla-thunderbird-enigmail-zh_CN~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-zh_TW\", rpm:\"mozilla-thunderbird-enigmail-zh_TW~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-es_AR\", rpm:\"mozilla-thunderbird-es_AR~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-es_ES\", rpm:\"mozilla-thunderbird-es_ES~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-et\", rpm:\"mozilla-thunderbird-et~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-eu\", rpm:\"mozilla-thunderbird-eu~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fi\", rpm:\"mozilla-thunderbird-fi~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fr\", rpm:\"mozilla-thunderbird-fr~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fy\", rpm:\"mozilla-thunderbird-fy~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ga\", rpm:\"mozilla-thunderbird-ga~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-gd\", rpm:\"mozilla-thunderbird-gd~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-gl\", rpm:\"mozilla-thunderbird-gl~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-he\", rpm:\"mozilla-thunderbird-he~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-hu\", rpm:\"mozilla-thunderbird-hu~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-id\", rpm:\"mozilla-thunderbird-id~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-is\", rpm:\"mozilla-thunderbird-is~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-it\", rpm:\"mozilla-thunderbird-it~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ja\", rpm:\"mozilla-thunderbird-ja~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ko\", rpm:\"mozilla-thunderbird-ko~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-lightning\", rpm:\"mozilla-thunderbird-lightning~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-lt\", rpm:\"mozilla-thunderbird-lt~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nb_NO\", rpm:\"mozilla-thunderbird-nb_NO~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nl\", rpm:\"mozilla-thunderbird-nl~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nn_NO\", rpm:\"mozilla-thunderbird-nn_NO~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pl\", rpm:\"mozilla-thunderbird-pl~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pt_BR\", rpm:\"mozilla-thunderbird-pt_BR~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pt_PT\", rpm:\"mozilla-thunderbird-pt_PT~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ro\", rpm:\"mozilla-thunderbird-ro~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ru\", rpm:\"mozilla-thunderbird-ru~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-si\", rpm:\"mozilla-thunderbird-si~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sk\", rpm:\"mozilla-thunderbird-sk~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sl\", rpm:\"mozilla-thunderbird-sl~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sq\", rpm:\"mozilla-thunderbird-sq~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sv_SE\", rpm:\"mozilla-thunderbird-sv_SE~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ta_LK\", rpm:\"mozilla-thunderbird-ta_LK~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-tr\", rpm:\"mozilla-thunderbird-tr~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-uk\", rpm:\"mozilla-thunderbird-uk~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-vi\", rpm:\"mozilla-thunderbird-vi~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-zh_CN\", rpm:\"mozilla-thunderbird-zh_CN~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-zh_TW\", rpm:\"mozilla-thunderbird-zh_TW~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nsinstall\", rpm:\"nsinstall~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.13.5~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-l10n\", rpm:\"firefox-l10n~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird\", rpm:\"mozilla-thunderbird~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.9.1~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.9.1~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.9.1~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.13.5~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.13.5~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.13.5~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner13.0\", rpm:\"lib64xulrunner13.0~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ka\", rpm:\"firefox-ka~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-oc\", rpm:\"firefox-oc~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.1.5~0.2mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-javadoc\", rpm:\"icedtea-web-javadoc~1.1.5~0.2mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.9.1~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.9.1~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.13.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.13.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.13.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner10.0.5\", rpm:\"libxulrunner10.0.5~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.13.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-l10n\", rpm:\"firefox-l10n~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.9.1~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.9.1~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.9.1~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.13.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.13.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.13.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner10.0.5\", rpm:\"lib64xulrunner10.0.5~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:57:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937"], "description": "Check for the Version of mozilla", "modified": "2018-01-01T00:00:00", "published": "2012-06-25T00:00:00", "id": "OPENVAS:831690", "href": "http://plugins.openvas.org/nasl.php?oid=831690", "type": "openvas", "title": "Mandriva Update for mozilla MDVSA-2012:088-1 (mozilla)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mozilla MDVSA-2012:088-1 (mozilla)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security issues were identified and fixed in mozilla firefox and\n thunderbird:\n\n Heap-based buffer overflow in the utf16_to_isolatin1 function in\n Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,\n Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and\n SeaMonkey before 2.10 allows remote attackers to execute arbitrary\n code via vectors that trigger a character-set conversion failure\n (CVE-2012-1947)\n\n Use-after-free vulnerability in the nsFrameList::FirstChild function\n in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,\n Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and\n SeaMonkey before 2.10 allows remote attackers to execute arbitrary code\n or cause a denial of service (heap memory corruption and application\n crash) by changing the size of a container of absolutely positioned\n elements in a column (CVE-2012-1940).\n\n Heap-based buffer overflow in the\n nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla\n Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird\n 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey\n before 2.10 allows remote attackers to execute arbitrary code by\n resizing a window displaying absolutely positioned and relatively\n positioned elements in nested columns (CVE-2012-1941).\n\n Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore\n function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before\n 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before\n 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to\n execute arbitrary code via document changes involving replacement or\n insertion of a node (CVE-2012-1946).\n\n Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,\n Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5,\n and SeaMonkey before 2.10 allow local users to obtain sensitive\n information via an HTML document that loads a shortcut (aka .lnk)\n file for display within an IFRAME element, as demonstrated by a\n network share implemented by (1) Microsoft Windows or (2) Samba\n (CVE-2012-1945).\n\n The Content Security Policy (CSP) implementation in Mozilla Firefox\n 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0\n through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey\n before 2.10 does not block inline event handlers, which makes it\n easier for remote attackers to conduct cross-site scripting (XSS)\n attacks via a crafted HTML document (CVE-2012-1944).\n\n Multiple unspecified vulnerabilities in the browser engine ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"mozilla on Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:088-1\");\n script_id(831690);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-25 09:58:08 +0530 (Mon, 25 Jun 2012)\");\n script_cve_id(\"CVE-2012-1947\", \"CVE-2012-1940\", \"CVE-2012-1941\", \"CVE-2012-1946\",\n \"CVE-2012-1945\", \"CVE-2012-1944\", \"CVE-2012-1938\", \"CVE-2012-1939\",\n \"CVE-2012-1937\", \"CVE-2011-3101\", \"CVE-2012-0441\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2012:088-1\");\n script_name(\"Mandriva Update for mozilla MDVSA-2012:088-1 (mozilla)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mozilla\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ka\", rpm:\"firefox-ka~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-oc\", rpm:\"firefox-oc~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.1.5~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-javadoc\", rpm:\"icedtea-web-javadoc~1.1.5~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.9.1~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.9.1~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.13.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.13.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.13.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner10.0.5\", rpm:\"libxulrunner10.0.5~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird\", rpm:\"mozilla-thunderbird~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ar\", rpm:\"mozilla-thunderbird-ar~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-be\", rpm:\"mozilla-thunderbird-be~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-bg\", rpm:\"mozilla-thunderbird-bg~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-bn_BD\", rpm:\"mozilla-thunderbird-bn_BD~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-br\", rpm:\"mozilla-thunderbird-br~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ca\", rpm:\"mozilla-thunderbird-ca~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-cs\", rpm:\"mozilla-thunderbird-cs~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-da\", rpm:\"mozilla-thunderbird-da~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-de\", rpm:\"mozilla-thunderbird-de~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-el\", rpm:\"mozilla-thunderbird-el~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-en_GB\", rpm:\"mozilla-thunderbird-en_GB~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail\", rpm:\"mozilla-thunderbird-enigmail~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ar\", rpm:\"mozilla-thunderbird-enigmail-ar~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ca\", rpm:\"mozilla-thunderbird-enigmail-ca~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-cs\", rpm:\"mozilla-thunderbird-enigmail-cs~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-de\", rpm:\"mozilla-thunderbird-enigmail-de~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-el\", rpm:\"mozilla-thunderbird-enigmail-el~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-es\", rpm:\"mozilla-thunderbird-enigmail-es~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-fi\", rpm:\"mozilla-thunderbird-enigmail-fi~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-fr\", rpm:\"mozilla-thunderbird-enigmail-fr~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-it\", rpm:\"mozilla-thunderbird-enigmail-it~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ja\", rpm:\"mozilla-thunderbird-enigmail-ja~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ko\", rpm:\"mozilla-thunderbird-enigmail-ko~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-nb\", rpm:\"mozilla-thunderbird-enigmail-nb~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-nl\", rpm:\"mozilla-thunderbird-enigmail-nl~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pl\", rpm:\"mozilla-thunderbird-enigmail-pl~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pt\", rpm:\"mozilla-thunderbird-enigmail-pt~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pt_BR\", rpm:\"mozilla-thunderbird-enigmail-pt_BR~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ru\", rpm:\"mozilla-thunderbird-enigmail-ru~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sl\", rpm:\"mozilla-thunderbird-enigmail-sl~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sv\", rpm:\"mozilla-thunderbird-enigmail-sv~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-tr\", rpm:\"mozilla-thunderbird-enigmail-tr~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-vi\", rpm:\"mozilla-thunderbird-enigmail-vi~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-zh_CN\", rpm:\"mozilla-thunderbird-enigmail-zh_CN~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-zh_TW\", rpm:\"mozilla-thunderbird-enigmail-zh_TW~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-es_AR\", rpm:\"mozilla-thunderbird-es_AR~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-es_ES\", rpm:\"mozilla-thunderbird-es_ES~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-et\", rpm:\"mozilla-thunderbird-et~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-eu\", rpm:\"mozilla-thunderbird-eu~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fi\", rpm:\"mozilla-thunderbird-fi~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fr\", rpm:\"mozilla-thunderbird-fr~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fy\", rpm:\"mozilla-thunderbird-fy~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ga\", rpm:\"mozilla-thunderbird-ga~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-gd\", rpm:\"mozilla-thunderbird-gd~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-gl\", rpm:\"mozilla-thunderbird-gl~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-he\", rpm:\"mozilla-thunderbird-he~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-hu\", rpm:\"mozilla-thunderbird-hu~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-id\", rpm:\"mozilla-thunderbird-id~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-is\", rpm:\"mozilla-thunderbird-is~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-it\", rpm:\"mozilla-thunderbird-it~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ja\", rpm:\"mozilla-thunderbird-ja~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ko\", rpm:\"mozilla-thunderbird-ko~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-lightning\", rpm:\"mozilla-thunderbird-lightning~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-lt\", rpm:\"mozilla-thunderbird-lt~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nb_NO\", rpm:\"mozilla-thunderbird-nb_NO~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nl\", rpm:\"mozilla-thunderbird-nl~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nn_NO\", rpm:\"mozilla-thunderbird-nn_NO~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pl\", rpm:\"mozilla-thunderbird-pl~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pt_BR\", rpm:\"mozilla-thunderbird-pt_BR~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pt_PT\", rpm:\"mozilla-thunderbird-pt_PT~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ro\", rpm:\"mozilla-thunderbird-ro~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ru\", rpm:\"mozilla-thunderbird-ru~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-si\", rpm:\"mozilla-thunderbird-si~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sk\", rpm:\"mozilla-thunderbird-sk~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sl\", rpm:\"mozilla-thunderbird-sl~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sq\", rpm:\"mozilla-thunderbird-sq~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sv_SE\", rpm:\"mozilla-thunderbird-sv_SE~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ta_LK\", rpm:\"mozilla-thunderbird-ta_LK~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-tr\", rpm:\"mozilla-thunderbird-tr~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-uk\", rpm:\"mozilla-thunderbird-uk~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-vi\", rpm:\"mozilla-thunderbird-vi~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-zh_CN\", rpm:\"mozilla-thunderbird-zh_CN~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-zh_TW\", rpm:\"mozilla-thunderbird-zh_TW~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nsinstall\", rpm:\"nsinstall~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.13.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-l10n\", rpm:\"firefox-l10n~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.9.1~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.9.1~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.9.1~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.13.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.13.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.13.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner10.0.5\", rpm:\"lib64xulrunner10.0.5~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2012-06-25T00:00:00", "id": "OPENVAS:1361412562310831690", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831690", "type": "openvas", "title": "Mandriva Update for mozilla MDVSA-2012:088-1 (mozilla)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mozilla MDVSA-2012:088-1 (mozilla)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:088-1\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831690\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-25 09:58:08 +0530 (Mon, 25 Jun 2012)\");\n script_cve_id(\"CVE-2012-1947\", \"CVE-2012-1940\", \"CVE-2012-1941\", \"CVE-2012-1946\",\n \"CVE-2012-1945\", \"CVE-2012-1944\", \"CVE-2012-1938\", \"CVE-2012-1939\",\n \"CVE-2012-1937\", \"CVE-2011-3101\", \"CVE-2012-0441\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2012:088-1\");\n script_name(\"Mandriva Update for mozilla MDVSA-2012:088-1 (mozilla)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mozilla'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_2010\\.1\");\n script_tag(name:\"affected\", value:\"mozilla on Mandriva Linux 2010.1\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Security issues were identified and fixed in mozilla firefox and\n thunderbird:\n\n Heap-based buffer overflow in the utf16_to_isolatin1 function in\n Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,\n Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and\n SeaMonkey before 2.10 allows remote attackers to execute arbitrary\n code via vectors that trigger a character-set conversion failure\n (CVE-2012-1947)\n\n Use-after-free vulnerability in the nsFrameList::FirstChild function\n in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,\n Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and\n SeaMonkey before 2.10 allows remote attackers to execute arbitrary code\n or cause a denial of service (heap memory corruption and application\n crash) by changing the size of a container of absolutely positioned\n elements in a column (CVE-2012-1940).\n\n Heap-based buffer overflow in the\n nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla\n Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird\n 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey\n before 2.10 allows remote attackers to execute arbitrary code by\n resizing a window displaying absolutely positioned and relatively\n positioned elements in nested columns (CVE-2012-1941).\n\n Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore\n function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before\n 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before\n 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to\n execute arbitrary code via document changes involving replacement or\n insertion of a node (CVE-2012-1946).\n\n Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,\n Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5,\n and SeaMonkey before 2.10 allow local users to obtain sensitive\n information via an HTML document that loads a shortcut (aka .lnk)\n file for display within an IFRAME element, as demonstrated by a\n network share implemented by (1) Microsoft Windows or (2) Samba\n (CVE-2012-1945).\n\n The Content Security Policy (CSP) implementation in Mozilla Firefox\n 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0\n through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey\n before 2.10 does not block inline event handlers, which makes it\n easier for remote attackers to conduct cross-site scripting (XSS)\n attacks via a crafted HTML document (CVE-2012-1944).\n\n Multiple unspecified vulnerabilities in the browser engine ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ka\", rpm:\"firefox-ka~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-oc\", rpm:\"firefox-oc~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.1.5~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-javadoc\", rpm:\"icedtea-web-javadoc~1.1.5~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.9.1~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.9.1~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.13.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.13.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.13.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner10.0.5\", rpm:\"libxulrunner10.0.5~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird\", rpm:\"mozilla-thunderbird~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ar\", rpm:\"mozilla-thunderbird-ar~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-be\", rpm:\"mozilla-thunderbird-be~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-bg\", rpm:\"mozilla-thunderbird-bg~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-bn_BD\", rpm:\"mozilla-thunderbird-bn_BD~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-br\", rpm:\"mozilla-thunderbird-br~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ca\", rpm:\"mozilla-thunderbird-ca~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-cs\", rpm:\"mozilla-thunderbird-cs~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-da\", rpm:\"mozilla-thunderbird-da~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-de\", rpm:\"mozilla-thunderbird-de~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-el\", rpm:\"mozilla-thunderbird-el~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-en_GB\", rpm:\"mozilla-thunderbird-en_GB~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail\", rpm:\"mozilla-thunderbird-enigmail~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ar\", rpm:\"mozilla-thunderbird-enigmail-ar~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ca\", rpm:\"mozilla-thunderbird-enigmail-ca~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-cs\", rpm:\"mozilla-thunderbird-enigmail-cs~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-de\", rpm:\"mozilla-thunderbird-enigmail-de~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-el\", rpm:\"mozilla-thunderbird-enigmail-el~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-es\", rpm:\"mozilla-thunderbird-enigmail-es~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-fi\", rpm:\"mozilla-thunderbird-enigmail-fi~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-fr\", rpm:\"mozilla-thunderbird-enigmail-fr~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-it\", rpm:\"mozilla-thunderbird-enigmail-it~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ja\", rpm:\"mozilla-thunderbird-enigmail-ja~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ko\", rpm:\"mozilla-thunderbird-enigmail-ko~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-nb\", rpm:\"mozilla-thunderbird-enigmail-nb~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-nl\", rpm:\"mozilla-thunderbird-enigmail-nl~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pl\", rpm:\"mozilla-thunderbird-enigmail-pl~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pt\", rpm:\"mozilla-thunderbird-enigmail-pt~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pt_BR\", rpm:\"mozilla-thunderbird-enigmail-pt_BR~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ru\", rpm:\"mozilla-thunderbird-enigmail-ru~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sl\", rpm:\"mozilla-thunderbird-enigmail-sl~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sv\", rpm:\"mozilla-thunderbird-enigmail-sv~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-tr\", rpm:\"mozilla-thunderbird-enigmail-tr~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-vi\", rpm:\"mozilla-thunderbird-enigmail-vi~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-zh_CN\", rpm:\"mozilla-thunderbird-enigmail-zh_CN~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-zh_TW\", rpm:\"mozilla-thunderbird-enigmail-zh_TW~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-es_AR\", rpm:\"mozilla-thunderbird-es_AR~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-es_ES\", rpm:\"mozilla-thunderbird-es_ES~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-et\", rpm:\"mozilla-thunderbird-et~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-eu\", rpm:\"mozilla-thunderbird-eu~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fi\", rpm:\"mozilla-thunderbird-fi~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fr\", rpm:\"mozilla-thunderbird-fr~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fy\", rpm:\"mozilla-thunderbird-fy~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ga\", rpm:\"mozilla-thunderbird-ga~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-gd\", rpm:\"mozilla-thunderbird-gd~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-gl\", rpm:\"mozilla-thunderbird-gl~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-he\", rpm:\"mozilla-thunderbird-he~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-hu\", rpm:\"mozilla-thunderbird-hu~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-id\", rpm:\"mozilla-thunderbird-id~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-is\", rpm:\"mozilla-thunderbird-is~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-it\", rpm:\"mozilla-thunderbird-it~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ja\", rpm:\"mozilla-thunderbird-ja~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ko\", rpm:\"mozilla-thunderbird-ko~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-lightning\", rpm:\"mozilla-thunderbird-lightning~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-lt\", rpm:\"mozilla-thunderbird-lt~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nb_NO\", rpm:\"mozilla-thunderbird-nb_NO~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nl\", rpm:\"mozilla-thunderbird-nl~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nn_NO\", rpm:\"mozilla-thunderbird-nn_NO~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pl\", rpm:\"mozilla-thunderbird-pl~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pt_BR\", rpm:\"mozilla-thunderbird-pt_BR~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pt_PT\", rpm:\"mozilla-thunderbird-pt_PT~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ro\", rpm:\"mozilla-thunderbird-ro~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ru\", rpm:\"mozilla-thunderbird-ru~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-si\", rpm:\"mozilla-thunderbird-si~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sk\", rpm:\"mozilla-thunderbird-sk~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sl\", rpm:\"mozilla-thunderbird-sl~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sq\", rpm:\"mozilla-thunderbird-sq~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sv_SE\", rpm:\"mozilla-thunderbird-sv_SE~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ta_LK\", rpm:\"mozilla-thunderbird-ta_LK~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-tr\", rpm:\"mozilla-thunderbird-tr~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-uk\", rpm:\"mozilla-thunderbird-uk~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-vi\", rpm:\"mozilla-thunderbird-vi~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-zh_CN\", rpm:\"mozilla-thunderbird-zh_CN~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-zh_TW\", rpm:\"mozilla-thunderbird-zh_TW~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nsinstall\", rpm:\"nsinstall~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.13.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-l10n\", rpm:\"firefox-l10n~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.9.1~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.9.1~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.9.1~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.13.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.13.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.13.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner10.0.5\", rpm:\"lib64xulrunner10.0.5~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~10.0.5~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:1361412562310831674", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831674", "type": "openvas", "title": "Mandriva Update for mozilla MDVSA-2012:088 (mozilla)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mozilla MDVSA-2012:088 (mozilla)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:088\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831674\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 10:00:40 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-1947\", \"CVE-2012-1940\", \"CVE-2012-1941\", \"CVE-2012-1946\",\n \"CVE-2012-1945\", \"CVE-2012-1944\", \"CVE-2012-1938\", \"CVE-2012-1939\",\n \"CVE-2012-1937\", \"CVE-2011-3101\", \"CVE-2012-0441\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2012:088\");\n script_name(\"Mandriva Update for mozilla MDVSA-2012:088 (mozilla)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mozilla'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|mes5\\.2)\");\n script_tag(name:\"affected\", value:\"mozilla on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Security issues were identified and fixed in mozilla firefox and\n thunderbird:\n\n Heap-based buffer overflow in the utf16_to_isolatin1 function in\n Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,\n Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and\n SeaMonkey before 2.10 allows remote attackers to execute arbitrary\n code via vectors that trigger a character-set conversion failure\n (CVE-2012-1947)\n\n Use-after-free vulnerability in the nsFrameList::FirstChild function\n in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,\n Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and\n SeaMonkey before 2.10 allows remote attackers to execute arbitrary code\n or cause a denial of service (heap memory corruption and application\n crash) by changing the size of a container of absolutely positioned\n elements in a column (CVE-2012-1940).\n\n Heap-based buffer overflow in the\n nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla\n Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird\n 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey\n before 2.10 allows remote attackers to execute arbitrary code by\n resizing a window displaying absolutely positioned and relatively\n positioned elements in nested columns (CVE-2012-1941).\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ast\", rpm:\"firefox-ast~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn_BD\", rpm:\"firefox-bn_BD~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn_IN\", rpm:\"firefox-bn_IN~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-br\", rpm:\"firefox-br~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bs\", rpm:\"firefox-bs~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_ZA\", rpm:\"firefox-en_ZA~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_CL\", rpm:\"firefox-es_CL~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_MX\", rpm:\"firefox-es_MX~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fa\", rpm:\"firefox-fa~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gd\", rpm:\"firefox-gd~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hr\", rpm:\"firefox-hr~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hy\", rpm:\"firefox-hy~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kk\", rpm:\"firefox-kk~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lg\", rpm:\"firefox-lg~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mai\", rpm:\"firefox-mai~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ml\", rpm:\"firefox-ml~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nso\", rpm:\"firefox-nso~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-or\", rpm:\"firefox-or~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ta\", rpm:\"firefox-ta~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ta_LK\", rpm:\"firefox-ta_LK~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-vi\", rpm:\"firefox-vi~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zu\", rpm:\"firefox-zu~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.1.5~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-javadoc\", rpm:\"icedtea-web-javadoc~1.1.5~0.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.9.1~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.9.1~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.13.5~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.13.5~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.13.5~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner13.0\", rpm:\"libxulrunner13.0~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird\", rpm:\"mozilla-thunderbird~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ar\", rpm:\"mozilla-thunderbird-ar~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-be\", rpm:\"mozilla-thunderbird-be~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-bg\", rpm:\"mozilla-thunderbird-bg~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-bn_BD\", rpm:\"mozilla-thunderbird-bn_BD~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-br\", rpm:\"mozilla-thunderbird-br~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ca\", rpm:\"mozilla-thunderbird-ca~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-cs\", rpm:\"mozilla-thunderbird-cs~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-da\", rpm:\"mozilla-thunderbird-da~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-de\", rpm:\"mozilla-thunderbird-de~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-el\", rpm:\"mozilla-thunderbird-el~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-en_GB\", rpm:\"mozilla-thunderbird-en_GB~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail\", rpm:\"mozilla-thunderbird-enigmail~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ar\", rpm:\"mozilla-thunderbird-enigmail-ar~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ca\", rpm:\"mozilla-thunderbird-enigmail-ca~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-cs\", rpm:\"mozilla-thunderbird-enigmail-cs~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-de\", rpm:\"mozilla-thunderbird-enigmail-de~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-el\", rpm:\"mozilla-thunderbird-enigmail-el~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-es\", rpm:\"mozilla-thunderbird-enigmail-es~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-fi\", rpm:\"mozilla-thunderbird-enigmail-fi~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-fr\", rpm:\"mozilla-thunderbird-enigmail-fr~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-it\", rpm:\"mozilla-thunderbird-enigmail-it~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ja\", rpm:\"mozilla-thunderbird-enigmail-ja~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ko\", rpm:\"mozilla-thunderbird-enigmail-ko~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-nb\", rpm:\"mozilla-thunderbird-enigmail-nb~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-nl\", rpm:\"mozilla-thunderbird-enigmail-nl~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pl\", rpm:\"mozilla-thunderbird-enigmail-pl~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pt\", rpm:\"mozilla-thunderbird-enigmail-pt~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pt_BR\", rpm:\"mozilla-thunderbird-enigmail-pt_BR~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ru\", rpm:\"mozilla-thunderbird-enigmail-ru~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sl\", rpm:\"mozilla-thunderbird-enigmail-sl~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sv\", rpm:\"mozilla-thunderbird-enigmail-sv~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-tr\", rpm:\"mozilla-thunderbird-enigmail-tr~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-vi\", rpm:\"mozilla-thunderbird-enigmail-vi~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-zh_CN\", rpm:\"mozilla-thunderbird-enigmail-zh_CN~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-zh_TW\", rpm:\"mozilla-thunderbird-enigmail-zh_TW~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-es_AR\", rpm:\"mozilla-thunderbird-es_AR~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-es_ES\", rpm:\"mozilla-thunderbird-es_ES~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-et\", rpm:\"mozilla-thunderbird-et~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-eu\", rpm:\"mozilla-thunderbird-eu~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fi\", rpm:\"mozilla-thunderbird-fi~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fr\", rpm:\"mozilla-thunderbird-fr~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fy\", rpm:\"mozilla-thunderbird-fy~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ga\", rpm:\"mozilla-thunderbird-ga~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-gd\", rpm:\"mozilla-thunderbird-gd~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-gl\", rpm:\"mozilla-thunderbird-gl~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-he\", rpm:\"mozilla-thunderbird-he~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-hu\", rpm:\"mozilla-thunderbird-hu~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-id\", rpm:\"mozilla-thunderbird-id~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-is\", rpm:\"mozilla-thunderbird-is~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-it\", rpm:\"mozilla-thunderbird-it~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ja\", rpm:\"mozilla-thunderbird-ja~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ko\", rpm:\"mozilla-thunderbird-ko~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-lightning\", rpm:\"mozilla-thunderbird-lightning~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-lt\", rpm:\"mozilla-thunderbird-lt~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nb_NO\", rpm:\"mozilla-thunderbird-nb_NO~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nl\", rpm:\"mozilla-thunderbird-nl~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nn_NO\", rpm:\"mozilla-thunderbird-nn_NO~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pl\", rpm:\"mozilla-thunderbird-pl~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pt_BR\", rpm:\"mozilla-thunderbird-pt_BR~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pt_PT\", rpm:\"mozilla-thunderbird-pt_PT~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ro\", rpm:\"mozilla-thunderbird-ro~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ru\", rpm:\"mozilla-thunderbird-ru~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-si\", rpm:\"mozilla-thunderbird-si~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sk\", rpm:\"mozilla-thunderbird-sk~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sl\", rpm:\"mozilla-thunderbird-sl~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sq\", rpm:\"mozilla-thunderbird-sq~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sv_SE\", rpm:\"mozilla-thunderbird-sv_SE~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ta_LK\", rpm:\"mozilla-thunderbird-ta_LK~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-tr\", rpm:\"mozilla-thunderbird-tr~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-uk\", rpm:\"mozilla-thunderbird-uk~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-vi\", rpm:\"mozilla-thunderbird-vi~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-zh_CN\", rpm:\"mozilla-thunderbird-zh_CN~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-zh_TW\", rpm:\"mozilla-thunderbird-zh_TW~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nsinstall\", rpm:\"nsinstall~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.13.5~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-l10n\", rpm:\"firefox-l10n~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird\", rpm:\"mozilla-thunderbird~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.9.1~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.9.1~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.9.1~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.13.5~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.13.5~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.13.5~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner13.0\", rpm:\"lib64xulrunner13.0~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~13.0~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ka\", rpm:\"firefox-ka~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-oc\", rpm:\"firefox-oc~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.1.5~0.2mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-javadoc\", rpm:\"icedtea-web-javadoc~1.1.5~0.2mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.9.1~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.9.1~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.13.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.13.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.13.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner10.0.5\", rpm:\"libxulrunner10.0.5~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.13.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-l10n\", rpm:\"firefox-l10n~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.9.1~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.9.1~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.9.1~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.13.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.13.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.13.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner10.0.5\", rpm:\"lib64xulrunner10.0.5~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~10.0.5~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-1947", "CVE-2012-1937"], "description": "The remote host is missing an update for the ", "modified": "2019-03-12T00:00:00", "published": "2012-06-08T00:00:00", "id": "OPENVAS:1361412562310870748", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870748", "type": "openvas", "title": "RedHat Update for firefox RHSA-2012:0710-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2012:0710-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-June/msg00001.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870748\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-08 10:11:30 +0530 (Fri, 08 Jun 2012)\");\n script_cve_id(\"CVE-2011-3101\", \"CVE-2012-1937\", \"CVE-2012-1938\", \"CVE-2012-1939\",\n \"CVE-2012-1940\", \"CVE-2012-1941\", \"CVE-2012-1944\", \"CVE-2012-1945\",\n \"CVE-2012-1946\", \"CVE-2012-1947\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:0710-01\");\n script_name(\"RedHat Update for firefox RHSA-2012:0710-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n script_tag(name:\"affected\", value:\"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939,\n CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1947)\n\n Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers\n with graphics cards that have hardware acceleration enabled.\n\n It was found that the Content Security Policy (CSP) implementation in\n Firefox no longer blocked Firefox inline event handlers. A remote attacker\n could use this flaw to possibly bypass a web application's intended\n restrictions, if that application relied on CSP to protect against flaws\n such as cross-site scripting (XSS). (CVE-2012-1944)\n\n If a web server hosted HTML files that are stored on a Microsoft Windows\n share, or a Samba share, loading such files with Firefox could result in\n Windows shortcut files (.lnk) in the same share also being loaded. An\n attacker could use this flaw to view the contents of local files and\n directories on the victim's system. This issue also affected users opening\n HTML files from Microsoft Windows shares, or Samba shares, that are mounted\n on their systems. (CVE-2012-1945)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 10.0.5 ESR. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Ken Russell of Google as the original reporter of\n CVE-2011-3101, Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman\n as the original reporters of CVE-2012-1937, Jesse Ruderman, Igor Bukanov,\n Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy as the\n original reporters of CVE-2012-1938, Christian Holler as the original\n reporter of CVE-2012-1939, security researcher Abhishek Arya of Google as\n the original reporter of CVE-2012-1940, CVE-2012-1941, and CVE-2012-1947,\n security researcher Arthur Gerkis as the original reporter of\n CVE-2012-1946, security researcher Adam Barth as the original reporter of\n CVE-2012-1944, and security researcher Paul Stone as the orig ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.5~1.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~10.0.5~1.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.5~1.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~10.0.5~1.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.5~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~10.0.5~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.5~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~10.0.5~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.5~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-1947", "CVE-2012-1937"], "description": "Oracle Linux Local Security Checks ELSA-2012-0710", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123912", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123912", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0710", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0710.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123912\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:10:12 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0710\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0710 - firefox security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0710\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0710.html\");\n script_cve_id(\"CVE-2011-3101\", \"CVE-2012-1937\", \"CVE-2012-1938\", \"CVE-2012-1939\", \"CVE-2012-1940\", \"CVE-2012-1941\", \"CVE-2012-1944\", \"CVE-2012-1945\", \"CVE-2012-1946\", \"CVE-2012-1947\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.5~1.0.1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.5~1.0.1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.5~1.0.1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.5~1.0.1.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.5~1.0.1.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.5~1.0.1.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-11T11:06:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-1947", "CVE-2012-1937"], "description": "Check for the Version of firefox", "modified": "2018-01-09T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:881109", "href": "http://plugins.openvas.org/nasl.php?oid=881109", "type": "openvas", "title": "CentOS Update for firefox CESA-2012:0710 centos5 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2012:0710 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939,\n CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1947)\n \n Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers\n with graphics cards that have hardware acceleration enabled.\n \n It was found that the Content Security Policy (CSP) implementation in\n Firefox no longer blocked Firefox inline event handlers. A remote attacker\n could use this flaw to possibly bypass a web application's intended\n restrictions, if that application relied on CSP to protect against flaws\n such as cross-site scripting (XSS). (CVE-2012-1944)\n \n If a web server hosted HTML files that are stored on a Microsoft Windows\n share, or a Samba share, loading such files with Firefox could result in\n Windows shortcut files (.lnk) in the same share also being loaded. An\n attacker could use this flaw to view the contents of local files and\n directories on the victim's system. This issue also affected users opening\n HTML files from Microsoft Windows shares, or Samba shares, that are mounted\n on their systems. (CVE-2012-1945)\n \n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 10.0.5 ESR. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n \n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Ken Russell of Google as the original reporter of\n CVE-2011-3101; Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman\n as the original reporters of CVE-2012-1937; Jesse Ruderman, Igor Bukanov,\n Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy as the\n original reporters of CVE-2012-1938; Christian Holler as the original\n reporter of CVE-2012-1939; security researcher Abhishek Arya of Google as\n the original reporter of CVE-2012-1940, CVE-2012-1941, and CVE-2012-1947;\n security researcher Arthur Gerkis as the original reporter of\n CVE-2012-1946; security researcher Adam Barth as the original reporter of\n CVE-2012-1944; and security researcher Paul Stone as the original reporter\n of CVE-2012-1945.\n \n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 10.0.5 ESR, which corrects these issues. After installing\n the update, Firefox must be restarted for the changes to take effect.\";\n\ntag_affected = \"firefox on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-June/018669.html\");\n script_id(881109);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:09:25 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3101\", \"CVE-2012-1937\", \"CVE-2012-1938\", \"CVE-2012-1939\",\n \"CVE-2012-1940\", \"CVE-2012-1941\", \"CVE-2012-1944\", \"CVE-2012-1945\",\n \"CVE-2012-1946\", \"CVE-2012-1947\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:0710\");\n script_name(\"CentOS Update for firefox CESA-2012:0710 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.5~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.5~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.5~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-1947", "CVE-2012-1937"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881109", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881109", "type": "openvas", "title": "CentOS Update for firefox CESA-2012:0710 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2012:0710 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-June/018669.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881109\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:09:25 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3101\", \"CVE-2012-1937\", \"CVE-2012-1938\", \"CVE-2012-1939\",\n \"CVE-2012-1940\", \"CVE-2012-1941\", \"CVE-2012-1944\", \"CVE-2012-1945\",\n \"CVE-2012-1946\", \"CVE-2012-1947\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:0710\");\n script_name(\"CentOS Update for firefox CESA-2012:0710 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939,\n CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1947)\n\n Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers\n with graphics cards that have hardware acceleration enabled.\n\n It was found that the Content Security Policy (CSP) implementation in\n Firefox no longer blocked Firefox inline event handlers. A remote attacker\n could use this flaw to possibly bypass a web application's intended\n restrictions, if that application relied on CSP to protect against flaws\n such as cross-site scripting (XSS). (CVE-2012-1944)\n\n If a web server hosted HTML files that are stored on a Microsoft Windows\n share, or a Samba share, loading such files with Firefox could result in\n Windows shortcut files (.lnk) in the same share also being loaded. An\n attacker could use this flaw to view the contents of local files and\n directories on the victim's system. This issue also affected users opening\n HTML files from Microsoft Windows shares, or Samba shares, that are mounted\n on their systems. (CVE-2012-1945)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 10.0.5 ESR. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Ken Russell of Google as the original reporter of\n CVE-2011-3101, Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman\n as the original reporters of CVE-2012-1937, Jesse Ruderman, Igor Bukanov,\n Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy as the\n original reporters of CVE-2012-1938, Christian Holler as the original\n reporter of CVE-2012-1939, security researcher Abhishek Arya of Google as\n the original reporter of CVE-2012-1940, CVE-2012-1941, and CVE-2012-1947,\n security researcher Arthur Gerkis as the original reporter of\n CVE-2012-1946, security researcher Adam Barth as the original reporter of\n CVE-2012-1944, and security researcher Paul Stone as the original reporter\n of CVE-2012-1945.\n\n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 10.0.5 ESR, which corrects these issues. After installing\n the update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.5~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.5~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.5~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-03T10:58:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-1947", "CVE-2012-1937"], "description": "Check for the Version of firefox", "modified": "2018-01-03T00:00:00", "published": "2012-06-08T00:00:00", "id": "OPENVAS:870748", "href": "http://plugins.openvas.org/nasl.php?oid=870748", "type": "openvas", "title": "RedHat Update for firefox RHSA-2012:0710-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2012:0710-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939,\n CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1947)\n\n Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers\n with graphics cards that have hardware acceleration enabled.\n\n It was found that the Content Security Policy (CSP) implementation in\n Firefox no longer blocked Firefox inline event handlers. A remote attacker\n could use this flaw to possibly bypass a web application's intended\n restrictions, if that application relied on CSP to protect against flaws\n such as cross-site scripting (XSS). (CVE-2012-1944)\n\n If a web server hosted HTML files that are stored on a Microsoft Windows\n share, or a Samba share, loading such files with Firefox could result in\n Windows shortcut files (.lnk) in the same share also being loaded. An\n attacker could use this flaw to view the contents of local files and\n directories on the victim's system. This issue also affected users opening\n HTML files from Microsoft Windows shares, or Samba shares, that are mounted\n on their systems. (CVE-2012-1945)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 10.0.5 ESR. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Ken Russell of Google as the original reporter of\n CVE-2011-3101; Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman\n as the original reporters of CVE-2012-1937; Jesse Ruderman, Igor Bukanov,\n Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy as the\n original reporters of CVE-2012-1938; Christian Holler as the original\n reporter of CVE-2012-1939; security researcher Abhishek Arya of Google as\n the original reporter of CVE-2012-1940, CVE-2012-1941, and CVE-2012-1947;\n security researcher Arthur Gerkis as the original reporter of\n CVE-2012-1946; security researcher Adam Barth as the original reporter of\n CVE-2012-1944; and security researcher Paul Stone as the orig ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-June/msg00001.html\");\n script_id(870748);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-08 10:11:30 +0530 (Fri, 08 Jun 2012)\");\n script_cve_id(\"CVE-2011-3101\", \"CVE-2012-1937\", \"CVE-2012-1938\", \"CVE-2012-1939\",\n \"CVE-2012-1940\", \"CVE-2012-1941\", \"CVE-2012-1944\", \"CVE-2012-1945\",\n \"CVE-2012-1946\", \"CVE-2012-1947\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:0710-01\");\n script_name(\"RedHat Update for firefox RHSA-2012:0710-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.5~1.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~10.0.5~1.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.5~1.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~10.0.5~1.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.5~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~10.0.5~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.5~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~10.0.5~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.5~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-11T11:06:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-1947", "CVE-2012-1937"], "description": "Check for the Version of firefox", "modified": "2018-01-10T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:881200", "href": "http://plugins.openvas.org/nasl.php?oid=881200", "type": "openvas", "title": "CentOS Update for firefox CESA-2012:0710 centos6 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2012:0710 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939,\n CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1947)\n \n Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers\n with graphics cards that have hardware acceleration enabled.\n \n It was found that the Content Security Policy (CSP) implementation in\n Firefox no longer blocked Firefox inline event handlers. A remote attacker\n could use this flaw to possibly bypass a web application's intended\n restrictions, if that application relied on CSP to protect against flaws\n such as cross-site scripting (XSS). (CVE-2012-1944)\n \n If a web server hosted HTML files that are stored on a Microsoft Windows\n share, or a Samba share, loading such files with Firefox could result in\n Windows shortcut files (.lnk) in the same share also being loaded. An\n attacker could use this flaw to view the contents of local files and\n directories on the victim's system. This issue also affected users opening\n HTML files from Microsoft Windows shares, or Samba shares, that are mounted\n on their systems. (CVE-2012-1945)\n \n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 10.0.5 ESR. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n \n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Ken Russell of Google as the original reporter of\n CVE-2011-3101; Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman\n as the original reporters of CVE-2012-1937; Jesse Ruderman, Igor Bukanov,\n Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy as the\n original reporters of CVE-2012-1938; Christian Holler as the original\n reporter of CVE-2012-1939; security researcher Abhishek Arya of Google as\n the original reporter of CVE-2012-1940, CVE-2012-1941, and CVE-2012-1947;\n security researcher Arthur Gerkis as the original reporter of\n CVE-2012-1946; security researcher Adam Barth as the original reporter of\n CVE-2012-1944; and security researcher Paul Stone as the original reporter\n of CVE-2012-1945.\n \n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 10.0.5 ESR, which corrects these issues. After installing\n the update, Firefox must be restarted for the changes to take effect.\";\n\ntag_affected = \"firefox on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-June/018668.html\");\n script_id(881200);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:41:12 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3101\", \"CVE-2012-1937\", \"CVE-2012-1938\", \"CVE-2012-1939\",\n \"CVE-2012-1940\", \"CVE-2012-1941\", \"CVE-2012-1944\", \"CVE-2012-1945\",\n \"CVE-2012-1946\", \"CVE-2012-1947\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:0710\");\n script_name(\"CentOS Update for firefox CESA-2012:0710 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.5~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.5~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.5~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:59", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-1947", "CVE-2012-1937"], "description": "firefox:\n[10.0.5-1.0.1.el6_2]\n- Replace firefox-redhat-default-prefs.js with firefox-oracle-default-prefs.js\n[10.0.5-1]\n- Update to 10.0.5 ESR\nxulrunner:\n[10.0.5-1.0.1.el6_2]\n- Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js\n[10.0.5-1]\n- Update to 10.0.5 ESR\n[10.0.4-2]\n- Added patch for mozbz#703633", "edition": 4, "modified": "2012-06-05T00:00:00", "published": "2012-06-05T00:00:00", "id": "ELSA-2012-0710", "href": "http://linux.oracle.com/errata/ELSA-2012-0710.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:01", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-1947", "CVE-2012-1937"], "description": "[10.0.5-2.0.1.el6_2]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n- Replace clean.gif in tarball\n[10.0.5-2]\n- Update to 10.0.5 ESR", "edition": 4, "modified": "2012-06-06T00:00:00", "published": "2012-06-06T00:00:00", "id": "ELSA-2012-0715", "href": "http://linux.oracle.com/errata/ELSA-2012-0715.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-08T23:42:42", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937"], "description": "USN-1463-1 fixed vulnerabilities in Firefox. This update provides the \ncorresponding fixes for Thunderbird.\n\nOriginal advisory details:\n\nJesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew \nMcCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory \nsafety issues affecting Firefox. If the user were tricked into opening a \nspecially crafted page, an attacker could possibly exploit these to cause a \ndenial of service via application crash, or potentially execute code with \nthe privileges of the user invoking Firefox. (CVE-2012-1937, CVE-2012-1938)\n\nIt was discovered that Mozilla's WebGL implementation exposed a bug in \ncertain NVIDIA graphics drivers. The impact of this issue has not been \ndisclosed at this time. (CVE-2011-3101)\n\nAdam Barth discovered that certain inline event handlers were not being \nblocked properly by the Content Security Policy's (CSP) inline-script \nblocking feature. Web applications relying on this feature of CSP to \nprotect against cross-site scripting (XSS) were not fully protected. With \ncross-site scripting vulnerabilities, if a user were tricked into viewing a \nspecially crafted page, a remote attacker could exploit this to modify the \ncontents, or steal confidential data, within the same domain. \n(CVE-2012-1944)\n\nPaul Stone discovered that a viewed HTML page hosted on a Windows or Samba \nshare could load Windows shortcut files (.lnk) in the same share. These \nshortcut files could then link to arbitrary locations on the local file \nsystem of the individual loading the HTML page. An attacker could \npotentially use this vulnerability to show the contents of these linked \nfiles or directories in an iframe, resulting in information disclosure. \n(CVE-2012-1945)\n\nArthur Gerkis discovered a use-after-free vulnerability while \nreplacing/inserting a node in a document. If the user were tricked into \nopening a specially crafted page, an attacker could possibly exploit this \nto cause a denial of service via application crash, or potentially execute \ncode with the privileges of the user invoking Firefox. (CVE-2012-1946)\n\nKaspar Brand discovered a vulnerability in how the Network Security \nServices (NSS) ASN.1 decoder handles zero length items. If the user were \ntricked into opening a specially crafted page, an attacker could possibly \nexploit this to cause a denial of service via application crash. \n(CVE-2012-0441)\n\nAbhishek Arya discovered two buffer overflow and one use-after-free \nvulnerabilities. If the user were tricked into opening a specially crafted \npage, an attacker could possibly exploit these to cause a denial of service \nvia application crash, or potentially execute code with the privileges of \nthe user invoking Firefox. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947)", "edition": 5, "modified": "2012-06-27T00:00:00", "published": "2012-06-27T00:00:00", "id": "USN-1463-6", "href": "https://ubuntu.com/security/notices/USN-1463-6", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:41:49", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937"], "description": "USN-1463-1 fixed vulnerabilities in Firefox. This update provides the \ncorresponding fixes for Thunderbird.\n\nOriginal advisory details:\n\nJesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew \nMcCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory \nsafety issues affecting Firefox. If the user were tricked into opening a \nspecially crafted page, an attacker could possibly exploit these to cause a \ndenial of service via application crash, or potentially execute code with \nthe privileges of the user invoking Firefox. (CVE-2012-1937, CVE-2012-1938)\n\nIt was discovered that Mozilla's WebGL implementation exposed a bug in \ncertain NVIDIA graphics drivers. The impact of this issue has not been \ndisclosed at this time. (CVE-2011-3101)\n\nAdam Barth discovered that certain inline event handlers were not being \nblocked properly by the Content Security Policy's (CSP) inline-script \nblocking feature. Web applications relying on this feature of CSP to \nprotect against cross-site scripting (XSS) were not fully protected. With \ncross-site scripting vulnerabilities, if a user were tricked into viewing a \nspecially crafted page, a remote attacker could exploit this to modify the \ncontents, or steal confidential data, within the same domain. \n(CVE-2012-1944)\n\nPaul Stone discovered that a viewed HTML page hosted on a Windows or Samba \nshare could load Windows shortcut files (.lnk) in the same share. These \nshortcut files could then link to arbitrary locations on the local file \nsystem of the individual loading the HTML page. An attacker could \npotentially use this vulnerability to show the contents of these linked \nfiles or directories in an iframe, resulting in information disclosure. \n(CVE-2012-1945)\n\nArthur Gerkis discovered a use-after-free vulnerability while \nreplacing/inserting a node in a document. If the user were tricked into \nopening a specially crafted page, an attacker could possibly exploit this \nto cause a denial of service via application crash, or potentially execute \ncode with the privileges of the user invoking Firefox. (CVE-2012-1946)\n\nKaspar Brand discovered a vulnerability in how the Network Security \nServices (NSS) ASN.1 decoder handles zero length items. If the user were \ntricked into opening a specially crafted page, an attacker could possibly \nexploit this to cause a denial of service via application crash. \n(CVE-2012-0441)\n\nAbhishek Arya discovered two buffer overflow and one use-after-free \nvulnerabilities. If the user were tricked into opening a specially crafted \npage, an attacker could possibly exploit these to cause a denial of service \nvia application crash, or potentially execute code with the privileges of \nthe user invoking Firefox. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947)", "edition": 5, "modified": "2012-06-22T00:00:00", "published": "2012-06-22T00:00:00", "id": "USN-1463-4", "href": "https://ubuntu.com/security/notices/USN-1463-4", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:33:13", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937"], "description": "USN-1463-1 fixed vulnerabilities in Firefox. The new package caused a \nregression in the rendering of Hebrew text and the ability of the Hotmail \ninbox to auto-update. This update fixes the problem.\n\nOriginal advisory details:\n\nJesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew \nMcCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory \nsafety issues affecting Firefox. If the user were tricked into opening a \nspecially crafted page, an attacker could possibly exploit these to cause a \ndenial of service via application crash, or potentially execute code with \nthe privileges of the user invoking Firefox. (CVE-2012-1937, CVE-2012-1938)\n\nIt was discovered that Mozilla's WebGL implementation exposed a bug in \ncertain NVIDIA graphics drivers. The impact of this issue has not been \ndisclosed at this time. (CVE-2011-3101)\n\nAdam Barth discovered that certain inline event handlers were not being \nblocked properly by the Content Security Policy's (CSP) inline-script \nblocking feature. Web applications relying on this feature of CSP to \nprotect against cross-site scripting (XSS) were not fully protected. With \ncross-site scripting vulnerabilities, if a user were tricked into viewing a \nspecially crafted page, a remote attacker could exploit this to modify the \ncontents, or steal confidential data, within the same domain. \n(CVE-2012-1944)\n\nPaul Stone discovered that a viewed HTML page hosted on a Windows or Samba \nshare could load Windows shortcut files (.lnk) in the same share. These \nshortcut files could then link to arbitrary locations on the local file \nsystem of the individual loading the HTML page. An attacker could \npotentially use this vulnerability to show the contents of these linked \nfiles or directories in an iframe, resulting in information disclosure. \n(CVE-2012-1945)\n\nArthur Gerkis discovered a use-after-free vulnerability while \nreplacing/inserting a node in a document. If the user were tricked into \nopening a specially crafted page, an attacker could possibly exploit this \nto cause a denial of service via application crash, or potentially execute \ncode with the privileges of the user invoking Firefox. (CVE-2012-1946)\n\nKaspar Brand discovered a vulnerability in how the Network Security \nServices (NSS) ASN.1 decoder handles zero length items. If the user were \ntricked into opening a specially crafted page, an attacker could possibly \nexploit this to cause a denial of service via application crash. \n(CVE-2012-0441)\n\nAbhishek Arya discovered two buffer overflow and one use-after-free \nvulnerabilities. If the user were tricked into opening a specially crafted \npage, an attacker could possibly exploit these to cause a denial of service \nvia application crash, or potentially execute code with the privileges of \nthe user invoking Firefox. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947)", "edition": 5, "modified": "2012-06-20T00:00:00", "published": "2012-06-20T00:00:00", "id": "USN-1463-3", "href": "https://ubuntu.com/security/notices/USN-1463-3", "title": "Firefox regressions", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:40:15", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937"], "description": "Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew \nMcCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory \nsafety issues affecting Firefox. If the user were tricked into opening a \nspecially crafted page, an attacker could possibly exploit these to cause a \ndenial of service via application crash, or potentially execute code with \nthe privileges of the user invoking Firefox. (CVE-2012-1937, CVE-2012-1938)\n\nIt was discovered that Mozilla's WebGL implementation exposed a bug in \ncertain NVIDIA graphics drivers. The impact of this issue has not been \ndisclosed at this time. (CVE-2011-3101)\n\nAdam Barth discovered that certain inline event handlers were not being \nblocked properly by the Content Security Policy's (CSP) inline-script \nblocking feature. Web applications relying on this feature of CSP to \nprotect against cross-site scripting (XSS) were not fully protected. With \ncross-site scripting vulnerabilities, if a user were tricked into viewing a \nspecially crafted page, a remote attacker could exploit this to modify the \ncontents or steal confidential data within the same domain. \n(CVE-2012-1944)\n\nPaul Stone discovered that a viewed HTML page hosted on a Windows or Samba \nshare could load Windows shortcut files (.lnk) in the same share. These \nshortcut files could then link to arbitrary locations on the local file \nsystem of the individual loading the HTML page. An attacker could \npotentially use this vulnerability to show the contents of these linked \nfiles or directories in an iframe, resulting in information disclosure. \n(CVE-2012-1945)\n\nArthur Gerkis discovered a use-after-free vulnerability while \nreplacing/inserting a node in a document. If the user were tricked into \nopening a specially crafted page, an attacker could possibly exploit this \nto cause a denial of service via application crash, or potentially execute \ncode with the privileges of the user invoking Firefox. (CVE-2012-1946)\n\nKaspar Brand discovered a vulnerability in how the Network Security \nServices (NSS) ASN.1 decoder handles zero length items. If the user were \ntricked into opening a specially crafted page, an attacker could possibly \nexploit this to cause a denial of service via application crash. \n(CVE-2012-0441)\n\nAbhishek Arya discovered two buffer overflow and one use-after-free \nvulnerabilities. If the user were tricked into opening a specially crafted \npage, an attacker could possibly exploit these to cause a denial of service \nvia application crash, or potentially execute code with the privileges of \nthe user invoking Firefox. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947)", "edition": 5, "modified": "2012-06-06T00:00:00", "published": "2012-06-06T00:00:00", "id": "USN-1463-1", "href": "https://ubuntu.com/security/notices/USN-1463-1", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:28:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-3105", "CVE-2012-1947", "CVE-2012-1937"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0715\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content. Malicious\ncontent could cause Thunderbird to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Thunderbird. (CVE-2011-3101,\nCVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941,\nCVE-2012-1946, CVE-2012-1947)\n\nNote: CVE-2011-3101 only affected users of certain NVIDIA display drivers\nwith graphics cards that have hardware acceleration enabled.\n\nIt was found that the Content Security Policy (CSP) implementation in\nThunderbird no longer blocked Thunderbird inline event handlers. Malicious\ncontent could possibly bypass intended restrictions if that content relied\non CSP to protect against flaws such as cross-site scripting (XSS).\n(CVE-2012-1944)\n\nIf a web server hosted content that is stored on a Microsoft Windows share,\nor a Samba share, loading such content with Thunderbird could result in\nWindows shortcut files (.lnk) in the same share also being loaded. An\nattacker could use this flaw to view the contents of local files and\ndirectories on the victim's system. This issue also affected users opening\ncontent from Microsoft Windows shares, or Samba shares, that are mounted\non their systems. (CVE-2012-1945)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Ken Russell of Google as the original reporter of\nCVE-2011-3101; Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman\nas the original reporters of CVE-2012-1937; Jesse Ruderman, Igor Bukanov,\nBill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy as the\noriginal reporters of CVE-2012-1938; Christian Holler as the original\nreporter of CVE-2012-1939; security researcher Abhishek Arya of Google as\nthe original reporter of CVE-2012-1940, CVE-2012-1941, and CVE-2012-1947;\nsecurity researcher Arthur Gerkis as the original reporter of\nCVE-2012-1946; security researcher Adam Barth as the original reporter of\nCVE-2012-1944; and security researcher Paul Stone as the original reporter\nof CVE-2012-1945.\n\nNote: None of the issues in this advisory can be exploited by a\nspecially-crafted HTML mail message as JavaScript is disabled by default\nfor mail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 10.0.5 ESR, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-June/030709.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-June/030710.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2012-0715.html", "edition": 5, "modified": "2012-06-07T12:44:35", "published": "2012-06-07T09:01:37", "href": "http://lists.centos.org/pipermail/centos-announce/2012-June/030709.html", "id": "CESA-2012:0715", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:28:39", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-3105", "CVE-2012-1947", "CVE-2012-1937"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0710\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939,\nCVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1947)\n\nNote: CVE-2011-3101 only affected users of certain NVIDIA display drivers\nwith graphics cards that have hardware acceleration enabled.\n\nIt was found that the Content Security Policy (CSP) implementation in\nFirefox no longer blocked Firefox inline event handlers. A remote attacker\ncould use this flaw to possibly bypass a web application's intended\nrestrictions, if that application relied on CSP to protect against flaws\nsuch as cross-site scripting (XSS). (CVE-2012-1944)\n\nIf a web server hosted HTML files that are stored on a Microsoft Windows\nshare, or a Samba share, loading such files with Firefox could result in\nWindows shortcut files (.lnk) in the same share also being loaded. An\nattacker could use this flaw to view the contents of local files and\ndirectories on the victim's system. This issue also affected users opening\nHTML files from Microsoft Windows shares, or Samba shares, that are mounted\non their systems. (CVE-2012-1945)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 10.0.5 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Ken Russell of Google as the original reporter of\nCVE-2011-3101; Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman\nas the original reporters of CVE-2012-1937; Jesse Ruderman, Igor Bukanov,\nBill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy as the\noriginal reporters of CVE-2012-1938; Christian Holler as the original\nreporter of CVE-2012-1939; security researcher Abhishek Arya of Google as\nthe original reporter of CVE-2012-1940, CVE-2012-1941, and CVE-2012-1947;\nsecurity researcher Arthur Gerkis as the original reporter of\nCVE-2012-1946; security researcher Adam Barth as the original reporter of\nCVE-2012-1944; and security researcher Paul Stone as the original reporter\nof CVE-2012-1945.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 10.0.5 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-June/030706.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-June/030707.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2012-0710.html", "edition": 5, "modified": "2012-06-06T14:01:28", "published": "2012-06-06T13:06:53", "href": "http://lists.centos.org/pipermail/centos-announce/2012-June/030706.html", "id": "CESA-2012:0710", "title": "firefox, xulrunner security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-12-11T13:31:42", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3101", "CVE-2012-1937", "CVE-2012-1938", "CVE-2012-1939", "CVE-2012-1940", "CVE-2012-1941", "CVE-2012-1944", "CVE-2012-1945", "CVE-2012-1946", "CVE-2012-1947", "CVE-2012-3105"], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939,\nCVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1947)\n\nNote: CVE-2011-3101 only affected users of certain NVIDIA display drivers\nwith graphics cards that have hardware acceleration enabled.\n\nIt was found that the Content Security Policy (CSP) implementation in\nFirefox no longer blocked Firefox inline event handlers. A remote attacker\ncould use this flaw to possibly bypass a web application's intended\nrestrictions, if that application relied on CSP to protect against flaws\nsuch as cross-site scripting (XSS). (CVE-2012-1944)\n\nIf a web server hosted HTML files that are stored on a Microsoft Windows\nshare, or a Samba share, loading such files with Firefox could result in\nWindows shortcut files (.lnk) in the same share also being loaded. An\nattacker could use this flaw to view the contents of local files and\ndirectories on the victim's system. This issue also affected users opening\nHTML files from Microsoft Windows shares, or Samba shares, that are mounted\non their systems. (CVE-2012-1945)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 10.0.5 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Ken Russell of Google as the original reporter of\nCVE-2011-3101; Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman\nas the original reporters of CVE-2012-1937; Jesse Ruderman, Igor Bukanov,\nBill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy as the\noriginal reporters of CVE-2012-1938; Christian Holler as the original\nreporter of CVE-2012-1939; security researcher Abhishek Arya of Google as\nthe original reporter of CVE-2012-1940, CVE-2012-1941, and CVE-2012-1947;\nsecurity researcher Arthur Gerkis as the original reporter of\nCVE-2012-1946; security researcher Adam Barth as the original reporter of\nCVE-2012-1944; and security researcher Paul Stone as the original reporter\nof CVE-2012-1945.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 10.0.5 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "modified": "2018-06-06T20:24:05", "published": "2012-06-05T04:00:00", "id": "RHSA-2012:0710", "href": "https://access.redhat.com/errata/RHSA-2012:0710", "type": "redhat", "title": "(RHSA-2012:0710) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:31:28", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3101", "CVE-2012-1937", "CVE-2012-1938", "CVE-2012-1939", "CVE-2012-1940", "CVE-2012-1941", "CVE-2012-1944", "CVE-2012-1945", "CVE-2012-1946", "CVE-2012-1947", "CVE-2012-3105"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content. Malicious\ncontent could cause Thunderbird to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Thunderbird. (CVE-2011-3101,\nCVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941,\nCVE-2012-1946, CVE-2012-1947)\n\nNote: CVE-2011-3101 only affected users of certain NVIDIA display drivers\nwith graphics cards that have hardware acceleration enabled.\n\nIt was found that the Content Security Policy (CSP) implementation in\nThunderbird no longer blocked Thunderbird inline event handlers. Malicious\ncontent could possibly bypass intended restrictions if that content relied\non CSP to protect against flaws such as cross-site scripting (XSS).\n(CVE-2012-1944)\n\nIf a web server hosted content that is stored on a Microsoft Windows share,\nor a Samba share, loading such content with Thunderbird could result in\nWindows shortcut files (.lnk) in the same share also being loaded. An\nattacker could use this flaw to view the contents of local files and\ndirectories on the victim's system. This issue also affected users opening\ncontent from Microsoft Windows shares, or Samba shares, that are mounted\non their systems. (CVE-2012-1945)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Ken Russell of Google as the original reporter of\nCVE-2011-3101; Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman\nas the original reporters of CVE-2012-1937; Jesse Ruderman, Igor Bukanov,\nBill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy as the\noriginal reporters of CVE-2012-1938; Christian Holler as the original\nreporter of CVE-2012-1939; security researcher Abhishek Arya of Google as\nthe original reporter of CVE-2012-1940, CVE-2012-1941, and CVE-2012-1947;\nsecurity researcher Arthur Gerkis as the original reporter of\nCVE-2012-1946; security researcher Adam Barth as the original reporter of\nCVE-2012-1944; and security researcher Paul Stone as the original reporter\nof CVE-2012-1945.\n\nNote: None of the issues in this advisory can be exploited by a\nspecially-crafted HTML mail message as JavaScript is disabled by default\nfor mail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 10.0.5 ESR, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.\n", "modified": "2018-06-06T20:24:18", "published": "2012-06-06T04:00:00", "id": "RHSA-2012:0715", "href": "https://access.redhat.com/errata/RHSA-2012:0715", "type": "redhat", "title": "(RHSA-2012:0715) Critical: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2021-02-02T05:51:05", "description": "Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors. NOTE: see CVE-2012-3105 for the related MFSA 2012-34 issue in Mozilla products.", "edition": 6, "cvss3": {}, "published": "2012-05-16T00:55:00", "title": "CVE-2011-3101", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3101"], "modified": "2017-12-29T02:29:00", "cpe": ["cpe:/a:google:chrome:19.0.1084.45"], "id": "CVE-2011-3101", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3101", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:google:chrome:19.0.1084.45:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:48", "description": "The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context.", "edition": 4, "cvss3": {}, "published": "2012-06-05T23:55:00", "title": "CVE-2012-1942", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1942"], "modified": "2017-12-29T02:29:00", "cpe": ["cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:firefox:12.0", "cpe:/a:mozilla:thunderbird:12.0"], "id": "CVE-2012-1942", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1942", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:seamonkey:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:12.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:48", "description": "jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted JavaScript code.", "edition": 4, "cvss3": {}, "published": "2012-06-05T23:55:00", "title": "CVE-2012-1939", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1939"], "modified": "2017-12-29T02:29:00", "cpe": ["cpe:/a:mozilla:firefox_esr:10.0.4", "cpe:/a:mozilla:firefox_esr:10.0.2", "cpe:/a:mozilla:firefox_esr:10.0.3", "cpe:/a:mozilla:firefox_esr:10.0.1", "cpe:/a:mozilla:thunderbird_esr:10.0", "cpe:/a:mozilla:thunderbird_esr:10.0.4", "cpe:/a:mozilla:firefox_esr:10.0", "cpe:/a:mozilla:thunderbird_esr:10.0.3", "cpe:/a:mozilla:thunderbird_esr:10.0.2", "cpe:/a:mozilla:thunderbird_esr:10.0.1"], "id": "CVE-2012-1939", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1939", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.3:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:48", "description": "Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns.", "edition": 6, "cvss3": {}, "published": "2012-06-05T23:55:00", "title": "CVE-2012-1941", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1941"], "modified": "2017-12-29T02:29:00", "cpe": ["cpe:/a:mozilla:thunderbird:11.0", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:firefox_esr:10.0.4", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:2.7.1", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:thunderbird:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:thunderbird:7.0", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:firefox_esr:10.0.2", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:seamonkey:2.4.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:seamonkey:2.8", "cpe:/a:mozilla:thunderbird:10.0.4", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:seamonkey:2.7.2", "cpe:/a:mozilla:thunderbird:10.0", "cpe:/a:mozilla:firefox_esr:10.0.3", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:thunderbird_esr:10.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:seamonkey:2.6", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:thunderbird_esr:10.0.4", "cpe:/a:mozilla:firefox_esr:10.0", "cpe:/a:mozilla:thunderbird:9.0.1", "cpe:/a:mozilla:thunderbird:9.0", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:seamonkey:2.5", "cpe:/a:mozilla:thunderbird:7.0.1", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:thunderbird:6.0", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:seamonkey:2.7", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:10.0.2", "cpe:/a:mozilla:thunderbird:8.0", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:firefox:12.0", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:6.0.1", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:thunderbird_esr:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:thunderbird:12.0", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:thunderbird_esr:10.0.2", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:seamonkey:2.6.1", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2012-1941", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1941", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:12.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:48", "description": "Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via document changes involving replacement or insertion of a node.", "edition": 6, "cvss3": {}, "published": "2012-06-05T23:55:00", "title": "CVE-2012-1946", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1946"], "modified": "2017-12-29T02:29:00", "cpe": ["cpe:/a:mozilla:thunderbird:11.0", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:firefox_esr:10.0.4", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:2.7.1", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:thunderbird:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:thunderbird:7.0", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:firefox_esr:10.0.2", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:seamonkey:2.4.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:seamonkey:2.8", "cpe:/a:mozilla:thunderbird:10.0.4", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:seamonkey:2.7.2", "cpe:/a:mozilla:thunderbird:10.0", "cpe:/a:mozilla:firefox_esr:10.0.3", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:thunderbird_esr:10.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:seamonkey:2.6", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:thunderbird_esr:10.0.4", "cpe:/a:mozilla:firefox_esr:10.0", "cpe:/a:mozilla:thunderbird:9.0.1", "cpe:/a:mozilla:thunderbird:9.0", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:seamonkey:2.5", "cpe:/a:mozilla:thunderbird:7.0.1", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:thunderbird:6.0", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:seamonkey:2.7", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:10.0.2", "cpe:/a:mozilla:thunderbird:8.0", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:firefox:12.0", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:6.0.1", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:thunderbird_esr:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:thunderbird:12.0", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:thunderbird_esr:10.0.2", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:seamonkey:2.6.1", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2012-1946", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1946", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:12.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:48", "description": "Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column.", "edition": 6, "cvss3": {}, "published": "2012-06-05T23:55:00", "title": "CVE-2012-1940", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1940"], "modified": "2018-01-05T02:29:00", "cpe": ["cpe:/a:mozilla:thunderbird:11.0", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:firefox_esr:10.0.4", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:2.7.1", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:thunderbird:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:thunderbird:7.0", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:firefox_esr:10.0.2", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:seamonkey:2.4.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:seamonkey:2.8", "cpe:/a:mozilla:thunderbird:10.0.4", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:seamonkey:2.7.2", "cpe:/a:mozilla:thunderbird:10.0", "cpe:/a:mozilla:firefox_esr:10.0.3", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:thunderbird_esr:10.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:seamonkey:2.6", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:thunderbird_esr:10.0.4", "cpe:/a:mozilla:firefox_esr:10.0", "cpe:/a:mozilla:thunderbird:9.0.1", "cpe:/a:mozilla:thunderbird:9.0", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:seamonkey:2.5", "cpe:/a:mozilla:thunderbird:7.0.1", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:thunderbird:6.0", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:seamonkey:2.7", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:10.0.2", "cpe:/a:mozilla:thunderbird:8.0", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:firefox:12.0", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:6.0.1", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:thunderbird_esr:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:thunderbird:12.0", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:thunderbird_esr:10.0.2", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:seamonkey:2.6.1", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2012-1940", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1940", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:12.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:44", "description": "The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response.", "edition": 6, "cvss3": {}, "published": "2012-06-05T23:55:00", "title": "CVE-2012-0441", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0441"], "modified": "2018-01-18T02:29:00", "cpe": ["cpe:/a:mozilla:thunderbird:11.0", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:firefox_esr:10.0.4", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:2.7.1", "cpe:/a:mozilla:network_security_services:3.4.2", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:thunderbird:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:network_security_services:3.6.1", "cpe:/a:mozilla:thunderbird:7.0", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:network_security_services:3.7.7", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:firefox_esr:10.0.2", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:network_security_services:3.3", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:seamonkey:2.4.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:seamonkey:2.8", "cpe:/a:mozilla:thunderbird:10.0.4", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:seamonkey:2.7.2", "cpe:/a:mozilla:thunderbird:10.0", "cpe:/a:mozilla:network_security_services:3.12.2", "cpe:/a:mozilla:firefox_esr:10.0.3", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:network_security_services:3.7.3", "cpe:/a:mozilla:firefox_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:network_security_services:3.8", "cpe:/a:mozilla:network_security_services:3.12", "cpe:/a:mozilla:thunderbird:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:network_security_services:3.2.1", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:network_security_services:3.2", "cpe:/a:mozilla:network_security_services:3.7.5", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:network_security_services:3.7.2", "cpe:/a:mozilla:thunderbird_esr:10.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:network_security_services:3.11.2", "cpe:/a:mozilla:seamonkey:2.6", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:thunderbird_esr:10.0.4", "cpe:/a:mozilla:firefox_esr:10.0", "cpe:/a:mozilla:thunderbird:9.0.1", "cpe:/a:mozilla:thunderbird:9.0", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:seamonkey:2.5", "cpe:/a:mozilla:thunderbird:7.0.1", "cpe:/a:mozilla:network_security_services:3.11.3", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:thunderbird:6.0", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:seamonkey:2.7", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:network_security_services:3.9", "cpe:/a:mozilla:thunderbird:10.0.2", "cpe:/a:mozilla:thunderbird:8.0", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:firefox:12.0", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:network_security_services:3.12.1", "cpe:/a:mozilla:thunderbird:6.0.1", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:thunderbird_esr:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:network_security_services:3.3.2", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:network_security_services:3.12.3", "cpe:/a:mozilla:thunderbird:12.0", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:thunderbird_esr:10.0.2", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:network_security_services:3.6", "cpe:/a:mozilla:network_security_services:3.7.1", "cpe:/a:mozilla:network_security_services:3.4.1", "cpe:/a:mozilla:network_security_services:3.3.1", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:seamonkey:2.6.1", "cpe:/a:mozilla:network_security_services:3.11.5", "cpe:/a:mozilla:network_security_services:3.4", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird_esr:10.0.1", "cpe:/a:mozilla:network_security_services:3.11.4", "cpe:/a:mozilla:network_security_services:3.5", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:network_security_services:3.7", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2012-0441", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0441", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:12.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:48", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "edition": 6, "cvss3": {}, "published": "2012-06-05T23:55:00", "title": "CVE-2012-1937", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1937"], "modified": "2018-01-05T02:29:00", "cpe": ["cpe:/a:mozilla:thunderbird:11.0", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:firefox_esr:10.0.4", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:2.7.1", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:thunderbird:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:thunderbird:7.0", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:firefox_esr:10.0.2", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:seamonkey:2.4.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:seamonkey:2.8", "cpe:/a:mozilla:thunderbird:10.0.4", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:seamonkey:2.7.2", "cpe:/a:mozilla:thunderbird:10.0", "cpe:/a:mozilla:firefox_esr:10.0.3", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:thunderbird_esr:10.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:seamonkey:2.6", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:thunderbird_esr:10.0.4", "cpe:/a:mozilla:firefox_esr:10.0", "cpe:/a:mozilla:thunderbird:9.0.1", "cpe:/a:mozilla:thunderbird:9.0", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:seamonkey:2.5", "cpe:/a:mozilla:thunderbird:7.0.1", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:thunderbird:6.0", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:seamonkey:2.7", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:10.0.2", "cpe:/a:mozilla:thunderbird:8.0", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:firefox:12.0", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:6.0.1", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:thunderbird_esr:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:thunderbird:12.0", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:thunderbird_esr:10.0.2", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:seamonkey:2.6.1", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2012-1937", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1937", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:12.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:48", "description": "Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure.", "edition": 6, "cvss3": {}, "published": "2012-06-05T23:55:00", "title": "CVE-2012-1947", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1947"], "modified": "2018-01-05T02:29:00", "cpe": ["cpe:/a:mozilla:thunderbird:11.0", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:firefox_esr:10.0.4", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:2.7.1", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:thunderbird:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:thunderbird:7.0", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:firefox_esr:10.0.2", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:seamonkey:2.4.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:seamonkey:2.8", "cpe:/a:mozilla:thunderbird:10.0.4", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:seamonkey:2.7.2", "cpe:/a:mozilla:thunderbird:10.0", "cpe:/a:mozilla:firefox_esr:10.0.3", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:thunderbird_esr:10.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:seamonkey:2.6", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:thunderbird_esr:10.0.4", "cpe:/a:mozilla:firefox_esr:10.0", "cpe:/a:mozilla:thunderbird:9.0.1", "cpe:/a:mozilla:thunderbird:9.0", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:seamonkey:2.5", "cpe:/a:mozilla:thunderbird:7.0.1", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:thunderbird:6.0", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:seamonkey:2.7", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:10.0.2", "cpe:/a:mozilla:thunderbird:8.0", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:firefox:12.0", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:6.0.1", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:thunderbird_esr:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:thunderbird:12.0", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:thunderbird_esr:10.0.2", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:seamonkey:2.6.1", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2012-1947", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1947", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:12.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:48", "description": "Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory.\nhttp://cwe.mitre.org/data/definitions/426.html\r\n\r\n'CWE-426: Untrusted Search Path'", "edition": 4, "cvss3": {}, "published": "2012-06-05T23:55:00", "title": "CVE-2012-1943", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1943"], "modified": "2017-12-29T02:29:00", "cpe": ["cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:firefox:12.0", "cpe:/a:mozilla:thunderbird:12.0"], "id": "CVE-2012-1943", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1943", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:seamonkey:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:12.0:*:*:*:*:*:*:*"]}], "mozilla": [{"lastseen": "2016-09-05T13:37:43", "bulletinFamily": "software", "cvelist": ["CVE-2012-1940", "CVE-2012-1941", "CVE-2012-1947"], "edition": 1, "description": "Security researcher Abhishek Arya of Google used the Address\nSanitizer tool to uncover several issues: two heap buffer overflow bugs and a\nuse-after-free problem. The first heap buffer overflow was found in conversion\nfrom unicode to native character sets when the function fails. The\nuse-after-free occurs in nsFrameList when working with column layout with\nabsolute positioning in a container that changes size. The second buffer\noverflow occurs in nsHTMLReflowState when a window is resized on a page with\nnested columns and a combination of absolute and relative positioning. All three\nof these issues are potentially exploitable.", "modified": "2012-06-05T00:00:00", "published": "2012-06-05T00:00:00", "id": "MFSA2012-40", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2012-40/", "type": "mozilla", "title": "Buffer overflow and use-after-free issues found using Address Sanitizer", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:17:37", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1940", "CVE-2012-1939", "CVE-2012-1937"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2499-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nJune 24, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-1937 CVE-2012-1939 CVE-2012-1940\n\nSeveral vulnerabilities have been discovered in icedove, the Debian\nversion of the Mozilla Thunderbird mail/news client. There were\nmiscellaneous memory safety hazards (CVE-2012-1937, CVE-2012-1939) and\na use-after-free issues (CVE-2012-1940).\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 3.0.11-1+squeeze11.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2012-06-24T11:34:30", "published": "2012-06-24T11:34:30", "id": "DEBIAN:DSA-2499-1:C79EB", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00138.html", "title": "[SECURITY] [DSA 2499-1] icedove security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:21:30", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1940", "CVE-2012-1947", "CVE-2012-1937"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2489-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nJune 7, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceape\nVulnerability : several vulnerabilities\nProblem type : local (remote)\nDebian-specific: no\nCVE ID : CVE-2012-1937 CVE-2012-1940 CVE-2012-1947\n\nSeveral vulnerabilities have been found in the Iceape internet suite,\nan unbranded version of Seamonkey.\n\nCVE-2012-1937\n\n Mozilla developers discovered several memory corruption bugs,\n which may lead to the execution of arbitrary code.\n\nCVE-2012-1940\n\n Abhishek Arya discovered a use-after-free problem when working\n with column layout with absolute positioning in a container that\n changes size, which may lead to the execution of arbitrary code.\n\nCVE-2012-1947\n\n Abhishek Arya discovered a heap buffer overflow in utf16 to latin1\n character set conersion, allowing to execute arbitray code.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-13.\n\nFor the testing distribution (wheezy) and unstable distribution (sid),\nthis problem will be fixed soon.\n\nWe recommend that you upgrade your iceape packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "modified": "2012-06-07T20:59:42", "published": "2012-06-07T20:59:42", "id": "DEBIAN:DSA-2489-1:91C90", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00128.html", "title": "[SECURITY] [DSA 2489-1] iceape security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:17:06", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1940", "CVE-2012-1947", "CVE-2012-1937"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2488-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nJune 7, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceweasel\nVulnerability : several vulnerabilities\nProblem type : local (remote)\nDebian-specific: no\nCVE ID : CVE-2012-1937 CVE-2012-1940 CVE-2012-1947\n\nSeveral vulnerabilities have been discovered in Iceweasel, a web\nbrowser based on Firefox. The included XULRunner library provides\nrendering services for several other applications included in Debian.\n\nCVE-2012-1937\n\n Mozilla developers discovered several memory corruption bugs,\n which may lead to the execution of arbitrary code.\n\nCVE-2012-1940\n\n Abhishek Arya discovered a use-after-free problem when working\n with column layout with absolute positioning in a container that\n changes size, which may lead to the execution of arbitrary code.\n\nCVE-2012-1947\n\n Abhishek Arya discovered a heap buffer overflow in utf16 to latin1\n character set conersion, allowing to execute arbitray code.\n\n\nNote: We'd like to advise users of Iceweasel's 3.5 branch in Debian\nstable to consider to upgrade to the Iceweasel 10.0 ESR (Extended\nSupport Release) which is now availble in Debian Backports.\nAlthough Debian will continue to support Iceweasel 3.5 in stable with\nsecurity updates, this can only be done on a best effort base as\nupstream provides no such support anymore. On top of that, the 10.0\nbranch adds proactive security features to the browser.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-16.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 10.0.5esr-1.\n\nWe recommend that you upgrade your iceweasel packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2012-06-07T21:00:03", "published": "2012-06-07T21:00:03", "id": "DEBIAN:DSA-2488-1:66B15", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00130.html", "title": "[SECURITY] [DSA 2488-1] iceweasel security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}