Search...

Ubuntu 11.04 : Firefox vulnerabilities (USN-1121-1)

2011-06-13T00:00:00

ID UBUNTU_USN-1121-1.NASL
Type nessus
Reporter Tenable
Modified 2018-12-01T00:00:00

Description

Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted Mielczarek discovered multiple memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. (CVE-2011-0079)

It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0081)

It was discovered that Firefox incorrectly handled certain JavaScript requests. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0069)

Ian Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0070)

Chris Evans discovered a vulnerability in Firefox's XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable. (CVE-2011-1202).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1121-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# &lt;http://www.ubuntu.com/usn/&gt;. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(55079);
  script_version("1.9");
  script_cvs_date("Date: 2018/12/01 13:19:06");

  script_cve_id("CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0079", "CVE-2011-0081", "CVE-2011-1202");
  script_xref(name:"USN", value:"1121-1");

  script_name(english:"Ubuntu 11.04 : Firefox vulnerabilities (USN-1121-1)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted
Mielczarek discovered multiple memory vulnerabilities. An attacker
could exploit these to possibly run arbitrary code as the user running
Firefox. (CVE-2011-0079)

It was discovered that there was a vulnerability in the memory
handling of certain types of content. An attacker could exploit this
to possibly run arbitrary code as the user running Firefox.
(CVE-2011-0081)

It was discovered that Firefox incorrectly handled certain JavaScript
requests. An attacker could exploit this to possibly run arbitrary
code as the user running Firefox. (CVE-2011-0069)

Ian Beer discovered a vulnerability in the memory handling of a
certain types of documents. An attacker could exploit this to possibly
run arbitrary code as the user running Firefox. (CVE-2011-0070)

Chris Evans discovered a vulnerability in Firefox's XSLT generate-id()
function. An attacker could possibly use this vulnerability to make
other attacks more reliable. (CVE-2011-1202).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1121-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected firefox package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/04/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2011-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(11\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 11.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" &gt;!&lt; cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"11.04", pkgname:"firefox", pkgver:"4.0.1+build1+nobinonly-0ubuntu0.11.04.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
}

JSON Vulners Source

Initial Source

{"id": "UBUNTU_USN-1121-1.NASL", "bulletinFamily": "scanner", "title": "Ubuntu 11.04 : Firefox vulnerabilities (USN-1121-1)", "description": "Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted\nMielczarek discovered multiple memory vulnerabilities. An attacker\ncould exploit these to possibly run arbitrary code as the user running\nFirefox. (CVE-2011-0079)\n\nIt was discovered that there was a vulnerability in the memory\nhandling of certain types of content. An attacker could exploit this\nto possibly run arbitrary code as the user running Firefox.\n(CVE-2011-0081)\n\nIt was discovered that Firefox incorrectly handled certain JavaScript\nrequests. An attacker could exploit this to possibly run arbitrary\ncode as the user running Firefox. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a\ncertain types of documents. An attacker could exploit this to possibly\nrun arbitrary code as the user running Firefox. (CVE-2011-0070)\n\nChris Evans discovered a vulnerability in Firefox's XSLT generate-id()\nfunction. An attacker could possibly use this vulnerability to make\nother attacks more reliable. (CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2011-06-13T00:00:00", "modified": "2018-12-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=55079", "reporter": "Tenable", "references": ["https://usn.ubuntu.com/1121-1/"], "cvelist": ["CVE-2011-1202", "CVE-2011-0079", "CVE-2011-0081", "CVE-2011-0069", "CVE-2011-0070"], "type": "nessus", "lastseen": "2019-01-16T20:12:14", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:11.04"], "cvelist": ["CVE-2011-1202", "CVE-2011-0079", "CVE-2011-0081", "CVE-2011-0069", "CVE-2011-0070"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted Mielczarek discovered multiple memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. (CVE-2011-0079)\n\nIt was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Firefox.\n(CVE-2011-0081)\n\nIt was discovered that Firefox incorrectly handled certain JavaScript requests. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0070)\n\nChris Evans discovered a vulnerability in Firefox's XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable. (CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "e0da402de79a7d6b226b6762428f93e624e19b462c888391bb6c7d4e71d4ff5c", "hashmap": [{"hash": "b0a397f141671597a37360a5d26afe6a", "key": "title"}, {"hash": "59e03ecff29206653ec659ef4a59dd46", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2d3f952747fdbe3d04ecf90aa87daaa2", "key": "pluginID"}, {"hash": "0c521a03b3c95a121239238d19d73c91", "key": "href"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "0075fb7b3a7bd5c2ce2662e710a1f0ec", "key": "description"}, {"hash": "48fd31fa33a883748133861e9e61bc0e", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f5f9e526f94b59bbc9026f5b07b6ef78", "key": "modified"}, {"hash": "2e24c1ca2ade180540cc0adf637e9b7f", "key": "cpe"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "cfe2302920fab54db679548d41500c5e", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=55079", "id": "UBUNTU_USN-1121-1.NASL", "lastseen": "2018-09-01T23:51:37", "modified": "2016-05-27T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "55079", "published": "2011-06-13T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1121-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55079);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/05/27 14:13:23 $\");\n\n script_cve_id(\"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0079\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_xref(name:\"USN\", value:\"1121-1\");\n\n script_name(english:\"Ubuntu 11.04 : Firefox vulnerabilities (USN-1121-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted\nMielczarek discovered multiple memory vulnerabilities. An attacker\ncould exploit these to possibly run arbitrary code as the user running\nFirefox. (CVE-2011-0079)\n\nIt was discovered that there was a vulnerability in the memory\nhandling of certain types of content. An attacker could exploit this\nto possibly run arbitrary code as the user running Firefox.\n(CVE-2011-0081)\n\nIt was discovered that Firefox incorrectly handled certain JavaScript\nrequests. An attacker could exploit this to possibly run arbitrary\ncode as the user running Firefox. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a\ncertain types of documents. An attacker could exploit this to possibly\nrun arbitrary code as the user running Firefox. (CVE-2011-0070)\n\nChris Evans discovered a vulnerability in Firefox's XSLT generate-id()\nfunction. An attacker could possibly use this vulnerability to make\nother attacks more reliable. (CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2016 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"firefox\", pkgver:\"4.0.1+build1+nobinonly-0ubuntu0.11.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "title": "Ubuntu 11.04 : Firefox vulnerabilities (USN-1121-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["references", "modified", "sourceData"], "edition": 4, "lastseen": "2018-09-01T23:51:37"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:11.04"], "cvelist": ["CVE-2011-1202", "CVE-2011-0079", "CVE-2011-0081", "CVE-2011-0069", "CVE-2011-0070"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted Mielczarek discovered multiple memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. (CVE-2011-0079)\n\nIt was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Firefox.\n(CVE-2011-0081)\n\nIt was discovered that Firefox incorrectly handled certain JavaScript requests. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0070)\n\nChris Evans discovered a vulnerability in Firefox's XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable. (CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "ab4c2cb38154af41de5c0c261d1c5ce7097d5115d9101cd858ca3774f59adf7d", "hashmap": [{"hash": "b0a397f141671597a37360a5d26afe6a", "key": "title"}, {"hash": "59e03ecff29206653ec659ef4a59dd46", "key": "published"}, {"hash": "0223d080d57cee30bdbc2cacbdbaee4e", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2d3f952747fdbe3d04ecf90aa87daaa2", "key": "pluginID"}, {"hash": "0c521a03b3c95a121239238d19d73c91", "key": "href"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "0075fb7b3a7bd5c2ce2662e710a1f0ec", "key": "description"}, {"hash": "48fd31fa33a883748133861e9e61bc0e", "key": "cvelist"}, {"hash": "0b7bc3d628637c0ff555114c533a3dda", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "5b7a6b6192424dd7d48c80ecf53d4dcc", "key": "references"}, {"hash": "2e24c1ca2ade180540cc0adf637e9b7f", "key": "cpe"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=55079", "id": "UBUNTU_USN-1121-1.NASL", "lastseen": "2018-12-02T15:35:27", "modified": "2018-12-01T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "55079", "published": "2011-06-13T00:00:00", "references": ["https://usn.ubuntu.com/1121-1/"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1121-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55079);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/12/01 13:19:06\");\n\n script_cve_id(\"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0079\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_xref(name:\"USN\", value:\"1121-1\");\n\n script_name(english:\"Ubuntu 11.04 : Firefox vulnerabilities (USN-1121-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted\nMielczarek discovered multiple memory vulnerabilities. An attacker\ncould exploit these to possibly run arbitrary code as the user running\nFirefox. (CVE-2011-0079)\n\nIt was discovered that there was a vulnerability in the memory\nhandling of certain types of content. An attacker could exploit this\nto possibly run arbitrary code as the user running Firefox.\n(CVE-2011-0081)\n\nIt was discovered that Firefox incorrectly handled certain JavaScript\nrequests. An attacker could exploit this to possibly run arbitrary\ncode as the user running Firefox. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a\ncertain types of documents. An attacker could exploit this to possibly\nrun arbitrary code as the user running Firefox. (CVE-2011-0070)\n\nChris Evans discovered a vulnerability in Firefox's XSLT generate-id()\nfunction. An attacker could possibly use this vulnerability to make\nother attacks more reliable. (CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1121-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"firefox\", pkgver:\"4.0.1+build1+nobinonly-0ubuntu0.11.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "title": "Ubuntu 11.04 : Firefox vulnerabilities (USN-1121-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-12-02T15:35:27"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:11.04"], "cvelist": ["CVE-2011-1202", "CVE-2011-0079", "CVE-2011-0081", "CVE-2011-0069", "CVE-2011-0070"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted Mielczarek discovered multiple memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. (CVE-2011-0079)\n\nIt was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Firefox.\n(CVE-2011-0081)\n\nIt was discovered that Firefox incorrectly handled certain JavaScript requests. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0070)\n\nChris Evans discovered a vulnerability in Firefox's XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable. (CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "1c91d176f970500318785d0e46604e8c06a3a74112478ea3976236d640feedab", "hashmap": [{"hash": "b0a397f141671597a37360a5d26afe6a", "key": "title"}, {"hash": "59e03ecff29206653ec659ef4a59dd46", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2d3f952747fdbe3d04ecf90aa87daaa2", "key": "pluginID"}, {"hash": "0c521a03b3c95a121239238d19d73c91", "key": "href"}, {"hash": "0075fb7b3a7bd5c2ce2662e710a1f0ec", "key": "description"}, {"hash": "48fd31fa33a883748133861e9e61bc0e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f5f9e526f94b59bbc9026f5b07b6ef78", "key": "modified"}, {"hash": "2e24c1ca2ade180540cc0adf637e9b7f", "key": "cpe"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "cfe2302920fab54db679548d41500c5e", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=55079", "id": "UBUNTU_USN-1121-1.NASL", "lastseen": "2018-08-30T19:45:58", "modified": "2016-05-27T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "55079", "published": "2011-06-13T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1121-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55079);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/05/27 14:13:23 $\");\n\n script_cve_id(\"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0079\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_xref(name:\"USN\", value:\"1121-1\");\n\n script_name(english:\"Ubuntu 11.04 : Firefox vulnerabilities (USN-1121-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted\nMielczarek discovered multiple memory vulnerabilities. An attacker\ncould exploit these to possibly run arbitrary code as the user running\nFirefox. (CVE-2011-0079)\n\nIt was discovered that there was a vulnerability in the memory\nhandling of certain types of content. An attacker could exploit this\nto possibly run arbitrary code as the user running Firefox.\n(CVE-2011-0081)\n\nIt was discovered that Firefox incorrectly handled certain JavaScript\nrequests. An attacker could exploit this to possibly run arbitrary\ncode as the user running Firefox. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a\ncertain types of documents. An attacker could exploit this to possibly\nrun arbitrary code as the user running Firefox. (CVE-2011-0070)\n\nChris Evans discovered a vulnerability in Firefox's XSLT generate-id()\nfunction. An attacker could possibly use this vulnerability to make\nother attacks more reliable. (CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2016 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"firefox\", pkgver:\"4.0.1+build1+nobinonly-0ubuntu0.11.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "title": "Ubuntu 11.04 : Firefox vulnerabilities (USN-1121-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:45:58"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:11.04"], "cvelist": ["CVE-2011-1202", "CVE-2011-0079", "CVE-2011-0081", "CVE-2011-0069", "CVE-2011-0070"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted Mielczarek discovered multiple memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. (CVE-2011-0079)\n\nIt was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Firefox.\n(CVE-2011-0081)\n\nIt was discovered that Firefox incorrectly handled certain JavaScript requests. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0070)\n\nChris Evans discovered a vulnerability in Firefox's XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable. (CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "e0da402de79a7d6b226b6762428f93e624e19b462c888391bb6c7d4e71d4ff5c", "hashmap": [{"hash": "b0a397f141671597a37360a5d26afe6a", "key": "title"}, {"hash": "59e03ecff29206653ec659ef4a59dd46", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2d3f952747fdbe3d04ecf90aa87daaa2", "key": "pluginID"}, {"hash": "0c521a03b3c95a121239238d19d73c91", "key": "href"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "0075fb7b3a7bd5c2ce2662e710a1f0ec", "key": "description"}, {"hash": "48fd31fa33a883748133861e9e61bc0e", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f5f9e526f94b59bbc9026f5b07b6ef78", "key": "modified"}, {"hash": "2e24c1ca2ade180540cc0adf637e9b7f", "key": "cpe"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "cfe2302920fab54db679548d41500c5e", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=55079", "id": "UBUNTU_USN-1121-1.NASL", "lastseen": "2017-10-29T13:39:51", "modified": "2016-05-27T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "55079", "published": "2011-06-13T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1121-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55079);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/05/27 14:13:23 $\");\n\n script_cve_id(\"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0079\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_xref(name:\"USN\", value:\"1121-1\");\n\n script_name(english:\"Ubuntu 11.04 : Firefox vulnerabilities (USN-1121-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted\nMielczarek discovered multiple memory vulnerabilities. An attacker\ncould exploit these to possibly run arbitrary code as the user running\nFirefox. (CVE-2011-0079)\n\nIt was discovered that there was a vulnerability in the memory\nhandling of certain types of content. An attacker could exploit this\nto possibly run arbitrary code as the user running Firefox.\n(CVE-2011-0081)\n\nIt was discovered that Firefox incorrectly handled certain JavaScript\nrequests. An attacker could exploit this to possibly run arbitrary\ncode as the user running Firefox. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a\ncertain types of documents. An attacker could exploit this to possibly\nrun arbitrary code as the user running Firefox. (CVE-2011-0070)\n\nChris Evans discovered a vulnerability in Firefox's XSLT generate-id()\nfunction. An attacker could possibly use this vulnerability to make\nother attacks more reliable. (CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2016 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"firefox\", pkgver:\"4.0.1+build1+nobinonly-0ubuntu0.11.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "title": "Ubuntu 11.04 : Firefox vulnerabilities (USN-1121-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:39:51"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2011-1202", "CVE-2011-0079", "CVE-2011-0081", "CVE-2011-0069", "CVE-2011-0070"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted Mielczarek discovered multiple memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. (CVE-2011-0079)\n\nIt was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Firefox.\n(CVE-2011-0081)\n\nIt was discovered that Firefox incorrectly handled certain JavaScript requests. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0070)\n\nChris Evans discovered a vulnerability in Firefox's XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable. (CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {}, "hash": "eece81927ecaa71a4e1551291fa82c89844363e63b345d399770b4a20e5dd174", "hashmap": [{"hash": "b0a397f141671597a37360a5d26afe6a", "key": "title"}, {"hash": "59e03ecff29206653ec659ef4a59dd46", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2d3f952747fdbe3d04ecf90aa87daaa2", "key": "pluginID"}, {"hash": "0c521a03b3c95a121239238d19d73c91", "key": "href"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "0075fb7b3a7bd5c2ce2662e710a1f0ec", "key": "description"}, {"hash": "48fd31fa33a883748133861e9e61bc0e", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f5f9e526f94b59bbc9026f5b07b6ef78", "key": "modified"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "cfe2302920fab54db679548d41500c5e", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=55079", "id": "UBUNTU_USN-1121-1.NASL", "lastseen": "2016-09-26T17:25:06", "modified": "2016-05-27T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.2", "pluginID": "55079", "published": "2011-06-13T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1121-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55079);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/05/27 14:13:23 $\");\n\n script_cve_id(\"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0079\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_xref(name:\"USN\", value:\"1121-1\");\n\n script_name(english:\"Ubuntu 11.04 : Firefox vulnerabilities (USN-1121-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted\nMielczarek discovered multiple memory vulnerabilities. An attacker\ncould exploit these to possibly run arbitrary code as the user running\nFirefox. (CVE-2011-0079)\n\nIt was discovered that there was a vulnerability in the memory\nhandling of certain types of content. An attacker could exploit this\nto possibly run arbitrary code as the user running Firefox.\n(CVE-2011-0081)\n\nIt was discovered that Firefox incorrectly handled certain JavaScript\nrequests. An attacker could exploit this to possibly run arbitrary\ncode as the user running Firefox. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a\ncertain types of documents. An attacker could exploit this to possibly\nrun arbitrary code as the user running Firefox. (CVE-2011-0070)\n\nChris Evans discovered a vulnerability in Firefox's XSLT generate-id()\nfunction. An attacker could possibly use this vulnerability to make\nother attacks more reliable. (CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2016 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"firefox\", pkgver:\"4.0.1+build1+nobinonly-0ubuntu0.11.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "title": "Ubuntu 11.04 : Firefox vulnerabilities (USN-1121-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:06"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "2e24c1ca2ade180540cc0adf637e9b7f"}, {"key": "cvelist", "hash": "48fd31fa33a883748133861e9e61bc0e"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "af3654b8d1b53921a083f487c89a3cbc"}, {"key": "href", "hash": "0c521a03b3c95a121239238d19d73c91"}, {"key": "modified", "hash": "0b7bc3d628637c0ff555114c533a3dda"}, {"key": "naslFamily", "hash": "c9b7d00377a789a14c9bb9dab6c7168c"}, {"key": "pluginID", "hash": "2d3f952747fdbe3d04ecf90aa87daaa2"}, {"key": "published", "hash": "59e03ecff29206653ec659ef4a59dd46"}, {"key": "references", "hash": "5b7a6b6192424dd7d48c80ecf53d4dcc"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "0223d080d57cee30bdbc2cacbdbaee4e"}, {"key": "title", "hash": "b0a397f141671597a37360a5d26afe6a"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "6551d41c34d1d70876faf495fd5fdd4f004163b7f5120cb141ad7bf54d79bad9", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:840635", "OPENVAS:1361412562310840635", "OPENVAS:801884", "OPENVAS:1361412562310801884", "OPENVAS:1361412562310801886", "OPENVAS:801886", "OPENVAS:1361412562310801887", "OPENVAS:1361412562310850166", "OPENVAS:850166", "OPENVAS:69590"]}, {"type": "ubuntu", "idList": ["USN-1121-1", "USN-1112-1", "USN-1122-3", "USN-1122-1", "USN-1122-2"]}, {"type": "cve", "idList": ["CVE-2011-0070", "CVE-2011-0081", "CVE-2011-0079", "CVE-2011-1202", "CVE-2011-0069"]}, {"type": "nessus", "idList": ["MOZILLA_FIREFOX_401.NASL", "SUSE_11_4_MOZILLAFIREFOX-110429.NASL", "SUSE_11_3_MOZILLATHUNDERBIRD-110429.NASL", "SUSE_11_2_MOZILLATHUNDERBIRD-110429.NASL", "SUSE_11_4_MOZILLATHUNDERBIRD-110429.NASL", "SUSE_11_3_SEAMONKEY-110429.NASL", "MANDRIVA_MDVSA-2011-080.NASL", "SUSE_11_2_SEAMONKEY-110429.NASL", "SUSE_11_4_SEAMONKEY-110429.NASL", "MOZILLA_THUNDERBIRD_3110.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:26237", "SECURITYVULNS:VULN:11633", "SECURITYVULNS:DOC:26243"]}, {"type": "suse", "idList": ["SUSE-SA:2011:022"]}, {"type": "mozilla", "idList": ["MFSA2011-18"]}, {"type": "centos", "idList": ["CESA-2011:0471"]}, {"type": "redhat", "idList": ["RHSA-2011:0471", "RHSA-2011:0475"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0471", "ELSA-2011-0475"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2228-1:3272E"]}], "modified": "2019-01-16T20:12:14"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1121-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55079);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/12/01 13:19:06\");\n\n script_cve_id(\"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0079\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_xref(name:\"USN\", value:\"1121-1\");\n\n script_name(english:\"Ubuntu 11.04 : Firefox vulnerabilities (USN-1121-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted\nMielczarek discovered multiple memory vulnerabilities. An attacker\ncould exploit these to possibly run arbitrary code as the user running\nFirefox. (CVE-2011-0079)\n\nIt was discovered that there was a vulnerability in the memory\nhandling of certain types of content. An attacker could exploit this\nto possibly run arbitrary code as the user running Firefox.\n(CVE-2011-0081)\n\nIt was discovered that Firefox incorrectly handled certain JavaScript\nrequests. An attacker could exploit this to possibly run arbitrary\ncode as the user running Firefox. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a\ncertain types of documents. An attacker could exploit this to possibly\nrun arbitrary code as the user running Firefox. (CVE-2011-0070)\n\nChris Evans discovered a vulnerability in Firefox's XSLT generate-id()\nfunction. An attacker could possibly use this vulnerability to make\nother attacks more reliable. (CVE-2011-1202).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1121-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"firefox\", pkgver:\"4.0.1+build1+nobinonly-0ubuntu0.11.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "naslFamily": "Ubuntu Local Security Checks", "pluginID": "55079", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:11.04"]}

{"openvas": [{"lastseen": "2017-12-04T11:26:31", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1121-1", "modified": "2017-12-01T00:00:00", "published": "2011-05-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840635", "id": "OPENVAS:840635", "title": "Ubuntu Update for firefox USN-1121-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1121_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for firefox USN-1121-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted Mielczarek\n discovered multiple memory vulnerabilities. An attacker could exploit these\n to possibly run arbitrary code as the user running Firefox. (CVE-2011-0079)\n\n It was discovered that there was a vulnerability in the memory handling of\n certain types of content. An attacker could exploit this to possibly run\n arbitrary code as the user running Firefox. (CVE-2011-0081)\n \n It was discovered that Firefox incorrectly handled certain JavaScript\n requests. An attacker could exploit this to possibly run arbitrary code as\n the user running Firefox. (CVE-2011-0069)\n \n Ian Beer discovered a vulnerability in the memory handling of a certain\n types of documents. An attacker could exploit this to possibly run\n arbitrary code as the user running Firefox. (CVE-2011-0070)\n \n Chris Evans discovered a vulnerability in Firefox's XSLT generate-id()\n function. An attacker could possibly use this vulnerability to make other\n attacks more reliable. (CVE-2011-1202)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1121-1\";\ntag_affected = \"firefox on Ubuntu 11.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1121-1/\");\n script_id(840635);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1121-1\");\n script_cve_id(\"CVE-2011-0079\", \"CVE-2011-0081\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-1202\");\n script_name(\"Ubuntu Update for firefox USN-1121-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"4.0.1+build1+nobinonly-0ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:03:59", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1121-1", "modified": "2018-08-17T00:00:00", "published": "2011-05-10T00:00:00", "id": "OPENVAS:1361412562310840635", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840635", "title": "Ubuntu Update for firefox USN-1121-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1121_1.nasl 11037 2018-08-17 11:51:16Z cfischer $\n#\n# Ubuntu Update for firefox USN-1121-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1121-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840635\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1121-1\");\n script_cve_id(\"CVE-2011-0079\", \"CVE-2011-0081\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-1202\");\n script_name(\"Ubuntu Update for firefox USN-1121-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.04\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1121-1\");\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 11.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted Mielczarek\n discovered multiple memory vulnerabilities. An attacker could exploit these\n to possibly run arbitrary code as the user running Firefox. (CVE-2011-0079)\n\n It was discovered that there was a vulnerability in the memory handling of\n certain types of content. An attacker could exploit this to possibly run\n arbitrary code as the user running Firefox. (CVE-2011-0081)\n\n It was discovered that Firefox incorrectly handled certain JavaScript\n requests. An attacker could exploit this to possibly run arbitrary code as\n the user running Firefox. (CVE-2011-0069)\n\n Ian Beer discovered a vulnerability in the memory handling of a certain\n types of documents. An attacker could exploit this to possibly run\n arbitrary code as the user running Firefox. (CVE-2011-0070)\n\n Chris Evans discovered a vulnerability in Firefox's XSLT generate-id()\n function. An attacker could possibly use this vulnerability to make other\n attacks more reliable. (CVE-2011-1202)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"4.0.1+build1+nobinonly-0ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:44:27", "bulletinFamily": "scanner", "description": "The host is installed with Mozilla Firefox, Seamonkey or Thunderbird and is\n prone to multiple vulnerabilities.", "modified": "2018-10-20T00:00:00", "published": "2011-05-18T00:00:00", "id": "OPENVAS:1361412562310801884", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801884", "title": "Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_prdts_mult_vuln_win01_may11.nasl 11997 2018-10-20 11:59:41Z mmartin $\n#\n# Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 01\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801884\");\n script_version(\"$Revision: 11997 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-20 13:59:41 +0200 (Sat, 20 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-18 15:37:30 +0200 (Wed, 18 May 2011)\");\n script_cve_id(\"CVE-2011-0069\", \"CVE-2011-0070\");\n script_bugtraq_id(47656, 47654);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 01\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/44357/\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2011/1127\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-12.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\", \"gb_seamonkey_detect_win.nasl\",\n \"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed\");\n script_tag(name:\"impact\", value:\"Successful exploitation will let remote attackers to execute arbitrary code\n or cause a denial of service.\");\n script_tag(name:\"affected\", value:\"SeaMonkey versions before 2.0.14.\n Thunderbird version before 3.1.10\n Mozilla Firefox versions 3.5.x before 3.5.19, 3.6.x before 3.6.17,\n and 4.x before 4.0.1\");\n script_tag(name:\"insight\", value:\"The flaws are due to multiple Unspecified errors in the browser engine\n allows remote attackers to cause a denial of service or possibly execute\n arbitrary code via unknown vectors.\");\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla Firefox, Seamonkey or Thunderbird and is\n prone to multiple vulnerabilities.\");\n script_tag(name:\"solution\", value:\"Upgrade to Firefox version 3.5.19, 3.6.17, 4.0.1 or later,\n Upgrade to Seamonkey version 2.0.14 or later,\n Upgrade to Thunderbird version 3.1.10 or later.\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/firefox/all.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/en-US/thunderbird/\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/projects/seamonkey/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(ffVer)\n{\n if(version_is_less(version:ffVer, test_version:\"3.5.19\") ||\n version_in_range(version:ffVer, test_version:\"3.6.0\", test_version2:\"3.6.16\") ||\n version_in_range(version:ffVer, test_version:\"4.0\", test_version2:\"4.0.b12\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\nsmVer = get_kb_item(\"Seamonkey/Win/Ver\");\nif(smVer != NULL)\n{\n if(version_is_less(version:smVer, test_version:\"2.0.14\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\ntbVer = get_kb_item(\"Thunderbird/Win/Ver\");\nif(tbVer != NULL)\n{\n if(version_is_less(version:tbVer, test_version:\"3.1.10\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-04T14:20:10", "bulletinFamily": "scanner", "description": "The host is installed with Mozilla Firefox, Seamonkey or Thunderbird and is\n prone to multiple vulnerabilities.", "modified": "2017-09-01T00:00:00", "published": "2011-05-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=801884", "id": "OPENVAS:801884", "title": "Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_prdts_mult_vuln_win01_may11.nasl 7044 2017-09-01 11:50:59Z teissa $\n#\n# Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 01\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Upgrade to Firefox version 3.5.19, 3.6.17, 4.0.1 or later\n http://www.mozilla.com/en-US/firefox/all.html\n\n Upgrade to Seamonkey version 2.0.14 or later\n http://www.seamonkey-project.org/releases/\n\n Upgrade to Thunderbird version 3.1.10 or later\n http://www.mozillamessaging.com/en-US/thunderbird/\";\n\ntag_impact = \"Successful exploitation will let remote attackers to execute arbitrary code\n or cause a denial of service.\n Impact Level: Application\";\ntag_affected = \"SeaMonkey versions before 2.0.14.\n Thunderbird version before 3.1.10\n Mozilla Firefox versions 3.5.x before 3.5.19, 3.6.x before 3.6.17,\n and 4.x before 4.0.1\";\ntag_insight = \"The flaws are due to multiple Unspecified errors in the browser engine\n allows remote attackers to cause a denial of service or possibly execute\n arbitrary code via unknown vectors.\";\ntag_summary = \"The host is installed with Mozilla Firefox, Seamonkey or Thunderbird and is\n prone to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(801884);\n script_version(\"$Revision: 7044 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-01 13:50:59 +0200 (Fri, 01 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-18 15:37:30 +0200 (Wed, 18 May 2011)\");\n script_cve_id(\"CVE-2011-0069\", \"CVE-2011-0070\");\n script_bugtraq_id(47656,47654);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 01\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/44357/\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2011/1127\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2011/mfsa2011-12.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\", \"gb_seamonkey_detect_win.nasl\",\n \"gb_thunderbird_detect_win.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Firefox Check\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(ffVer)\n{\n ## Grep for Firefox version before 3.5.19, 3.6.x before 3.6.17 and 4.x before 4.0.1\n if(version_is_less(version:ffVer, test_version:\"3.5.19\") ||\n version_in_range(version:ffVer, test_version:\"3.6.0\", test_version2:\"3.6.16\") ||\n version_in_range(version:ffVer, test_version:\"4.0\", test_version2:\"4.0.b12\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n## Seamonkey Check\nsmVer = get_kb_item(\"Seamonkey/Win/Ver\");\nif(smVer != NULL)\n{\n ## Grep for Seamonkey version 2.0.14\n if(version_is_less(version:smVer, test_version:\"2.0.14\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n## Thunderbird Check\ntbVer = get_kb_item(\"Thunderbird/Win/Ver\");\nif(tbVer != NULL)\n{\n ## Grep for Thunderbird version < 3.1.10\n if(version_is_less(version:tbVer, test_version:\"3.1.10\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-08T12:47:46", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2011-05-12T00:00:00", "id": "OPENVAS:136141256231069590", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069590", "title": "FreeBSD Ports: firefox", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_firefox56.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 04b7d46c-7226-11e0-813a-6c626dd55a41\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69590\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_cve_id(\"CVE-2011-0079\", \"CVE-2011-0081\", \"CVE-2011-0069\", \"CVE-2011-0070\",\n \"CVE-2011-0080\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\",\n \"CVE-2011-0078\", \"CVE-2011-0072\", \"CVE-2011-0065\", \"CVE-2011-0066\",\n \"CVE-2011-0073\", \"CVE-2011-0067\", \"CVE-2011-0076\", \"CVE-2011-0071\",\n \"CVE-2011-1302\", \"CVE-2011-1300\", \"CVE-2011-1202\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following packages are affected:\n\n firefox\n libxul\n linux-firefox\n linux-firefox-devel\n linux-seamonkey\n seamonkey\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-12.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-13.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-14.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-15.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-16.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-17.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-18.html\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/04b7d46c-7226-11e0-813a-6c626dd55a41.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.6.*,1\")>0 && revcomp(a:bver, b:\"3.6.17,1\")<0) {\n txt += 'Package firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"3.5.*,1\")>0 && revcomp(a:bver, b:\"3.5.19,1\")<0) {\n txt += 'Package firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"4.0.*,1\")>0 && revcomp(a:bver, b:\"4.0.1,1\")<0) {\n txt += 'Package firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"libxul\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.9.2\")>0 && revcomp(a:bver, b:\"1.9.2.17\")<0) {\n txt += 'Package libxul version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"linux-firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.6.17,1\")<0) {\n txt += 'Package linux-firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"linux-firefox-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.5.19\")<0) {\n txt += 'Package linux-firefox-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"linux-seamonkey\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.0\")>0 && revcomp(a:bver, b:\"2.0.14\")<0) {\n txt += 'Package linux-seamonkey version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"seamonkey\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.0\")>0 && revcomp(a:bver, b:\"2.0.14\")<0) {\n txt += 'Package seamonkey version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:26", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-02-25T00:00:00", "published": "2011-05-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=69590", "id": "OPENVAS:69590", "title": "FreeBSD Ports: firefox", "type": "openvas", "sourceData": "#\n#VID 04b7d46c-7226-11e0-813a-6c626dd55a41\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 04b7d46c-7226-11e0-813a-6c626dd55a41\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n firefox\n libxul\n linux-firefox\n linux-firefox-devel\n linux-seamonkey\n seamonkey\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-12.html\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-13.html\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-14.html\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-15.html\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-16.html\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-17.html\nhttp://www.mozilla.org/security/announce/2011/mfsa2011-18.html\nhttp://www.vuxml.org/freebsd/04b7d46c-7226-11e0-813a-6c626dd55a41.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(69590);\n script_version(\"$Revision: 5424 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-25 17:52:36 +0100 (Sat, 25 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_cve_id(\"CVE-2011-0079\", \"CVE-2011-0081\", \"CVE-2011-0069\", \"CVE-2011-0070\",\n \"CVE-2011-0080\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\",\n \"CVE-2011-0078\", \"CVE-2011-0072\", \"CVE-2011-0065\", \"CVE-2011-0066\",\n \"CVE-2011-0073\", \"CVE-2011-0067\", \"CVE-2011-0076\", \"CVE-2011-0071\",\n \"CVE-2011-1302\", \"CVE-2011-1300\", \"CVE-2011-1202\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: firefox\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.6.*,1\")>0 && revcomp(a:bver, b:\"3.6.17,1\")<0) {\n txt += 'Package firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"3.5.*,1\")>0 && revcomp(a:bver, b:\"3.5.19,1\")<0) {\n txt += 'Package firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"4.0.*,1\")>0 && revcomp(a:bver, b:\"4.0.1,1\")<0) {\n txt += 'Package firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"libxul\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.9.2\")>0 && revcomp(a:bver, b:\"1.9.2.17\")<0) {\n txt += 'Package libxul version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.6.17,1\")<0) {\n txt += 'Package linux-firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-firefox-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.5.19\")<0) {\n txt += 'Package linux-firefox-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-seamonkey\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.0\")>0 && revcomp(a:bver, b:\"2.0.14\")<0) {\n txt += 'Package linux-seamonkey version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"seamonkey\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.0\")>0 && revcomp(a:bver, b:\"2.0.14\")<0) {\n txt += 'Package seamonkey version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:06:50", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2011-05-10T00:00:00", "id": "OPENVAS:1361412562310850166", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850166", "title": "SuSE Update for MozillaFirefox, seamonkey, MozillaThunderbird SUSE-SA:2011:022", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for MozillaFirefox,seamonkey,MozillaThunderbird SUSE-SA:2011:022\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850166\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"SUSE-SA\", value:\"2011-022\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0068\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0076\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0079\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_name(\"SuSE Update for MozillaFirefox, seamonkey, MozillaThunderbird SUSE-SA:2011:022\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MozillaFirefox, seamonkey, MozillaThunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE11\\.2|openSUSE11\\.3)\");\n script_tag(name:\"impact\", value:\"remote code execution, remote denial of service\");\n script_tag(name:\"affected\", value:\"MozillaFirefox, seamonkey, MozillaThunderbird on openSUSE 11.2, openSUSE 11.3\");\n script_tag(name:\"insight\", value:\"The Mozilla suite of browsers received security updates.\n\n Following updates are included in this update:\n Mozilla Firefox was updated on SUSE Linux Enterprise 10 and 11 to the 3.6.17 security release.\n Mozilla Firefox was updated on openSUSE 11.4 to the 4.0.1 security release.\n Mozilla Thunderbird was updated on openSUSE to the 3.1.10 security release.\n Mozilla Seamonkey was updated on openSUSE to the 2.0.14 security release.\n Mozilla XULRunner 1.9.1 was updated to 1.9.1.19.\n Mozilla XULRunner 1.9.2 was updated to 1.9.2.17.\n\n Following security issues were fixed:\n MFSA 2011-12:\n Mozilla developers identified and fixed several memory safety bugs in the\n browser engine used in Firefox and other Mozilla-based products. Some of these\n bugs showed evidence of memory corruption under certain circumstances, and we\n presume that with enough effort at least some of these could be exploited to\n run arbitrary code.\n\n Mozilla developers Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, Nils,\n Scoobidiver, and Ted Mielczarek reported memory safety issues which affected\n Firefox 4. CVE-2011-0079\n\n Mozilla developer Scoobidiver reported a memory safety issue which affected\n Firefox 4 and Firefox 3.6 CVE-2011-0081\n\n The web development team of Alcidion reported a crash that affected Firefox 4,\n Firefox 3.6 and Firefox 3.5. CVE-2011-0069\n\n Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5.\n CVE-2011-0070\n\n Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and\n Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and\n Firefox 3.5. CVE-2011-0080\n\n Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox\n 3.5. CVE-2011-0075\n\n Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox\n 3.5. CVE-2011-0078\n\n Martin Barbella reported a memory safety issue which affected Firefox 3.6 and\n Firefox 3.5. CVE-2011-0072\n\n\n CVE-2011-0073:\n Security researcher regenrecht reported several dangling pointer\n vulnerabilities via TippingPoint's Zero Day Initiative.\n\n Firefox 4 was not affected by these issues.\n\n\n CVE-2011-0067:\n Security researcher Paul Stone reported that a Java applet could be used to\n mimic interaction with form autocomplete controls and steal entries from the\n form history.\n\n Firefox 4 was not affected by this issue.\n\n\n CVE-2011-0076: David Remahl of Apple Product Security reported\n that the Java Embedding Plugin (JEP) shipped with the Mac OS X version ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE11.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.6.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~3.6.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~3.6.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~3.6.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~3.1.10~0.9.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~3.1.10~0.9.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~3.1.10~0.9.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~3.1.10~0.9.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"enigmail\", rpm:\"enigmail~1.1.2~9.9.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-js192\", rpm:\"mozilla-js192~1.9.2.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191\", rpm:\"mozilla-xulrunner191~1.9.1.19~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-devel\", rpm:\"mozilla-xulrunner191-devel~1.9.1.19~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-gnomevfs\", rpm:\"mozilla-xulrunner191-gnomevfs~1.9.1.19~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-translations-common\", rpm:\"mozilla-xulrunner191-translations-common~1.9.1.19~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-translations-other\", rpm:\"mozilla-xulrunner191-translations-other~1.9.1.19~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192\", rpm:\"mozilla-xulrunner192~1.9.2.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-buildsymbols\", rpm:\"mozilla-xulrunner192-buildsymbols~1.9.2.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-devel\", rpm:\"mozilla-xulrunner192-devel~1.9.2.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-gnome\", rpm:\"mozilla-xulrunner192-gnome~1.9.2.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-translations-common\", rpm:\"mozilla-xulrunner192-translations-common~1.9.2.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-translations-other\", rpm:\"mozilla-xulrunner192-translations-other~1.9.2.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-xpcom191\", rpm:\"python-xpcom191~1.9.1.19~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~2.0.14~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~2.0.14~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-irc\", rpm:\"seamonkey-irc~2.0.14~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-venkman\", rpm:\"seamonkey-venkman~2.0.14~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-js192-32bit\", rpm:\"mozilla-js192-32bit~1.9.2.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-32bit\", rpm:\"mozilla-xulrunner191-32bit~1.9.1.19~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-gnomevfs-32bit\", rpm:\"mozilla-xulrunner191-gnomevfs-32bit~1.9.1.19~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-32bit\", rpm:\"mozilla-xulrunner192-32bit~1.9.2.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-gnome-32bit\", rpm:\"mozilla-xulrunner192-gnome-32bit~1.9.2.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-translations-common-32bit\", rpm:\"mozilla-xulrunner192-translations-common-32bit~1.9.2.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-translations-other-32bit\", rpm:\"mozilla-xulrunner192-translations-other-32bit~1.9.2.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"openSUSE11.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.6.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~3.6.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~3.6.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~3.6.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~3.1.10~0.9.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~3.1.10~0.9.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~3.1.10~0.9.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~3.1.10~0.9.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"enigmail\", rpm:\"enigmail~1.1.2~9.9.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-js192\", rpm:\"mozilla-js192~1.9.2.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191\", rpm:\"mozilla-xulrunner191~1.9.1.19~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-devel\", rpm:\"mozilla-xulrunner191-devel~1.9.1.19~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-gnomevfs\", rpm:\"mozilla-xulrunner191-gnomevfs~1.9.1.19~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-translations-common\", rpm:\"mozilla-xulrunner191-translations-common~1.9.1.19~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-translations-other\", rpm:\"mozilla-xulrunner191-translations-other~1.9.1.19~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192\", rpm:\"mozilla-xulrunner192~1.9.2.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-buildsymbols\", rpm:\"mozilla-xulrunner192-buildsymbols~1.9.2.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-devel\", rpm:\"mozilla-xulrunner192-devel~1.9.2.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-gnome\", rpm:\"mozilla-xulrunner192-gnome~1.9.2.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-translations-common\", rpm:\"mozilla-xulrunner192-translations-common~1.9.2.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-translations-other\", rpm:\"mozilla-xulrunner192-translations-other~1.9.2.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-xpcom191\", rpm:\"python-xpcom191~1.9.1.19~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~2.0.14~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~2.0.14~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-irc\", rpm:\"seamonkey-irc~2.0.14~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-translations-common\", rpm:\"seamonkey-translations-common~2.0.14~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-translations-other\", rpm:\"seamonkey-translations-other~2.0.14~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-venkman\", rpm:\"seamonkey-venkman~2.0.14~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-js192-32bit\", rpm:\"mozilla-js192-32bit~1.9.2.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-32bit\", rpm:\"mozilla-xulrunner191-32bit~1.9.1.19~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-gnomevfs-32bit\", rpm:\"mozilla-xulrunner191-gnomevfs-32bit~1.9.1.19~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-32bit\", rpm:\"mozilla-xulrunner192-32bit~1.9.2.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-gnome-32bit\", rpm:\"mozilla-xulrunner192-gnome-32bit~1.9.2.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-translations-common-32bit\", rpm:\"mozilla-xulrunner192-translations-common-32bit~1.9.2.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-translations-other-32bit\", rpm:\"mozilla-xulrunner192-translations-other-32bit~1.9.2.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:18:41", "bulletinFamily": "scanner", "description": "Check for the Version of MozillaFirefox,seamonkey,MozillaThunderbird", "modified": "2017-12-08T00:00:00", "published": "2011-05-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=850166", "id": "OPENVAS:850166", "title": "SuSE Update for MozillaFirefox,seamonkey,MozillaThunderbird SUSE-SA:2011:022", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for MozillaFirefox,seamonkey,MozillaThunderbird SUSE-SA:2011:022\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Mozilla suite of browsers received security updates.\n\n Following updates are included in this update:\n Mozilla Firefox was updated on SUSE Linux Enterprise 10 and 11 to the 3.6.17 security release.\n Mozilla Firefox was updated on openSUSE 11.4 to the 4.0.1 security release.\n Mozilla Thunderbird was updated on openSUSE to the 3.1.10 security release.\n Mozilla Seamonkey was updated on openSUSE to the 2.0.14 security release.\n Mozilla XULRunner 1.9.1 was updated to 1.9.1.19.\n Mozilla XULRunner 1.9.2 was updated to 1.9.2.17.\n\n Following security issues were fixed:\n MFSA 2011-12:\n Mozilla developers identified and fixed several memory safety bugs in the\n browser engine used in Firefox and other Mozilla-based products. Some of these\n bugs showed evidence of memory corruption under certain circumstances, and we\n presume that with enough effort at least some of these could be exploited to\n run arbitrary code.\n\n Mozilla developers Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, Nils,\n Scoobidiver, and Ted Mielczarek reported memory safety issues which affected\n Firefox 4. CVE-2011-0079\n\n Mozilla developer Scoobidiver reported a memory safety issue which affected\n Firefox 4 and Firefox 3.6 CVE-2011-0081\n\n The web development team of Alcidion reported a crash that affected Firefox 4,\n Firefox 3.6 and Firefox 3.5. CVE-2011-0069\n\n Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5.\n CVE-2011-0070\n\n Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and\n Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and\n Firefox 3.5. CVE-2011-0080\n\n Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox\n 3.5. CVE-2011-0075\n\n Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox\n 3.5. CVE-2011-0078\n\n Martin Barbella reported a memory safety issue which affected Firefox 3.6 and\n Firefox 3.5. CVE-2011-0072\n\n\n CVE-2011-0073:\n Security researcher regenrecht reported several dangling pointer\n vulnerabilities via TippingPoint's Zero Day Initiative.\n\n Firefox 4 was not affected by these issues.\n\n\n CVE-2011-0067:\n Security researcher Paul Stone reported that a Java applet could be used to\n mimic interaction with form autocomplete controls and steal entries from the\n form history.\n\n Firefox 4 was not affected by this issue.\n\n\n CVE-2011-0076: David Remahl of Apple Product Security reported\n that the Java Embedding Plugin (JEP) shipped with the Mac OS X version ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_impact = \"remote code execution, remote denial of service\";\ntag_affected = \"MozillaFirefox,seamonkey,MozillaThunderbird on openSUSE 11.2, openSUSE 11.3\";\n\n\nif(description)\n{\n script_id(850166);\n script_version(\"$Revision: 8041 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 08:28:21 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2011-022\");\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0068\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0076\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0079\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n script_name(\"SuSE Update for MozillaFirefox,seamonkey,MozillaThunderbird SUSE-SA:2011:022\");\n\n script_summary(\"Check for the Version of MozillaFirefox,seamonkey,MozillaThunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.6.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~3.6.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~3.6.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~3.6.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~3.1.10~0.9.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~3.1.10~0.9.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~3.1.10~0.9.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~3.1.10~0.9.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"enigmail\", rpm:\"enigmail~1.1.2~9.9.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-js192\", rpm:\"mozilla-js192~1.9.2.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191\", rpm:\"mozilla-xulrunner191~1.9.1.19~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-devel\", rpm:\"mozilla-xulrunner191-devel~1.9.1.19~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-gnomevfs\", rpm:\"mozilla-xulrunner191-gnomevfs~1.9.1.19~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-translations-common\", rpm:\"mozilla-xulrunner191-translations-common~1.9.1.19~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-translations-other\", rpm:\"mozilla-xulrunner191-translations-other~1.9.1.19~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192\", rpm:\"mozilla-xulrunner192~1.9.2.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-buildsymbols\", rpm:\"mozilla-xulrunner192-buildsymbols~1.9.2.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-devel\", rpm:\"mozilla-xulrunner192-devel~1.9.2.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-gnome\", rpm:\"mozilla-xulrunner192-gnome~1.9.2.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-translations-common\", rpm:\"mozilla-xulrunner192-translations-common~1.9.2.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-translations-other\", rpm:\"mozilla-xulrunner192-translations-other~1.9.2.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-xpcom191\", rpm:\"python-xpcom191~1.9.1.19~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~2.0.14~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~2.0.14~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-irc\", rpm:\"seamonkey-irc~2.0.14~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-venkman\", rpm:\"seamonkey-venkman~2.0.14~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-js192-32bit\", rpm:\"mozilla-js192-32bit~1.9.2.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-32bit\", rpm:\"mozilla-xulrunner191-32bit~1.9.1.19~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-gnomevfs-32bit\", rpm:\"mozilla-xulrunner191-gnomevfs-32bit~1.9.1.19~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-32bit\", rpm:\"mozilla-xulrunner192-32bit~1.9.2.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-gnome-32bit\", rpm:\"mozilla-xulrunner192-gnome-32bit~1.9.2.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-translations-common-32bit\", rpm:\"mozilla-xulrunner192-translations-common-32bit~1.9.2.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-translations-other-32bit\", rpm:\"mozilla-xulrunner192-translations-other-32bit~1.9.2.17~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.6.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~3.6.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~3.6.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~3.6.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~3.1.10~0.9.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~3.1.10~0.9.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~3.1.10~0.9.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~3.1.10~0.9.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"enigmail\", rpm:\"enigmail~1.1.2~9.9.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-js192\", rpm:\"mozilla-js192~1.9.2.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191\", rpm:\"mozilla-xulrunner191~1.9.1.19~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-devel\", rpm:\"mozilla-xulrunner191-devel~1.9.1.19~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-gnomevfs\", rpm:\"mozilla-xulrunner191-gnomevfs~1.9.1.19~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-translations-common\", rpm:\"mozilla-xulrunner191-translations-common~1.9.1.19~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-translations-other\", rpm:\"mozilla-xulrunner191-translations-other~1.9.1.19~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192\", rpm:\"mozilla-xulrunner192~1.9.2.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-buildsymbols\", rpm:\"mozilla-xulrunner192-buildsymbols~1.9.2.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-devel\", rpm:\"mozilla-xulrunner192-devel~1.9.2.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-gnome\", rpm:\"mozilla-xulrunner192-gnome~1.9.2.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-translations-common\", rpm:\"mozilla-xulrunner192-translations-common~1.9.2.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-translations-other\", rpm:\"mozilla-xulrunner192-translations-other~1.9.2.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-xpcom191\", rpm:\"python-xpcom191~1.9.1.19~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~2.0.14~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~2.0.14~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-irc\", rpm:\"seamonkey-irc~2.0.14~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-translations-common\", rpm:\"seamonkey-translations-common~2.0.14~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-translations-other\", rpm:\"seamonkey-translations-other~2.0.14~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-venkman\", rpm:\"seamonkey-venkman~2.0.14~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-js192-32bit\", rpm:\"mozilla-js192-32bit~1.9.2.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-32bit\", rpm:\"mozilla-xulrunner191-32bit~1.9.1.19~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner191-gnomevfs-32bit\", rpm:\"mozilla-xulrunner191-gnomevfs-32bit~1.9.1.19~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-32bit\", rpm:\"mozilla-xulrunner192-32bit~1.9.2.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-gnome-32bit\", rpm:\"mozilla-xulrunner192-gnome-32bit~1.9.2.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-translations-common-32bit\", rpm:\"mozilla-xulrunner192-translations-common-32bit~1.9.2.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-xulrunner192-translations-other-32bit\", rpm:\"mozilla-xulrunner192-translations-other-32bit~1.9.2.17~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-04T14:20:03", "bulletinFamily": "scanner", "description": "The host is installed with Mozilla Firefox and is prone to multiple\n unspecified vulnerabilities.", "modified": "2017-08-29T00:00:00", "published": "2011-05-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=801886", "id": "OPENVAS:801886", "title": "Mozilla Firefox Multiple Unspecified Vulnerabilities May-11 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_mult_unspecified_vuln_win_may11.nasl 7019 2017-08-29 11:51:27Z teissa $\n#\n# Mozilla Firefox Multiple Unspecified Vulnerabilities May-11 (Windows)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to a cause a denial of\n service or possibly execute arbitrary code.\n Impact Level: Application\";\ntag_affected = \"Mozilla Firefox versions 4.x before 4.0.1\";\ntag_insight = \"The flaws are due to multiple unspecified errors in the browser engine\n allow remote attackers to cause a denial of service or possibly execute\n arbitrary code via vectors related to gfx/layers/d3d10/ReadbackManagerD3D10.cpp\n and unknown other vectors.\";\ntag_solution = \"Upgrade to Firefox version 4.0.1 or later\n http://www.mozilla.com/en-US/firefox/all.html\";\ntag_summary = \"The host is installed with Mozilla Firefox and is prone to multiple\n unspecified vulnerabilities.\";\n\nif(description)\n{\n script_id(801886);\n script_version(\"$Revision: 7019 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-29 13:51:27 +0200 (Tue, 29 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-18 15:37:30 +0200 (Wed, 18 May 2011)\");\n script_cve_id(\"CVE-2011-0079\");\n script_bugtraq_id(47657);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mozilla Firefox Multiple Unspecified Vulnerabilities May-11 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/44357/\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2011/1127\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2011/mfsa2011-12.html\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\");\n script_require_keys(\"Firefox/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Firefox Check\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(ffVer)\n{\n ## Grep for Firefox versions 4.x before 4.0.1\n if(version_in_range(version:ffVer, test_version:\"4.0\", test_version2:\"4.0.b12\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:44:58", "bulletinFamily": "scanner", "description": "The host is installed with Mozilla Firefox and is prone to multiple\n unspecified vulnerabilities.", "modified": "2018-10-20T00:00:00", "published": "2011-05-18T00:00:00", "id": "OPENVAS:1361412562310801886", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801886", "title": "Mozilla Firefox Multiple Unspecified Vulnerabilities May-11 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_mult_unspecified_vuln_win_may11.nasl 11997 2018-10-20 11:59:41Z mmartin $\n#\n# Mozilla Firefox Multiple Unspecified Vulnerabilities May-11 (Windows)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801886\");\n script_version(\"$Revision: 11997 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-20 13:59:41 +0200 (Sat, 20 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-18 15:37:30 +0200 (Wed, 18 May 2011)\");\n script_cve_id(\"CVE-2011-0079\");\n script_bugtraq_id(47657);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mozilla Firefox Multiple Unspecified Vulnerabilities May-11 (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/44357/\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2011/1127\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2011/mfsa2011-12.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/firefox/all.html\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to a cause a denial of\n service or possibly execute arbitrary code.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox versions 4.x before 4.0.1\");\n script_tag(name:\"insight\", value:\"The flaws are due to multiple unspecified errors in the browser engine\n allow remote attackers to cause a denial of service or possibly execute\n arbitrary code via vectors related to gfx/layers/d3d10/ReadbackManagerD3D10.cpp\n and unknown other vectors.\");\n script_tag(name:\"solution\", value:\"Upgrade to Firefox version 4.0.1 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla Firefox and is prone to multiple\n unspecified vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(ffVer)\n{\n if(version_in_range(version:ffVer, test_version:\"4.0\", test_version2:\"4.0.b12\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:39", "bulletinFamily": "unix", "description": "Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted Mielczarek discovered multiple memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. (CVE-2011-0079)\n\nIt was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0081)\n\nIt was discovered that Firefox incorrectly handled certain JavaScript requests. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0070)\n\nChris Evans discovered a vulnerability in Firefox\u2019s XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable. (CVE-2011-1202)", "modified": "2011-04-30T00:00:00", "published": "2011-04-30T00:00:00", "id": "USN-1121-1", "href": "https://usn.ubuntu.com/1121-1/", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:31", "bulletinFamily": "unix", "description": "USN-1122-1 fixed vulnerabilities in Thunderbird for Lucid and Maverick. This update provides the corresponding fixes for Natty.\n\nOriginal advisory details:\n\nIt was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled certain JavaScript requests. If JavaScript were enabled, an attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman discovered several memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering code. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of certain DOM elements. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in Thunderbird\u2019s mChannel and mObserverList objects. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of the nsTreeSelection element. An attacker sending a specially crafted E-Mail could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets. If plugins were enabled, an attacker could use this to mimic interaction with form autocomplete controls and steal entries from the form history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol. This could potentially allow an attacker to load arbitrary files that were accessible to the user running Thunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird\u2019s XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable. (CVE-2011-1202)", "modified": "2011-05-05T00:00:00", "published": "2011-05-05T00:00:00", "id": "USN-1122-2", "href": "https://usn.ubuntu.com/1122-2/", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:08", "bulletinFamily": "unix", "description": "It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled certain JavaScript requests. If JavaScript were enabled, an attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman discovered several memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering code. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of certain DOM elements. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in Thunderbird\u2019s mChannel and mObserverList objects. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of the nsTreeSelection element. An attacker sending a specially crafted E-Mail could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets. If plugins were enabled, an attacker could use this to mimic interaction with form autocomplete controls and steal entries from the form history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol. This could potentially allow an attacker to load arbitrary files that were accessible to the user running Thunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird\u2019s XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable. (CVE-2011-1202)", "modified": "2011-05-05T00:00:00", "published": "2011-05-05T00:00:00", "id": "USN-1122-1", "href": "https://usn.ubuntu.com/1122-1/", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:39", "bulletinFamily": "unix", "description": "USN-1122-2 fixed vulnerabilities in Thunderbird on Ubuntu 11.04. A regression was introduced which caused Thunderbird to display an empty menu bar. This update fixes the problem. We apologize for the inconvenience.\n\nOriginal advisory details:\n\nIt was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0081)\n\nIt was discovered that Thunderbird incorrectly handled certain JavaScript requests. If JavaScript were enabled, an attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman discovered several memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering code. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of certain DOM elements. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in Thunderbird\u2019s mChannel and mObserverList objects. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of the nsTreeSelection element. An attacker sending a specially crafted E-Mail could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets. If plugins were enabled, an attacker could use this to mimic interaction with form autocomplete controls and steal entries from the form history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol. This could potentially allow an attacker to load arbitrary files that were accessible to the user running Thunderbird. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Thunderbird\u2019s XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable. (CVE-2011-1202)", "modified": "2011-06-06T00:00:00", "published": "2011-06-06T00:00:00", "id": "USN-1122-3", "href": "https://usn.ubuntu.com/1122-3/", "title": "Thunderbird regression", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:50", "bulletinFamily": "unix", "description": "It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0081)\n\nIt was discovered that Firefox incorrectly handled certain JavaScript requests. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0069)\n\nIan Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0070)\n\nBob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman discovered several memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. (CVE-2011-0080)\n\nAki Helin discovered multiple vulnerabilities in the HTML rendering code. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. (CVE-2011-0074, CVE-2011-0075)\n\nIan Beer discovered multiple overflow vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. (CVE-2011-0077, CVE-2011-0078)\n\nMartin Barbella discovered a memory vulnerability in the handling of certain DOM elements. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0072)\n\nIt was discovered that there were use-after-free vulnerabilities in Firefox\u2019s mChannel and mObserverList objects. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. (CVE-2011-0065, CVE-2011-0066)\n\nIt was discovered that there was a vulnerability in the handling of the nsTreeSelection element. An attacker serving malicious content could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0073)\n\nPaul Stone discovered a vulnerability in the handling of Java applets. An attacker could use this to mimic interaction with form autocomplete controls and steal entries from the form history. (CVE-2011-0067)\n\nSoroush Dalili discovered a vulnerability in the resource: protocol. This could potentially allow an attacker to load arbitrary files that were accessible to the user running Firefox. (CVE-2011-0071)\n\nChris Evans discovered a vulnerability in Firefox\u2019s XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable. (CVE-2011-1202)", "modified": "2011-04-29T00:00:00", "published": "2011-04-29T00:00:00", "id": "USN-1112-1", "href": "https://usn.ubuntu.com/1112-1/", "title": "Firefox and Xulrunner vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:12:02", "bulletinFamily": "scanner", "description": "The installed version of Firefox 4.0 is earlier than 4.0.1. As such,\nit is potentially affected by the following security issues :\n\n - A buffer overflow exists in the WebGLES library.\n Additionally, the Windows version was not compiled\n with ASLR enabled. (CVE-2011-0068)\n\n - Multiple memory safety issues can lead to application\n crashes and possibly remote code execution.\n (CVE-2011-0069, CVE-2011-0070, CVE-2011-0079,\n CVE-2011-0081)\n\n - An information disclosure vulnerability exists in the\n 'xsltGenerateIdFunction' function in the included\n libxslt library. (CVE-2011-1202)", "modified": "2018-07-16T00:00:00", "published": "2011-04-29T00:00:00", "id": "MOZILLA_FIREFOX_401.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53595", "title": "Firefox 4.0 < 4.0.1 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53595);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\n \"CVE-2011-0068\",\n \"CVE-2011-0069\",\n \"CVE-2011-0070\",\n \"CVE-2011-0079\",\n \"CVE-2011-0081\",\n \"CVE-2011-1202\"\n );\n script_bugtraq_id(\n 47641,\n 47646,\n 47648,\n 47651,\n 47653,\n 47654,\n 47655,\n 47656,\n 47657,\n 47659,\n 47661,\n 47662,\n 47663,\n 47667,\n 47668\n );\n script_xref(name:\"Secunia\", value:\"44406\");\n\n script_name(english:\"Firefox 4.0 < 4.0.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox 4.0 is earlier than 4.0.1. As such,\nit is potentially affected by the following security issues :\n\n - A buffer overflow exists in the WebGLES library.\n Additionally, the Windows version was not compiled\n with ASLR enabled. (CVE-2011-0068)\n\n - Multiple memory safety issues can lead to application\n crashes and possibly remote code execution.\n (CVE-2011-0069, CVE-2011-0070, CVE-2011-0079,\n CVE-2011-0081)\n\n - An information disclosure vulnerability exists in the\n 'xsltGenerateIdFunction' function in the included\n libxslt library. (CVE-2011-1202)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-18/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?12d3777c\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 4.0.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'4.0.1', min:'4.0', severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:19:08", "bulletinFamily": "scanner", "description": "Mozilla Firefox was updated to the 4.0.1 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developers Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael\nWu, Nils, Scoobidiver, and Ted Mielczarek reported memory safety\nissues which affected Firefox 4. (CVE-2011-0079)\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMFSA 2011-17 / CVE-2011-0068: Two crashes that could potentially be\nexploited to run malicious code were found in the WebGL feature and\nfixed in Firefox 4.0.1. In addition the WebGLES libraries could\npotentially be used to bypass a security feature of recent Windows\nversions. The WebGL feature was introduced in Firefox 4; older\nversions are not affected by these issues.\n\nNils reported that the WebGLES libraries in the Windows version of\nFirefox were compiled without ASLR protection. An attacker who found\nan exploitable memory corruption flaw could then use these libraries\nto bypass ASLR on Windows Vista and Windows 7, making the flaw as\nexploitable on those platforms as it would be on Windows XP or other\nplatforms.\n\nMozilla researcher Christoph Diehl reported a potentially exploitable\nbuffer overflow in the WebGLES library\n\nYuri Ko reported a potentially exploitable overwrite in the WebGLES\nlibrary to the Chrome Secuity Team. We thank them for coordinating\nwith us on this fix.\n\nMFSA 2011-18 / CVE-2011-1202: Chris Evans of the Chrome Security Team\nreported that the XSLT generate-id() function returned a string that\nrevealed a specific valid address of an object on the memory heap. It\nis possible that in some cases this address would be valuable\ninformation that could be used by an attacker while exploiting a\ndifferent memory corruption but, in order to make an exploit more\nreliable or work around mitigation features in the browser or\noperating system.", "modified": "2014-06-13T00:00:00", "published": "2014-06-13T00:00:00", "id": "SUSE_11_4_MOZILLAFIREFOX-110429.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75944", "title": "openSUSE Security Update : MozillaFirefox (MozillaFirefox-4457)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-4457.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75944);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 22:10:33 $\");\n\n script_cve_id(\"CVE-2011-0068\", \"CVE-2011-0070\", \"CVE-2011-0079\", \"CVE-2011-0081\", \"CVE-2011-1202\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (MozillaFirefox-4457)\");\n script_summary(english:\"Check for the MozillaFirefox-4457 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was updated to the 4.0.1 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developers Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael\nWu, Nils, Scoobidiver, and Ted Mielczarek reported memory safety\nissues which affected Firefox 4. (CVE-2011-0079)\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMFSA 2011-17 / CVE-2011-0068: Two crashes that could potentially be\nexploited to run malicious code were found in the WebGL feature and\nfixed in Firefox 4.0.1. In addition the WebGLES libraries could\npotentially be used to bypass a security feature of recent Windows\nversions. The WebGL feature was introduced in Firefox 4; older\nversions are not affected by these issues.\n\nNils reported that the WebGLES libraries in the Windows version of\nFirefox were compiled without ASLR protection. An attacker who found\nan exploitable memory corruption flaw could then use these libraries\nto bypass ASLR on Windows Vista and Windows 7, making the flaw as\nexploitable on those platforms as it would be on Windows XP or other\nplatforms.\n\nMozilla researcher Christoph Diehl reported a potentially exploitable\nbuffer overflow in the WebGLES library\n\nYuri Ko reported a potentially exploitable overwrite in the WebGLES\nlibrary to the Chrome Secuity Team. We thank them for coordinating\nwith us on this fix.\n\nMFSA 2011-18 / CVE-2011-1202: Chris Evans of the Chrome Security Team\nreported that the XSLT generate-id() function returned a string that\nrevealed a specific valid address of an object on the memory heap. It\nis possible that in some cases this address would be valuable\ninformation that could be used by an attacker while exploiting a\ndifferent memory corruption but, in order to make an exploit more\nreliable or work around mitigation features in the browser or\noperating system.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js20\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js20-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js20-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js20-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-gnome-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-translations-common-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner20-translations-other-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-4.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-branding-upstream-4.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-debuginfo-4.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-debugsource-4.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-devel-4.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-translations-common-4.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaFirefox-translations-other-4.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-js20-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-js20-debuginfo-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner20-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner20-buildsymbols-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner20-debuginfo-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner20-debugsource-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner20-devel-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner20-devel-debuginfo-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner20-gnome-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner20-gnome-debuginfo-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner20-translations-common-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-xulrunner20-translations-other-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-js20-32bit-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-js20-debuginfo-32bit-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner20-32bit-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner20-debuginfo-32bit-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner20-gnome-32bit-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner20-gnome-debuginfo-32bit-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner20-translations-common-32bit-2.0.1-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-xulrunner20-translations-other-32bit-2.0.1-0.2.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:19:09", "bulletinFamily": "scanner", "description": "Mozilla Thunderbird was updated to the 3.1.10 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)", "modified": "2014-06-13T00:00:00", "published": "2014-06-13T00:00:00", "id": "SUSE_11_4_MOZILLATHUNDERBIRD-110429.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75964", "title": "openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-4458)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaThunderbird-4458.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75964);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 22:10:33 $\");\n\n script_cve_id(\"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n\n script_name(english:\"openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-4458)\");\n script_summary(english:\"Check for the MozillaThunderbird-4458 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Thunderbird was updated to the 3.1.10 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaThunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-3.1.10-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-buildsymbols-3.1.10-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-debuginfo-3.1.10-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-debugsource-3.1.10-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-devel-3.1.10-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-devel-debuginfo-3.1.10-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-translations-common-3.1.10-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"MozillaThunderbird-translations-other-3.1.10-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"enigmail-1.1.2-9.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"enigmail-debuginfo-1.1.2-9.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:19:02", "bulletinFamily": "scanner", "description": "Mozilla Thunderbird was updated to the 3.1.10 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)", "modified": "2014-06-13T00:00:00", "published": "2014-06-13T00:00:00", "id": "SUSE_11_3_MOZILLATHUNDERBIRD-110429.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75664", "title": "openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-4458)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaThunderbird-4458.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75664);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:55:23 $\");\n\n script_cve_id(\"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n\n script_name(english:\"openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-4458)\");\n script_summary(english:\"Check for the MozillaThunderbird-4458 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Thunderbird was updated to the 3.1.10 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaThunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaThunderbird-3.1.10-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaThunderbird-devel-3.1.10-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaThunderbird-translations-common-3.1.10-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"MozillaThunderbird-translations-other-3.1.10-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"enigmail-1.1.2-9.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:12:07", "bulletinFamily": "scanner", "description": "Mozilla Thunderbird was updated to the 3.1.10 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)", "modified": "2014-06-13T00:00:00", "published": "2011-05-05T00:00:00", "id": "SUSE_11_2_MOZILLATHUNDERBIRD-110429.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53775", "title": "openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-4458)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaThunderbird-4458.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53775);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:00:37 $\");\n\n script_cve_id(\"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n\n script_name(english:\"openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-4458)\");\n script_summary(english:\"Check for the MozillaThunderbird-4458 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Thunderbird was updated to the 3.1.10 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaThunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaThunderbird-3.1.10-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaThunderbird-devel-3.1.10-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaThunderbird-translations-common-3.1.10-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"MozillaThunderbird-translations-other-3.1.10-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"enigmail-1.1.2-9.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:19:04", "bulletinFamily": "scanner", "description": "Mozilla SeaMonkey was updated to the 2.0.14 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.", "modified": "2014-08-21T00:00:00", "published": "2014-06-13T00:00:00", "id": "SUSE_11_3_SEAMONKEY-110429.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75738", "title": "openSUSE Security Update : seamonkey (seamonkey-4462)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-4462.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75738);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2014/08/21 14:15:34 $\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (seamonkey-4462)\");\n script_summary(english:\"Check for the seamonkey-4462 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey was updated to the 2.0.14 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-dom-inspector-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-irc-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-translations-common-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-translations-other-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"seamonkey-venkman-2.0.14-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:12:03", "bulletinFamily": "scanner", "description": "Security issues were identified and fixed in mozilla-thunderbird :\n\nSecurity researcher Soroush Dalili reported that the resource:\nprotocol could be exploited to allow directory traversal on Windows\nand the potential loading of resources from non-permitted locations.\nThe impact would depend on whether interesting files existed in\npredictable locations in a useful format. For example, the existence\nor non-existence of particular images might indicate whether certain\nsoftware was installed (CVE-2011-0071).\n\nMozilla developers identified and fixed several memory safety bugs in\nthe browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code (CVE-2011-0081,\nCVE-2011-0069, CVE-2011-0070, CVE-2011-0080, CVE-2011-0074,\nCVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0072).\n\nThe mozilla-thunderbird-lightning package shipped with MDVSA-2011:042\nhad a packaging bug that prevented extension to be loaded (#59951).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nAdditionally, some packages which require so, have been rebuilt and\nare being provided as updates.", "modified": "2018-07-19T00:00:00", "published": "2011-05-02T00:00:00", "id": "MANDRIVA_MDVSA-2011-080.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53617", "title": "Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2011:080)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:080. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53617);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n script_xref(name:\"MDVSA\", value:\"2011:080\");\n\n script_name(english:\"Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2011:080)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security issues were identified and fixed in mozilla-thunderbird :\n\nSecurity researcher Soroush Dalili reported that the resource:\nprotocol could be exploited to allow directory traversal on Windows\nand the potential loading of resources from non-permitted locations.\nThe impact would depend on whether interesting files existed in\npredictable locations in a useful format. For example, the existence\nor non-existence of particular images might indicate whether certain\nsoftware was installed (CVE-2011-0071).\n\nMozilla developers identified and fixed several memory safety bugs in\nthe browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code (CVE-2011-0081,\nCVE-2011-0069, CVE-2011-0070, CVE-2011-0080, CVE-2011-0074,\nCVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0072).\n\nThe mozilla-thunderbird-lightning package shipped with MDVSA-2011:042\nhad a packaging bug that prevented extension to be loaded (#59951).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nAdditionally, some packages which require so, have been rebuilt and\nare being provided as updates.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozillamessaging.com/en-US/thunderbird/3.1.10/releasenotes/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-crawl-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-evolution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-gui-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-beagle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-beagle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-bn_BD\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-en_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_AR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-et_EE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-lightning\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nb_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nn_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pa_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_PT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sv_SE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nsinstall\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-0.3.8-13.37mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-crawl-system-0.3.8-13.37mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-doc-0.3.8-13.37mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-epiphany-0.3.8-13.37mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-evolution-0.3.8-13.37mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-gui-0.3.8-13.37mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-gui-qt-0.3.8-13.37mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-libs-0.3.8-13.37mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ext-beagle-0.3.8-13.37mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-af-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-ar-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-be-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-beagle-0.3.8-13.37mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-bg-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-bn_BD-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-ca-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-cs-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-da-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-de-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-el-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-en_GB-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-ar-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-ca-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-cs-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-de-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-el-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-es-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-fi-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-fr-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-hu-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-it-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-ja-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-ko-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-nb-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-nl-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-pl-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-pt-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-pt_BR-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-ru-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-sl-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-sv-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-tr-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-vi-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-zh_CN-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-enigmail-zh_TW-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-es_AR-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-es_ES-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-et-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-et_EE-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-eu-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-fi-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-fr-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-fy-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-ga-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-gd-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-gl-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-he-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-hu-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-id-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-is-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-it-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-ja-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-ka-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-ko-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-lightning-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-lt-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-nb_NO-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-nl-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-nn_NO-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-pa_IN-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-pl-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-pt_BR-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-pt_PT-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-ro-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-ru-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-si-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-sk-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-sl-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-sq-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-sr-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-sv_SE-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-tr-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-uk-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-vi-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-zh_CN-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-zh_TW-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"nsinstall-3.1.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-0.3.9-20.25mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-crawl-system-0.3.9-20.25mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-doc-0.3.9-20.25mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-evolution-0.3.9-20.25mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-gui-0.3.9-20.25mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-gui-qt-0.3.9-20.25mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"beagle-libs-0.3.9-20.25mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"firefox-ext-beagle-0.3.9-20.25mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-af-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-ar-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-be-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-beagle-0.3.9-20.25mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-bg-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-bn_BD-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-ca-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-cs-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-da-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-de-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-el-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-en_GB-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-ar-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-ca-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-cs-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-de-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-el-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-es-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-fi-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-fr-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-hu-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-it-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-ja-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-ko-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-nb-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-nl-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-pl-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-pt-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-pt_BR-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-ru-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-sl-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-sv-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-tr-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-vi-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-zh_CN-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-enigmail-zh_TW-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-es_AR-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-es_ES-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-et-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-et_EE-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-eu-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-fi-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-fr-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-fy-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-ga-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-gd-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-gl-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-he-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-hu-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-id-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-is-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-it-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-ja-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-ka-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-ko-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-lightning-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-lt-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-nb_NO-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-nl-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-nn_NO-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-pa_IN-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-pl-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-pt_BR-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-pt_PT-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-ro-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-ru-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-si-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-sk-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-sl-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-sq-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-sr-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-sv_SE-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-tr-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-uk-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-vi-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-zh_CN-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mozilla-thunderbird-zh_TW-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"nsinstall-3.1.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"beagle-0.3.9-40.15mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"beagle-crawl-system-0.3.9-40.15mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"beagle-doc-0.3.9-40.15mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"beagle-evolution-0.3.9-40.15mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"beagle-gui-0.3.9-40.15mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"beagle-gui-qt-0.3.9-40.15mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"beagle-libs-0.3.9-40.15mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"firefox-ext-beagle-0.3.9-40.15mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-af-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ar-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-be-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-beagle-0.3.9-40.15mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-bg-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-bn_BD-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ca-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-cs-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-da-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-de-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-el-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-en_GB-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-ar-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-ca-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-cs-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-de-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-el-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-es-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-fi-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-fr-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-hu-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-it-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-ja-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-ko-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-nb-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-nl-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-pl-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-pt-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-pt_BR-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-ru-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-sl-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-sv-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-tr-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-vi-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-zh_CN-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-enigmail-zh_TW-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-es_AR-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-es_ES-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-et-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-et_EE-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-eu-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-fi-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-fr-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-fy-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ga-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-gd-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-gl-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-he-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-hu-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-id-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-is-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-it-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ja-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ka-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ko-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-lightning-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-lt-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-nb_NO-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-nl-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-nn_NO-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-pa_IN-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-pl-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-pt_BR-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-pt_PT-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ro-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-ru-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-si-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-sk-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-sl-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-sq-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-sr-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-sv_SE-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-tr-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-uk-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-vi-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-zh_CN-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mozilla-thunderbird-zh_TW-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"nsinstall-3.1.10-0.1mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:19:10", "bulletinFamily": "scanner", "description": "Mozilla SeaMonkey was updated to the 2.0.14 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.", "modified": "2014-08-21T00:00:00", "published": "2014-06-13T00:00:00", "id": "SUSE_11_4_SEAMONKEY-110429.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76019", "title": "openSUSE Security Update : seamonkey (seamonkey-4462)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-4462.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76019);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2014/08/21 14:35:38 $\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (seamonkey-4462)\");\n script_summary(english:\"Check for the seamonkey-4462 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey was updated to the 2.0.14 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debuginfo-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-debugsource-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-dom-inspector-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-irc-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-common-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-translations-other-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"seamonkey-venkman-2.0.14-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:12:07", "bulletinFamily": "scanner", "description": "Mozilla SeaMonkey was updated to the 2.0.14 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.", "modified": "2014-08-21T00:00:00", "published": "2011-05-05T00:00:00", "id": "SUSE_11_2_SEAMONKEY-110429.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53800", "title": "openSUSE Security Update : seamonkey (seamonkey-4462)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update seamonkey-4462.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53800);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2014/08/21 14:15:34 $\");\n\n script_cve_id(\"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0080\", \"CVE-2011-0081\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (seamonkey-4462)\");\n script_summary(english:\"Check for the seamonkey-4462 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla SeaMonkey was updated to the 2.0.14 security release.\n\nMFSA 2011-12: Mozilla developers identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code. Credits\n\nMozilla developer Scoobidiver reported a memory safety issue which\naffected Firefox 4 and Firefox 3.6 (CVE-2011-0081)\n\nThe web development team of Alcidion reported a crash that affected\nFirefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069)\n\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0070)\n\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats\nPalmgren and Jesse Ruderman reported memory safety issues which\naffected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080)\n\nAki Helin reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0074 , CVE-2011-0075)\n\nIan Beer reported memory safety issues which affected Firefox 3.6 and\nFirefox 3.5. (CVE-2011-0077 , CVE-2011-0078)\n\nMartin Barbella reported a memory safety issue which affected Firefox\n3.6 and Firefox 3.5. (CVE-2011-0072)\n\nMFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security\nresearcher regenrecht reported several dangling pointer\nvulnerabilities via TippingPoint's Zero Day Initiative.\n\nMFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported\nthat a Java applet could be used to mimic interaction with form\nautocomplete controls and steal entries from the form history.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689281\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"seamonkey-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"seamonkey-dom-inspector-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"seamonkey-irc-2.0.14-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"seamonkey-venkman-2.0.14-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:12:02", "bulletinFamily": "scanner", "description": "The installed version of Thunderbird 3.1 is earlier than 3.1.10. \nSuch versions are potentially affected by the following security\nissues :\n\n - An error in the resource protocol can allow directory\n traversal. (CVE-2011-0071)\n\n - Multiple memory safety issues can lead to application \n crashes and possibly remote code execution.\n (CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, \n CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, \n CVE-2011-0078, CVE-2011-0080, CVE-2011-0081)", "modified": "2018-07-16T00:00:00", "published": "2011-04-29T00:00:00", "id": "MOZILLA_THUNDERBIRD_3110.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53596", "title": "Mozilla Thunderbird 3.1 < 3.1.10 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53596);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/16 14:09:15\");\n\n script_cve_id(\n \"CVE-2011-0069\",\n \"CVE-2011-0070\",\n \"CVE-2011-0071\",\n \"CVE-2011-0072\",\n \"CVE-2011-0074\",\n \"CVE-2011-0075\",\n \"CVE-2011-0077\",\n \"CVE-2011-0078\",\n \"CVE-2011-0080\",\n \"CVE-2011-0081\"\n );\n script_bugtraq_id(\n 47641,\n 47646,\n 47647,\n 47648,\n 47651,\n 47653,\n 47654,\n 47655,\n 47656,\n 47657,\n 47666\n );\n script_xref(name:\"Secunia\", value:\"44407\");\n\n script_name(english:\"Mozilla Thunderbird 3.1 < 3.1.10 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a mail client that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Thunderbird 3.1 is earlier than 3.1.10. \nSuch versions are potentially affected by the following security\nissues :\n\n - An error in the resource protocol can allow directory\n traversal. (CVE-2011-0071)\n\n - Multiple memory safety issues can lead to application \n crashes and possibly remote code execution.\n (CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, \n CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, \n CVE-2011-0078, CVE-2011-0080, CVE-2011-0081)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?353363cb\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Thunderbird 3.1.10 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\");\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'3.1.10', min:'3.1.0', severity:SECURITY_HOLE);", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2017-09-19T13:37:18", "bulletinFamily": "NVD", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x before 4.0.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to gfx/layers/d3d10/ReadbackManagerD3D10.cpp and unknown other vectors.", "modified": "2017-09-18T21:31:53", "published": "2011-05-07T14:55:01", "id": "CVE-2011-0079", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0079", "title": "CVE-2011-0079", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:37:18", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "modified": "2017-09-18T21:31:53", "published": "2011-05-07T14:55:01", "id": "CVE-2011-0081", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0081", "title": "CVE-2011-0081", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:37:18", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069.", "modified": "2017-09-18T21:31:52", "published": "2011-05-07T14:55:01", "id": "CVE-2011-0070", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0070", "title": "CVE-2011-0070", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:37:27", "bulletinFamily": "NVD", "description": "The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.", "modified": "2017-09-18T21:32:26", "published": "2011-03-10T21:01:20", "id": "CVE-2011-1202", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1202", "title": "CVE-2011-1202", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-09-19T13:37:18", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070.", "modified": "2017-09-18T21:31:52", "published": "2011-05-07T14:55:01", "id": "CVE-2011-0069", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0069", "title": "CVE-2011-0069", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:40", "bulletinFamily": "software", "description": "Mozilla Foundation Security Advisory 2011-12\r\n\r\nTitle: Miscellaneous memory safety hazards (rv:2.0.1/ 1.9.2.17/ 1.9.1.19)\r\nImpact: Critical\r\nAnnounced: April 28, 2011\r\nProducts: Firefox, Thunderbird, SeaMonkey\r\n\r\nFixed in: Firefox 4.0.1\r\n Firefox 3.6.17\r\n Firefox 3.5.19\r\n Thunderbird 3.1.10\r\n SeaMonkey 2.0.14\r\nDescription\r\n\r\nMozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.\r\nCredits\r\n\r\nMozilla developers Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, Nils, Scoobidiver, and Ted Mielczarek reported memory safety issues which affected Firefox 4.\r\n\r\n Memory safety bugs affecting Firefox 4\r\n CVE-2011-0079\r\n\r\nMozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6\r\n\r\n Memory safety bugs affecting Firefox 4 and Firefox 3.6\r\n CVE-2011-0081\r\n\r\nThe web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5.\r\n\r\n https://bugzilla.mozilla.org/show_bug.cgi?id=644069\r\n CVE-2011-0069\r\n\r\nIan Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5.\r\n\r\n https://bugzilla.mozilla.org/show_bug.cgi?id=645565\r\n CVE-2011-0070\r\n\r\nMozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5\r\n\r\n Memory safety bugs - Firefox 3.6, Firefox 3.5\r\n CVE-2011-0080\r\n\r\nAki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5\r\n\r\n https://bugzilla.mozilla.org/show_bug.cgi?id=619021\r\n CVE-2011-0074\r\n https://bugzilla.mozilla.org/show_bug.cgi?id=635977\r\n CVE-2011-0075\r\n\r\nIan Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5\r\n\r\n https://bugzilla.mozilla.org/show_bug.cgi?id=623998\r\n CVE-2011-0077\r\n https://bugzilla.mozilla.org/show_bug.cgi?id=635705\r\n CVE-2011-0078\r\n\r\nMartin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5.\r\n\r\n https://bugzilla.mozilla.org/show_bug.cgi?id=624187\r\n CVE-2011-0072\r\n", "modified": "2011-05-01T00:00:00", "published": "2011-05-01T00:00:00", "id": "SECURITYVULNS:DOC:26237", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26237", "title": "Mozilla Foundation Security Advisory 2011-12", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:42", "bulletinFamily": "software", "description": "Multiple memory corruptions, uninitialized pointer dereferences, information leakage, code execution.", "modified": "2011-05-11T00:00:00", "published": "2011-05-11T00:00:00", "id": "SECURITYVULNS:VULN:11633", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11633", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:40", "bulletinFamily": "software", "description": "Mozilla Foundation Security Advisory 2011-18\r\n\r\nTitle: XSLT generate-id() function heap address leak\r\nImpact: Low\r\nAnnounced: April 28, 2011\r\nReporter: Chris Evans\r\nProducts: Firefox, SeaMonkey\r\n\r\nFixed in: Firefox 4.0.1\r\nFirefox 3.6.17\r\nFirefox 3.5.19\r\nSeaMonkey 2.0.14\r\nDescription\r\n\r\nChris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system.\r\n\r\n https://bugzilla.mozilla.org/show_bug.cgi?id=640339\r\n CVE-2011-1202\r\n", "modified": "2011-05-01T00:00:00", "published": "2011-05-01T00:00:00", "id": "SECURITYVULNS:DOC:26243", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26243", "title": "Mozilla Foundation Security Advisory 2011-18", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "suse": [{"lastseen": "2016-09-04T11:32:37", "bulletinFamily": "unix", "description": "The Mozilla suite of browsers received security updates.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2011-05-05T17:46:39", "published": "2011-05-05T17:46:39", "id": "SUSE-SA:2011:022", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00001.html", "title": "remote code execution, remote denial of service in MozillaFirefox,seamonkey,MozillaThunderbird", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "mozilla": [{"lastseen": "2016-09-05T13:37:39", "bulletinFamily": "software", "description": "Chris Evans of the Chrome Security Team reported\nthat the XSLT generate-id() function returned a string that revealed\na specific valid address of an object on the memory heap. It is possible\nthat in some cases this address would be valuable information that could\nbe used by an attacker while exploiting a different memory corruption\nbut, in order to make an exploit more reliable or work around mitigation\nfeatures in the browser or operating system.", "modified": "2011-04-28T00:00:00", "published": "2011-04-28T00:00:00", "id": "MFSA2011-18", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2011-18/", "type": "mozilla", "title": "XSLT generate-id() function heap address leak", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:46:24", "bulletinFamily": "unix", "description": "firefox:\n[3.6.17-1.0.1.el6_0]\n- Added firefox-oracle-default-prefs.js and removed firefox-redhat-default-prefs.js\n[3.6.17-1]\n- Update to 3.6.17\nxulrunner:\n[1.9.2.17-4.0.1.el6_0]\n- Replace xulrunner-redhat-default-prefs.js with\n xulrunner-oracle-default-prefs.js\n[1.9.2.17-4]\n- Rebuild\n[1.9.2.17-3]\n- Update to 1.9.2.17", "modified": "2011-04-29T00:00:00", "published": "2011-04-29T00:00:00", "id": "ELSA-2011-0471", "href": "http://linux.oracle.com/errata/ELSA-2011-0471.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:45:44", "bulletinFamily": "unix", "description": "[3.1.10-1.0.1.el6_0]\n- Replaced thunderbird-redhat-default-prefs.js with\n thunderbird-oracle-default-prefs.js\n- Replace clean.gif in tarball\n[3.1.10-1]\n- Update to 3.1.10", "modified": "2011-04-29T00:00:00", "published": "2011-04-29T00:00:00", "id": "ELSA-2011-0475", "href": "http://linux.oracle.com/errata/ELSA-2011-0475.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:25:16", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2011:0471\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox. (CVE-2011-0080,\nCVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user visited a\nmalicious web page, it could possibly lead to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values for\nthe \"rows\" and \"cols\" attributes could trigger this flaw, possibly leading\nto arbitrary code execution with the privileges of the user running\nFirefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web page\nwith an iframe tag containing a specially-crafted source address could\ntrigger this flaw, possibly leading to arbitrary code execution with the\nprivileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee elements. A\nmalformed HTML document could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection element.\nMalformed content could cause Firefox to execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource:// protocol\nhandler. Malicious content could cause Firefox to access arbitrary files\naccessible to the user running Firefox. (CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n\"application/http-index-format\" documents. A malformed HTTP response could\ncause Firefox to execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript cross-domain\nrequests. If malicious content generated a large number of cross-domain\nJavaScript requests, it could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history information.\n(CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This function\nreturned the memory address of an object in memory, which could possibly be\nused by attackers to bypass address randomization protections.\n(CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.17. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.17, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/017460.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/017461.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/017470.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/017471.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\n", "modified": "2011-04-29T17:10:44", "published": "2011-04-29T11:48:25", "href": "http://lists.centos.org/pipermail/centos-announce/2011-April/017460.html", "id": "CESA-2011:0471", "title": "firefox, xulrunner security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T19:41:12", "bulletinFamily": "unix", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could possibly lead to arbitrary code\nexecution with the privileges of the user running Firefox. (CVE-2011-0080,\nCVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Firefox handled\nout-of-memory conditions. If all memory was consumed when a user visited a\nmalicious web page, it could possibly lead to arbitrary code execution\nwith the privileges of the user running Firefox. (CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Firefox handled the HTML\nframeset tag. A web page with a frameset tag containing large values for\nthe \"rows\" and \"cols\" attributes could trigger this flaw, possibly leading\nto arbitrary code execution with the privileges of the user running\nFirefox. (CVE-2011-0077)\n\nA flaw was found in the way Firefox handled the HTML iframe tag. A web page\nwith an iframe tag containing a specially-crafted source address could\ntrigger this flaw, possibly leading to arbitrary code execution with the\nprivileges of the user running Firefox. (CVE-2011-0075)\n\nA flaw was found in the way Firefox displayed multiple marquee elements. A\nmalformed HTML document could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0074)\n\nA flaw was found in the way Firefox handled the nsTreeSelection element.\nMalformed content could cause Firefox to execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2011-0073)\n\nA use-after-free flaw was found in the way Firefox appended frame and\niframe elements to a DOM tree when the NoScript add-on was enabled.\nMalicious HTML content could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0072)\n\nA directory traversal flaw was found in the Firefox resource:// protocol\nhandler. Malicious content could cause Firefox to access arbitrary files\naccessible to the user running Firefox. (CVE-2011-0071)\n\nA double free flaw was found in the way Firefox handled\n\"application/http-index-format\" documents. A malformed HTTP response could\ncause Firefox to execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-0070)\n\nA flaw was found in the way Firefox handled certain JavaScript cross-domain\nrequests. If malicious content generated a large number of cross-domain\nJavaScript requests, it could cause Firefox to execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2011-0069)\n\nA flaw was found in the way Firefox displayed the autocomplete pop-up.\nMalicious content could use this flaw to steal form history information.\n(CVE-2011-0067)\n\nTwo use-after-free flaws were found in the Firefox mObserverList and\nmChannel objects. Malicious content could use these flaws to execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2011-0066, CVE-2011-0065)\n\nA flaw was found in the Firefox XSLT generate-id() function. This function\nreturned the memory address of an object in memory, which could possibly be\nused by attackers to bypass address randomization protections.\n(CVE-2011-1202)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.17. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.17, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n", "modified": "2018-06-06T20:24:10", "published": "2011-04-28T04:00:00", "id": "RHSA-2011:0471", "href": "https://access.redhat.com/errata/RHSA-2011:0471", "type": "redhat", "title": "(RHSA-2011:0471) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:59", "bulletinFamily": "unix", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML content. An\nHTML mail message containing malicious content could possibly lead to\narbitrary code execution with the privileges of the user running\nThunderbird. (CVE-2011-0080, CVE-2011-0081)\n\nAn arbitrary memory write flaw was found in the way Thunderbird handled\nout-of-memory conditions. If all memory was consumed when a user viewed a\nmalicious HTML mail message, it could possibly lead to arbitrary code\nexecution with the privileges of the user running Thunderbird.\n(CVE-2011-0078)\n\nAn integer overflow flaw was found in the way Thunderbird handled the HTML\nframeset tag. An HTML mail message with a frameset tag containing large\nvalues for the \"rows\" and \"cols\" attributes could trigger this flaw,\npossibly leading to arbitrary code execution with the privileges of the\nuser running Thunderbird. (CVE-2011-0077)\n\nA flaw was found in the way Thunderbird handled the HTML iframe tag. An\nHTML mail message with an iframe tag containing a specially-crafted source\naddress could trigger this flaw, possibly leading to arbitrary code\nexecution with the privileges of the user running Thunderbird.\n(CVE-2011-0075)\n\nA flaw was found in the way Thunderbird displayed multiple marquee\nelements. A malformed HTML mail message could cause Thunderbird to execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2011-0074)\n\nA flaw was found in the way Thunderbird handled the nsTreeSelection\nelement. Malformed content could cause Thunderbird to execute arbitrary\ncode with the privileges of the user running Thunderbird. (CVE-2011-0073)\n\nA directory traversal flaw was found in the Thunderbird resource://\nprotocol handler. Malicious content could cause Thunderbird to access\narbitrary files accessible to the user running Thunderbird. (CVE-2011-0071)\n\nA double free flaw was found in the way Thunderbird handled\n\"application/http-index-format\" documents. A malformed HTTP response could\ncause Thunderbird to execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2011-0070)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n", "modified": "2018-06-06T20:24:23", "published": "2011-04-28T04:00:00", "id": "RHSA-2011:0475", "href": "https://access.redhat.com/errata/RHSA-2011:0475", "type": "redhat", "title": "(RHSA-2011:0475) Critical: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:13:18", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2235-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMay 10, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 \n CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073\n CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078\n CVE-2011-0080 CVE-2011-0081 \n\nSeveral vulnerabilities have been discovered in Icedove, an unbranded\nversion of the Thunderbird mail/news client.\n\nCVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081\n\n "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\n Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella \n discovered memory corruption bugs, which may lead to the execution\n of arbitrary code.\n\nCVE-2011-0065 CVE-2011-0066 CVE-2011-0073\n\n "regenrecht" discovered several dangling pointer vulnerabilities,\n which may lead to the execution of arbitrary code.\n\nCVE-2011-0067\n\n Paul Stone discovered that Java applets could steal information\n from the autocompletion history.\n\nCVE-2011-0071\n\n Soroush Dalili discovered a directory traversal vulnerability in\n handling resource URIs.\n\nAs indicated in the Lenny (oldstable) release notes, security support for\nthe Icedove packages in the oldstable needed to be stopped before the end\nof the regular Lenny security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a different\nmail client.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze2.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2011-05-10T20:15:08", "published": "2011-05-10T20:15:08", "id": "DEBIAN:DSA-2235-1:7DA12", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00104.html", "title": "[SECURITY] [DSA 2235-1] icedove security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}