{"id": "UBUNTU_USN-2052-1.NASL", "bulletinFamily": "scanner", "title": "Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2052-1)", "description": "Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and\nChristoph Diehl discovered multiple memory safety issues in Firefox.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit these to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5609, CVE-2013-5610)\n\nMyk Melez discovered that the doorhanger notification for web app\ninstallation could persist between page navigations. An attacker could\npotentially exploit this to conduct clickjacking attacks.\n(CVE-2013-5611)\n\nMasato Kinugawa discovered that pages with missing character set\nencoding information can inherit character encodings across\nnavigations from another domain. An attacker could potentially exploit\nthis to conduct cross-site scripting attacks. (CVE-2013-5612)\n\nDaniel Veditz discovered that a sandboxed iframe could use an object\nelement to bypass its own restrictions. (CVE-2013-5614)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in\nevent listeners. An attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5618)\n\nDan Gohman discovered that binary search algorithms in Spidermonkey\nused arithmetic prone to overflow in several places. However, this is\nissue not believed to be exploitable. (CVE-2013-5619)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when\ninserting an ordered list in to a document using script. An attacker\ncould potentially exploit this to execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2013-6671)\n\nVincent Lefevre discovered that web content could access clipboard\ndata under certain circumstances, resulting in information disclosure.\n(CVE-2013-6672)\n\nSijie Xia discovered that trust settings for built-in EV root\ncertificates were ignored under certain circumstances, removing the\nability for a user to manually untrust certificates from specific\nauthorities. (CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a\nuse-after-free in functions for synthetic mouse movement handling. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5613)\n\nEric Faust discovered that GetElementIC typed array stubs can be\ngenerated outside observed typesets. An attacker could possibly\nexploit this to cause undefined behaviour with a potential security\nimpact. (CVE-2013-5615)\n\nMichal Zalewski discovered several issues with JPEG image handling. An\nattacker could potentially exploit these to obtain sensitive\ninformation. (CVE-2013-6629, CVE-2013-6630).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2013-12-12T00:00:00", "modified": "2018-12-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=71374", "reporter": "Tenable", "references": ["https://usn.ubuntu.com/2052-1/"], "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6630", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-6629", "CVE-2013-5618"], "type": "nessus", "lastseen": "2019-01-16T20:17:42", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:canonical:ubuntu_linux:13.10", "p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6630", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-6629", "CVE-2013-5618"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph Diehl discovered multiple memory safety issues in Firefox.\nIf a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5609, CVE-2013-5610)\n\nMyk Melez discovered that the doorhanger notification for web app installation could persist between page navigations. An attacker could potentially exploit this to conduct clickjacking attacks.\n(CVE-2013-5611)\n\nMasato Kinugawa discovered that pages with missing character set encoding information can inherit character encodings across navigations from another domain. An attacker could potentially exploit this to conduct cross-site scripting attacks. (CVE-2013-5612)\n\nDaniel Veditz discovered that a sandboxed iframe could use an object element to bypass its own restrictions. (CVE-2013-5614)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in event listeners. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5618)\n\nDan Gohman discovered that binary search algorithms in Spidermonkey used arithmetic prone to overflow in several places. However, this is issue not believed to be exploitable. (CVE-2013-5619)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when inserting an ordered list in to a document using script. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-6671)\n\nVincent Lefevre discovered that web content could access clipboard data under certain circumstances, resulting in information disclosure.\n(CVE-2013-6672)\n\nSijie Xia discovered that trust settings for built-in EV root certificates were ignored under certain circumstances, removing the ability for a user to manually untrust certificates from specific authorities. (CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a use-after-free in functions for synthetic mouse movement handling. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5613)\n\nEric Faust discovered that GetElementIC typed array stubs can be generated outside observed typesets. An attacker could possibly exploit this to cause undefined behaviour with a potential security impact. (CVE-2013-5615)\n\nMichal Zalewski discovered several issues with JPEG image handling. An attacker could potentially exploit these to obtain sensitive information. (CVE-2013-6629, CVE-2013-6630).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "0a12aab628da1d5b907296083c6e15833de568c8e1b4180827e846c16e908c3d", "hashmap": [{"hash": "a743abd2f9354dfa006a7508e7150f02", "key": "cvelist"}, {"hash": "5ebefc09f1b29d9e0dad2276c1ad05e8", "key": "modified"}, {"hash": "08cff4782733a124bddff696ba8b3d3d", "key": "description"}, {"hash": "13a218f8b665a76c75f1fed6bc3b2c62", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "bd003005c77cb38cb62bf7993fa48ccb", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "adca641a2002a70062aec2976840aa1e", "key": "published"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "19f5cc1f2c3f2e446b4ab003e8571023", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e48a8cbfc5e4bfbb92beef076fadf274", "key": "href"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "c1dc18e5b7e112f267a79770186e3a83", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=71374", "id": "UBUNTU_USN-2052-1.NASL", "lastseen": "2017-10-29T13:41:18", "modified": "2016-05-25T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "71374", "published": "2013-12-12T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2052-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71374);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/05/25 16:34:54 $\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n script_bugtraq_id(63676, 63679, 64203, 64204, 64205, 64206, 64207, 64209, 64210, 64211, 64212, 64213, 64214, 64215, 64216);\n script_osvdb_id(99710, 99711, 100805, 100806, 100807, 100808, 100809, 100810, 100811, 100812, 100813, 100814, 100815, 100816, 100818);\n script_xref(name:\"USN\", value:\"2052-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2052-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and\nChristoph Diehl discovered multiple memory safety issues in Firefox.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit these to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5609, CVE-2013-5610)\n\nMyk Melez discovered that the doorhanger notification for web app\ninstallation could persist between page navigations. An attacker could\npotentially exploit this to conduct clickjacking attacks.\n(CVE-2013-5611)\n\nMasato Kinugawa discovered that pages with missing character set\nencoding information can inherit character encodings across\nnavigations from another domain. An attacker could potentially exploit\nthis to conduct cross-site scripting attacks. (CVE-2013-5612)\n\nDaniel Veditz discovered that a sandboxed iframe could use an object\nelement to bypass its own restrictions. (CVE-2013-5614)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in\nevent listeners. An attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5618)\n\nDan Gohman discovered that binary search algorithms in Spidermonkey\nused arithmetic prone to overflow in several places. However, this is\nissue not believed to be exploitable. (CVE-2013-5619)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when\ninserting an ordered list in to a document using script. An attacker\ncould potentially exploit this to execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2013-6671)\n\nVincent Lefevre discovered that web content could access clipboard\ndata under certain circumstances, resulting in information disclosure.\n(CVE-2013-6672)\n\nSijie Xia discovered that trust settings for built-in EV root\ncertificates were ignored under certain circumstances, removing the\nability for a user to manually untrust certificates from specific\nauthorities. (CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a\nuse-after-free in functions for synthetic mouse movement handling. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5613)\n\nEric Faust discovered that GetElementIC typed array stubs can be\ngenerated outside observed typesets. An attacker could possibly\nexploit this to cause undefined behaviour with a potential security\nimpact. (CVE-2013-5615)\n\nMichal Zalewski discovered several issues with JPEG image handling. An\nattacker could potentially exploit these to obtain sensitive\ninformation. (CVE-2013-6629, CVE-2013-6630).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2016 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|12\\.10|13\\.04|13\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 12.10 / 13.04 / 13.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.12.10.2\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.13.04.2\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.13.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "title": "Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2052-1)", "type": "nessus", "viewCount": 5}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:41:18"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:canonical:ubuntu_linux:13.10", "p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6630", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-6629", "CVE-2013-5618"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph Diehl discovered multiple memory safety issues in Firefox.\nIf a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5609, CVE-2013-5610)\n\nMyk Melez discovered that the doorhanger notification for web app installation could persist between page navigations. An attacker could potentially exploit this to conduct clickjacking attacks.\n(CVE-2013-5611)\n\nMasato Kinugawa discovered that pages with missing character set encoding information can inherit character encodings across navigations from another domain. An attacker could potentially exploit this to conduct cross-site scripting attacks. (CVE-2013-5612)\n\nDaniel Veditz discovered that a sandboxed iframe could use an object element to bypass its own restrictions. (CVE-2013-5614)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in event listeners. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5618)\n\nDan Gohman discovered that binary search algorithms in Spidermonkey used arithmetic prone to overflow in several places. However, this is issue not believed to be exploitable. (CVE-2013-5619)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when inserting an ordered list in to a document using script. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-6671)\n\nVincent Lefevre discovered that web content could access clipboard data under certain circumstances, resulting in information disclosure.\n(CVE-2013-6672)\n\nSijie Xia discovered that trust settings for built-in EV root certificates were ignored under certain circumstances, removing the ability for a user to manually untrust certificates from specific authorities. (CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a use-after-free in functions for synthetic mouse movement handling. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5613)\n\nEric Faust discovered that GetElementIC typed array stubs can be generated outside observed typesets. An attacker could possibly exploit this to cause undefined behaviour with a potential security impact. (CVE-2013-5615)\n\nMichal Zalewski discovered several issues with JPEG image handling. An attacker could potentially exploit these to obtain sensitive information. (CVE-2013-6629, CVE-2013-6630).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "824d58ae69542f627227fc99742f43a30fd7634dbea9b0f04b47920f648b2cdc", "hashmap": [{"hash": "8deedc93b61bfe88de60b07f235cd1fd", "key": "sourceData"}, {"hash": "a743abd2f9354dfa006a7508e7150f02", "key": "cvelist"}, {"hash": "08cff4782733a124bddff696ba8b3d3d", "key": "description"}, {"hash": "13a218f8b665a76c75f1fed6bc3b2c62", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "bd003005c77cb38cb62bf7993fa48ccb", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "adca641a2002a70062aec2976840aa1e", "key": "published"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e48a8cbfc5e4bfbb92beef076fadf274", "key": "href"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "c1dc18e5b7e112f267a79770186e3a83", "key": "pluginID"}, {"hash": "21fc9686c146fcf6b16f09134dff3269", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=71374", "id": "UBUNTU_USN-2052-1.NASL", "lastseen": "2018-08-05T12:03:36", "modified": "2018-08-03T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "71374", "published": "2013-12-12T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2052-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71374);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/08/03 12:21:24\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n script_bugtraq_id(63676, 63679, 64203, 64204, 64205, 64206, 64207, 64209, 64210, 64211, 64212, 64213, 64214, 64215, 64216);\n script_xref(name:\"USN\", value:\"2052-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2052-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and\nChristoph Diehl discovered multiple memory safety issues in Firefox.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit these to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5609, CVE-2013-5610)\n\nMyk Melez discovered that the doorhanger notification for web app\ninstallation could persist between page navigations. An attacker could\npotentially exploit this to conduct clickjacking attacks.\n(CVE-2013-5611)\n\nMasato Kinugawa discovered that pages with missing character set\nencoding information can inherit character encodings across\nnavigations from another domain. An attacker could potentially exploit\nthis to conduct cross-site scripting attacks. (CVE-2013-5612)\n\nDaniel Veditz discovered that a sandboxed iframe could use an object\nelement to bypass its own restrictions. (CVE-2013-5614)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in\nevent listeners. An attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5618)\n\nDan Gohman discovered that binary search algorithms in Spidermonkey\nused arithmetic prone to overflow in several places. However, this is\nissue not believed to be exploitable. (CVE-2013-5619)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when\ninserting an ordered list in to a document using script. An attacker\ncould potentially exploit this to execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2013-6671)\n\nVincent Lefevre discovered that web content could access clipboard\ndata under certain circumstances, resulting in information disclosure.\n(CVE-2013-6672)\n\nSijie Xia discovered that trust settings for built-in EV root\ncertificates were ignored under certain circumstances, removing the\nability for a user to manually untrust certificates from specific\nauthorities. (CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a\nuse-after-free in functions for synthetic mouse movement handling. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5613)\n\nEric Faust discovered that GetElementIC typed array stubs can be\ngenerated outside observed typesets. An attacker could possibly\nexploit this to cause undefined behaviour with a potential security\nimpact. (CVE-2013-5615)\n\nMichal Zalewski discovered several issues with JPEG image handling. An\nattacker could potentially exploit these to obtain sensitive\ninformation. (CVE-2013-6629, CVE-2013-6630).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|12\\.10|13\\.04|13\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 12.10 / 13.04 / 13.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.12.10.2\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.13.04.2\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.13.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "title": "Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2052-1)", "type": "nessus", "viewCount": 5}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-05T12:03:36"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:canonical:ubuntu_linux:13.10", "p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6630", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-6629", "CVE-2013-5618"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph Diehl discovered multiple memory safety issues in Firefox.\nIf a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5609, CVE-2013-5610)\n\nMyk Melez discovered that the doorhanger notification for web app installation could persist between page navigations. An attacker could potentially exploit this to conduct clickjacking attacks.\n(CVE-2013-5611)\n\nMasato Kinugawa discovered that pages with missing character set encoding information can inherit character encodings across navigations from another domain. An attacker could potentially exploit this to conduct cross-site scripting attacks. (CVE-2013-5612)\n\nDaniel Veditz discovered that a sandboxed iframe could use an object element to bypass its own restrictions. (CVE-2013-5614)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in event listeners. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5618)\n\nDan Gohman discovered that binary search algorithms in Spidermonkey used arithmetic prone to overflow in several places. However, this is issue not believed to be exploitable. (CVE-2013-5619)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when inserting an ordered list in to a document using script. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-6671)\n\nVincent Lefevre discovered that web content could access clipboard data under certain circumstances, resulting in information disclosure.\n(CVE-2013-6672)\n\nSijie Xia discovered that trust settings for built-in EV root certificates were ignored under certain circumstances, removing the ability for a user to manually untrust certificates from specific authorities. (CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a use-after-free in functions for synthetic mouse movement handling. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5613)\n\nEric Faust discovered that GetElementIC typed array stubs can be generated outside observed typesets. An attacker could possibly exploit this to cause undefined behaviour with a potential security impact. (CVE-2013-5615)\n\nMichal Zalewski discovered several issues with JPEG image handling. An attacker could potentially exploit these to obtain sensitive information. (CVE-2013-6629, CVE-2013-6630).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "009f0edf0c820095a4b97de89e685330eb3f2bb18c01ed97ebf23167ea1fdb22", "hashmap": [{"hash": "8deedc93b61bfe88de60b07f235cd1fd", "key": "sourceData"}, {"hash": "a743abd2f9354dfa006a7508e7150f02", "key": "cvelist"}, {"hash": "08cff4782733a124bddff696ba8b3d3d", "key": "description"}, {"hash": "13a218f8b665a76c75f1fed6bc3b2c62", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "bd003005c77cb38cb62bf7993fa48ccb", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "adca641a2002a70062aec2976840aa1e", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e48a8cbfc5e4bfbb92beef076fadf274", "key": "href"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "c1dc18e5b7e112f267a79770186e3a83", "key": "pluginID"}, {"hash": "21fc9686c146fcf6b16f09134dff3269", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=71374", "id": "UBUNTU_USN-2052-1.NASL", "lastseen": "2018-08-30T19:49:06", "modified": "2018-08-03T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "71374", "published": "2013-12-12T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2052-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71374);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/08/03 12:21:24\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n script_bugtraq_id(63676, 63679, 64203, 64204, 64205, 64206, 64207, 64209, 64210, 64211, 64212, 64213, 64214, 64215, 64216);\n script_xref(name:\"USN\", value:\"2052-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2052-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and\nChristoph Diehl discovered multiple memory safety issues in Firefox.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit these to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5609, CVE-2013-5610)\n\nMyk Melez discovered that the doorhanger notification for web app\ninstallation could persist between page navigations. An attacker could\npotentially exploit this to conduct clickjacking attacks.\n(CVE-2013-5611)\n\nMasato Kinugawa discovered that pages with missing character set\nencoding information can inherit character encodings across\nnavigations from another domain. An attacker could potentially exploit\nthis to conduct cross-site scripting attacks. (CVE-2013-5612)\n\nDaniel Veditz discovered that a sandboxed iframe could use an object\nelement to bypass its own restrictions. (CVE-2013-5614)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in\nevent listeners. An attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5618)\n\nDan Gohman discovered that binary search algorithms in Spidermonkey\nused arithmetic prone to overflow in several places. However, this is\nissue not believed to be exploitable. (CVE-2013-5619)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when\ninserting an ordered list in to a document using script. An attacker\ncould potentially exploit this to execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2013-6671)\n\nVincent Lefevre discovered that web content could access clipboard\ndata under certain circumstances, resulting in information disclosure.\n(CVE-2013-6672)\n\nSijie Xia discovered that trust settings for built-in EV root\ncertificates were ignored under certain circumstances, removing the\nability for a user to manually untrust certificates from specific\nauthorities. (CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a\nuse-after-free in functions for synthetic mouse movement handling. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5613)\n\nEric Faust discovered that GetElementIC typed array stubs can be\ngenerated outside observed typesets. An attacker could possibly\nexploit this to cause undefined behaviour with a potential security\nimpact. (CVE-2013-5615)\n\nMichal Zalewski discovered several issues with JPEG image handling. An\nattacker could potentially exploit these to obtain sensitive\ninformation. (CVE-2013-6629, CVE-2013-6630).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|12\\.10|13\\.04|13\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 12.10 / 13.04 / 13.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.12.10.2\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.13.04.2\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.13.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "title": "Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2052-1)", "type": "nessus", "viewCount": 5}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:49:06"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:canonical:ubuntu_linux:13.10", "p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6630", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-6629", "CVE-2013-5618"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph Diehl discovered multiple memory safety issues in Firefox.\nIf a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5609, CVE-2013-5610)\n\nMyk Melez discovered that the doorhanger notification for web app installation could persist between page navigations. An attacker could potentially exploit this to conduct clickjacking attacks.\n(CVE-2013-5611)\n\nMasato Kinugawa discovered that pages with missing character set encoding information can inherit character encodings across navigations from another domain. An attacker could potentially exploit this to conduct cross-site scripting attacks. (CVE-2013-5612)\n\nDaniel Veditz discovered that a sandboxed iframe could use an object element to bypass its own restrictions. (CVE-2013-5614)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in event listeners. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5618)\n\nDan Gohman discovered that binary search algorithms in Spidermonkey used arithmetic prone to overflow in several places. However, this is issue not believed to be exploitable. (CVE-2013-5619)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when inserting an ordered list in to a document using script. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-6671)\n\nVincent Lefevre discovered that web content could access clipboard data under certain circumstances, resulting in information disclosure.\n(CVE-2013-6672)\n\nSijie Xia discovered that trust settings for built-in EV root certificates were ignored under certain circumstances, removing the ability for a user to manually untrust certificates from specific authorities. (CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a use-after-free in functions for synthetic mouse movement handling. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5613)\n\nEric Faust discovered that GetElementIC typed array stubs can be generated outside observed typesets. An attacker could possibly exploit this to cause undefined behaviour with a potential security impact. (CVE-2013-5615)\n\nMichal Zalewski discovered several issues with JPEG image handling. An attacker could potentially exploit these to obtain sensitive information. (CVE-2013-6629, CVE-2013-6630).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "894f98dcff9471071d292a777e6455d0b73ba8fd3c03878254d86c0b8fd1de7f", "hashmap": [{"hash": "03c8abffc02ca63eb0891dc254fcbc44", "key": "sourceData"}, {"hash": "a743abd2f9354dfa006a7508e7150f02", "key": "cvelist"}, {"hash": "08cff4782733a124bddff696ba8b3d3d", "key": "description"}, {"hash": "13a218f8b665a76c75f1fed6bc3b2c62", "key": "cpe"}, {"hash": "bd003005c77cb38cb62bf7993fa48ccb", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "adca641a2002a70062aec2976840aa1e", "key": "published"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "0b7bc3d628637c0ff555114c533a3dda", "key": "modified"}, {"hash": "fab9f035d326a6edb6defc73c2bceff8", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e48a8cbfc5e4bfbb92beef076fadf274", "key": "href"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "c1dc18e5b7e112f267a79770186e3a83", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=71374", "id": "UBUNTU_USN-2052-1.NASL", "lastseen": "2018-12-02T15:38:21", "modified": "2018-12-01T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "71374", "published": "2013-12-12T00:00:00", "references": ["https://usn.ubuntu.com/2052-1/"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2052-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71374);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n script_bugtraq_id(63676, 63679, 64203, 64204, 64205, 64206, 64207, 64209, 64210, 64211, 64212, 64213, 64214, 64215, 64216);\n script_xref(name:\"USN\", value:\"2052-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2052-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and\nChristoph Diehl discovered multiple memory safety issues in Firefox.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit these to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5609, CVE-2013-5610)\n\nMyk Melez discovered that the doorhanger notification for web app\ninstallation could persist between page navigations. An attacker could\npotentially exploit this to conduct clickjacking attacks.\n(CVE-2013-5611)\n\nMasato Kinugawa discovered that pages with missing character set\nencoding information can inherit character encodings across\nnavigations from another domain. An attacker could potentially exploit\nthis to conduct cross-site scripting attacks. (CVE-2013-5612)\n\nDaniel Veditz discovered that a sandboxed iframe could use an object\nelement to bypass its own restrictions. (CVE-2013-5614)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in\nevent listeners. An attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5618)\n\nDan Gohman discovered that binary search algorithms in Spidermonkey\nused arithmetic prone to overflow in several places. However, this is\nissue not believed to be exploitable. (CVE-2013-5619)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when\ninserting an ordered list in to a document using script. An attacker\ncould potentially exploit this to execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2013-6671)\n\nVincent Lefevre discovered that web content could access clipboard\ndata under certain circumstances, resulting in information disclosure.\n(CVE-2013-6672)\n\nSijie Xia discovered that trust settings for built-in EV root\ncertificates were ignored under certain circumstances, removing the\nability for a user to manually untrust certificates from specific\nauthorities. (CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a\nuse-after-free in functions for synthetic mouse movement handling. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5613)\n\nEric Faust discovered that GetElementIC typed array stubs can be\ngenerated outside observed typesets. An attacker could possibly\nexploit this to cause undefined behaviour with a potential security\nimpact. (CVE-2013-5615)\n\nMichal Zalewski discovered several issues with JPEG image handling. An\nattacker could potentially exploit these to obtain sensitive\ninformation. (CVE-2013-6629, CVE-2013-6630).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2052-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|12\\.10|13\\.04|13\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 12.10 / 13.04 / 13.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.12.10.2\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.13.04.2\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.13.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "title": "Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2052-1)", "type": "nessus", "viewCount": 5}, "differentElements": ["description"], "edition": 6, "lastseen": "2018-12-02T15:38:21"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6630", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-6629", "CVE-2013-5618"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph Diehl discovered multiple memory safety issues in Firefox.\nIf a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5609, CVE-2013-5610)\n\nMyk Melez discovered that the doorhanger notification for web app installation could persist between page navigations. An attacker could potentially exploit this to conduct clickjacking attacks.\n(CVE-2013-5611)\n\nMasato Kinugawa discovered that pages with missing character set encoding information can inherit character encodings across navigations from another domain. An attacker could potentially exploit this to conduct cross-site scripting attacks. (CVE-2013-5612)\n\nDaniel Veditz discovered that a sandboxed iframe could use an object element to bypass its own restrictions. (CVE-2013-5614)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in event listeners. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5618)\n\nDan Gohman discovered that binary search algorithms in Spidermonkey used arithmetic prone to overflow in several places. However, this is issue not believed to be exploitable. (CVE-2013-5619)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when inserting an ordered list in to a document using script. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-6671)\n\nVincent Lefevre discovered that web content could access clipboard data under certain circumstances, resulting in information disclosure.\n(CVE-2013-6672)\n\nSijie Xia discovered that trust settings for built-in EV root certificates were ignored under certain circumstances, removing the ability for a user to manually untrust certificates from specific authorities. (CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a use-after-free in functions for synthetic mouse movement handling. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5613)\n\nEric Faust discovered that GetElementIC typed array stubs can be generated outside observed typesets. An attacker could possibly exploit this to cause undefined behaviour with a potential security impact. (CVE-2013-5615)\n\nMichal Zalewski discovered several issues with JPEG image handling. An attacker could potentially exploit these to obtain sensitive information. (CVE-2013-6629, CVE-2013-6630).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {}, "hash": "2146128eaea11ae48e6842d0d803916075e2dcf50f1e33c5765959514f2c0cc5", "hashmap": [{"hash": "a743abd2f9354dfa006a7508e7150f02", "key": "cvelist"}, {"hash": "5ebefc09f1b29d9e0dad2276c1ad05e8", "key": "modified"}, {"hash": "08cff4782733a124bddff696ba8b3d3d", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "bd003005c77cb38cb62bf7993fa48ccb", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "adca641a2002a70062aec2976840aa1e", "key": "published"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "19f5cc1f2c3f2e446b4ab003e8571023", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e48a8cbfc5e4bfbb92beef076fadf274", "key": "href"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "c1dc18e5b7e112f267a79770186e3a83", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=71374", "id": "UBUNTU_USN-2052-1.NASL", "lastseen": "2016-09-26T17:25:30", "modified": "2016-05-25T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.2", "pluginID": "71374", "published": "2013-12-12T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2052-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71374);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/05/25 16:34:54 $\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n script_bugtraq_id(63676, 63679, 64203, 64204, 64205, 64206, 64207, 64209, 64210, 64211, 64212, 64213, 64214, 64215, 64216);\n script_osvdb_id(99710, 99711, 100805, 100806, 100807, 100808, 100809, 100810, 100811, 100812, 100813, 100814, 100815, 100816, 100818);\n script_xref(name:\"USN\", value:\"2052-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2052-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and\nChristoph Diehl discovered multiple memory safety issues in Firefox.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit these to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5609, CVE-2013-5610)\n\nMyk Melez discovered that the doorhanger notification for web app\ninstallation could persist between page navigations. An attacker could\npotentially exploit this to conduct clickjacking attacks.\n(CVE-2013-5611)\n\nMasato Kinugawa discovered that pages with missing character set\nencoding information can inherit character encodings across\nnavigations from another domain. An attacker could potentially exploit\nthis to conduct cross-site scripting attacks. (CVE-2013-5612)\n\nDaniel Veditz discovered that a sandboxed iframe could use an object\nelement to bypass its own restrictions. (CVE-2013-5614)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in\nevent listeners. An attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5618)\n\nDan Gohman discovered that binary search algorithms in Spidermonkey\nused arithmetic prone to overflow in several places. However, this is\nissue not believed to be exploitable. (CVE-2013-5619)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when\ninserting an ordered list in to a document using script. An attacker\ncould potentially exploit this to execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2013-6671)\n\nVincent Lefevre discovered that web content could access clipboard\ndata under certain circumstances, resulting in information disclosure.\n(CVE-2013-6672)\n\nSijie Xia discovered that trust settings for built-in EV root\ncertificates were ignored under certain circumstances, removing the\nability for a user to manually untrust certificates from specific\nauthorities. (CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a\nuse-after-free in functions for synthetic mouse movement handling. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5613)\n\nEric Faust discovered that GetElementIC typed array stubs can be\ngenerated outside observed typesets. An attacker could possibly\nexploit this to cause undefined behaviour with a potential security\nimpact. (CVE-2013-5615)\n\nMichal Zalewski discovered several issues with JPEG image handling. An\nattacker could potentially exploit these to obtain sensitive\ninformation. (CVE-2013-6629, CVE-2013-6630).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2016 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|12\\.10|13\\.04|13\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 12.10 / 13.04 / 13.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.12.10.2\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.13.04.2\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.13.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "title": "Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2052-1)", "type": "nessus", "viewCount": 5}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:30"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:canonical:ubuntu_linux:13.10", "p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6630", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-6629", "CVE-2013-5618"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph Diehl discovered multiple memory safety issues in Firefox.\nIf a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5609, CVE-2013-5610)\n\nMyk Melez discovered that the doorhanger notification for web app installation could persist between page navigations. An attacker could potentially exploit this to conduct clickjacking attacks.\n(CVE-2013-5611)\n\nMasato Kinugawa discovered that pages with missing character set encoding information can inherit character encodings across navigations from another domain. An attacker could potentially exploit this to conduct cross-site scripting attacks. (CVE-2013-5612)\n\nDaniel Veditz discovered that a sandboxed iframe could use an object element to bypass its own restrictions. (CVE-2013-5614)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in event listeners. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5618)\n\nDan Gohman discovered that binary search algorithms in Spidermonkey used arithmetic prone to overflow in several places. However, this is issue not believed to be exploitable. (CVE-2013-5619)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when inserting an ordered list in to a document using script. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-6671)\n\nVincent Lefevre discovered that web content could access clipboard data under certain circumstances, resulting in information disclosure.\n(CVE-2013-6672)\n\nSijie Xia discovered that trust settings for built-in EV root certificates were ignored under certain circumstances, removing the ability for a user to manually untrust certificates from specific authorities. (CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a use-after-free in functions for synthetic mouse movement handling. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5613)\n\nEric Faust discovered that GetElementIC typed array stubs can be generated outside observed typesets. An attacker could possibly exploit this to cause undefined behaviour with a potential security impact. (CVE-2013-5615)\n\nMichal Zalewski discovered several issues with JPEG image handling. An attacker could potentially exploit these to obtain sensitive information. (CVE-2013-6629, CVE-2013-6630).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "824d58ae69542f627227fc99742f43a30fd7634dbea9b0f04b47920f648b2cdc", "hashmap": [{"hash": "8deedc93b61bfe88de60b07f235cd1fd", "key": "sourceData"}, {"hash": "a743abd2f9354dfa006a7508e7150f02", "key": "cvelist"}, {"hash": "08cff4782733a124bddff696ba8b3d3d", "key": "description"}, {"hash": "13a218f8b665a76c75f1fed6bc3b2c62", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "bd003005c77cb38cb62bf7993fa48ccb", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "adca641a2002a70062aec2976840aa1e", "key": "published"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e48a8cbfc5e4bfbb92beef076fadf274", "key": "href"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "c1dc18e5b7e112f267a79770186e3a83", "key": "pluginID"}, {"hash": "21fc9686c146fcf6b16f09134dff3269", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=71374", "id": "UBUNTU_USN-2052-1.NASL", "lastseen": "2018-09-01T23:56:08", "modified": "2018-08-03T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "71374", "published": "2013-12-12T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2052-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71374);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/08/03 12:21:24\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n script_bugtraq_id(63676, 63679, 64203, 64204, 64205, 64206, 64207, 64209, 64210, 64211, 64212, 64213, 64214, 64215, 64216);\n script_xref(name:\"USN\", value:\"2052-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2052-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and\nChristoph Diehl discovered multiple memory safety issues in Firefox.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit these to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5609, CVE-2013-5610)\n\nMyk Melez discovered that the doorhanger notification for web app\ninstallation could persist between page navigations. An attacker could\npotentially exploit this to conduct clickjacking attacks.\n(CVE-2013-5611)\n\nMasato Kinugawa discovered that pages with missing character set\nencoding information can inherit character encodings across\nnavigations from another domain. An attacker could potentially exploit\nthis to conduct cross-site scripting attacks. (CVE-2013-5612)\n\nDaniel Veditz discovered that a sandboxed iframe could use an object\nelement to bypass its own restrictions. (CVE-2013-5614)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in\nevent listeners. An attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5618)\n\nDan Gohman discovered that binary search algorithms in Spidermonkey\nused arithmetic prone to overflow in several places. However, this is\nissue not believed to be exploitable. (CVE-2013-5619)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when\ninserting an ordered list in to a document using script. An attacker\ncould potentially exploit this to execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2013-6671)\n\nVincent Lefevre discovered that web content could access clipboard\ndata under certain circumstances, resulting in information disclosure.\n(CVE-2013-6672)\n\nSijie Xia discovered that trust settings for built-in EV root\ncertificates were ignored under certain circumstances, removing the\nability for a user to manually untrust certificates from specific\nauthorities. (CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a\nuse-after-free in functions for synthetic mouse movement handling. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5613)\n\nEric Faust discovered that GetElementIC typed array stubs can be\ngenerated outside observed typesets. An attacker could possibly\nexploit this to cause undefined behaviour with a potential security\nimpact. (CVE-2013-5615)\n\nMichal Zalewski discovered several issues with JPEG image handling. An\nattacker could potentially exploit these to obtain sensitive\ninformation. (CVE-2013-6629, CVE-2013-6630).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|12\\.10|13\\.04|13\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 12.10 / 13.04 / 13.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.12.10.2\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.13.04.2\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.13.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "title": "Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2052-1)", "type": "nessus", "viewCount": 5}, "differentElements": ["references", "modified", "sourceData"], "edition": 5, "lastseen": "2018-09-01T23:56:08"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "13a218f8b665a76c75f1fed6bc3b2c62"}, {"key": "cvelist", "hash": "a743abd2f9354dfa006a7508e7150f02"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "05570f922f3bc4c224032d9fc7083e77"}, {"key": "href", "hash": "e48a8cbfc5e4bfbb92beef076fadf274"}, {"key": "modified", "hash": "0b7bc3d628637c0ff555114c533a3dda"}, {"key": "naslFamily", "hash": "c9b7d00377a789a14c9bb9dab6c7168c"}, {"key": "pluginID", "hash": "c1dc18e5b7e112f267a79770186e3a83"}, {"key": "published", "hash": "adca641a2002a70062aec2976840aa1e"}, {"key": "references", "hash": "fab9f035d326a6edb6defc73c2bceff8"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "03c8abffc02ca63eb0891dc254fcbc44"}, {"key": "title", "hash": "bd003005c77cb38cb62bf7993fa48ccb"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "870050cceab5c5f4c80338b9825b7293fa8efc95992f8b0e9c37310de9bc57a8", "viewCount": 5, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310804040", "OPENVAS:1361412562310804039", "OPENVAS:1361412562310804045", "OPENVAS:1361412562310804046", "OPENVAS:1361412562310841653", "OPENVAS:841653", "OPENVAS:841651", "OPENVAS:1361412562310850559", "OPENVAS:850559", "OPENVAS:1361412562310841651"]}, {"type": "suse", "idList": ["SUSE-SU-2013:1919-1", "OPENSUSE-SU-2013:1871-1"]}, {"type": "nessus", "idList": ["SUSE_11_FIREFOX24-201312-131216.NASL", "SEAMONKEY_223.NASL", "SUSE_11_FIREFOX24-201312-131215.NASL", "UBUNTU_USN-2053-1.NASL", "FEDORA_2013-23519.NASL", "OPENSUSE-2013-994.NASL", "OPENSUSE-2014-2.NASL", "FREEBSD_PKG_DD116B1964B311E3868F0025905A4771.NASL", "FEDORA_2013-23127.NASL", "OPENSUSE-2013-995.NASL"]}, {"type": "ubuntu", "idList": ["USN-2053-1", "USN-2052-1", "USN-2060-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13460"]}, {"type": "freebsd", "idList": ["DD116B19-64B3-11E3-868F-0025905A4771"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-1812", "ELSA-2013-1823"]}, {"type": "centos", "idList": ["CESA-2013:1812", "CESA-2013:1823"]}, {"type": "redhat", "idList": ["RHSA-2013:1812", "RHSA-2013:1823"]}, {"type": "cve", "idList": ["CVE-2013-6630", "CVE-2013-5616", "CVE-2013-5615", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5610", "CVE-2013-5614", "CVE-2013-5611", "CVE-2013-5619", "CVE-2013-5618"]}, {"type": "f5", "idList": ["F5:K59503294", "F5:K62655427", "SOL62655427", "SOL59503294"]}, {"type": "symantec", "idList": ["SMNTC-63676"]}, {"type": "amazon", "idList": ["ALAS-2013-267"]}, {"type": "mozilla", "idList": ["MFSA2013-116", "MFSA2013-104"]}], "modified": "2019-01-16T20:17:42"}, "vulnersScore": 6.8}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2052-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71374);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n script_bugtraq_id(63676, 63679, 64203, 64204, 64205, 64206, 64207, 64209, 64210, 64211, 64212, 64213, 64214, 64215, 64216);\n script_xref(name:\"USN\", value:\"2052-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2052-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and\nChristoph Diehl discovered multiple memory safety issues in Firefox.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit these to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5609, CVE-2013-5610)\n\nMyk Melez discovered that the doorhanger notification for web app\ninstallation could persist between page navigations. An attacker could\npotentially exploit this to conduct clickjacking attacks.\n(CVE-2013-5611)\n\nMasato Kinugawa discovered that pages with missing character set\nencoding information can inherit character encodings across\nnavigations from another domain. An attacker could potentially exploit\nthis to conduct cross-site scripting attacks. (CVE-2013-5612)\n\nDaniel Veditz discovered that a sandboxed iframe could use an object\nelement to bypass its own restrictions. (CVE-2013-5614)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in\nevent listeners. An attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5618)\n\nDan Gohman discovered that binary search algorithms in Spidermonkey\nused arithmetic prone to overflow in several places. However, this is\nissue not believed to be exploitable. (CVE-2013-5619)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when\ninserting an ordered list in to a document using script. An attacker\ncould potentially exploit this to execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2013-6671)\n\nVincent Lefevre discovered that web content could access clipboard\ndata under certain circumstances, resulting in information disclosure.\n(CVE-2013-6672)\n\nSijie Xia discovered that trust settings for built-in EV root\ncertificates were ignored under certain circumstances, removing the\nability for a user to manually untrust certificates from specific\nauthorities. (CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a\nuse-after-free in functions for synthetic mouse movement handling. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5613)\n\nEric Faust discovered that GetElementIC typed array stubs can be\ngenerated outside observed typesets. An attacker could possibly\nexploit this to cause undefined behaviour with a potential security\nimpact. (CVE-2013-5615)\n\nMichal Zalewski discovered several issues with JPEG image handling. An\nattacker could potentially exploit these to obtain sensitive\ninformation. (CVE-2013-6629, CVE-2013-6630).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2052-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|12\\.10|13\\.04|13\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 12.10 / 13.04 / 13.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.12.10.2\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.13.04.2\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.13.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "naslFamily": "Ubuntu Local Security Checks", "pluginID": "71374", "cpe": ["cpe:/o:canonical:ubuntu_linux:13.10", "p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"]}

{"suse": [{"lastseen": "2016-09-04T12:08:02", "bulletinFamily": "unix", "description": "MozillaFirefox has been updated to the 24.2.0 ESR security\n release.\n\n This is a major upgrade from the 17 ESR release branch.\n\n Security issues fixed:\n\n * CVE-2013-5611 Application Installation doorhanger\n persists on navigation (MFSA 2013-105)\n * CVE-2013-5609 Miscellaneous memory safety hazards\n (rv:24.2) (MFSA 2013-104)\n * CVE-2013-5610 Miscellaneous memory safety hazards\n (rv:26.0) (MFSA 2013-104)\n * CVE-2013-5612 Character encoding cross-origin XSS\n attack (MFSA 2013-106)\n * CVE-2013-5614 Sandbox restrictions not applied to\n nested object elements (MFSA 2013-107)\n * CVE-2013-5616 Use-after-free in event listeners (MFSA\n 2013-108)\n * CVE-2013-5619 Potential overflow in JavaScript binary\n search algorithms (MFSA 2013-110)\n * CVE-2013-6671 Segmentation violation when replacing\n ordered list elements (MFSA 2013-111)\n * CVE-2013-6673 Trust settings for built-in roots\n ignored during EV certificate validation (MFSA 2013-113)\n * CVE-2013-5613 Use-after-free in synthetic mouse\n movement (MFSA 2013-114)\n * CVE-2013-5615 GetElementIC typed array stubs can be\n generated outside observed typesets (MFSA 2013-115)\n * CVE-2013-6672 Linux clipboard information disclosure\n though selection paste (MFSA 2013-112)\n * CVE-2013-5618 Use-after-free during Table Editing\n (MFSA 2013-109)\n", "modified": "2013-12-19T18:04:13", "published": "2013-12-19T18:04:13", "id": "SUSE-SU-2013:1919-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html", "title": "Security update for Mozilla Firefox (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:32:46", "bulletinFamily": "unix", "description": "This patch contains\n * mozilla-nss 3.15.3.1 which includes a certstore update\n (1.95) to explicitely revoke AC DG Tresor SSL\n intermediate CA which was misused.\n * Firefox 24.2esr\n * Thunderbird 24.2\n * Seamonkey 2.23\n\n These updates fix several security issues:\n\n * CVE-2013-5611 Mozilla: Application Installation\n doorhanger persists on navigation (MFSA 2013-105)\n * CVE-2013-5609 Mozilla: Miscellaneous memory safety\n hazards (rv:24.2) (MFSA 2013-104)\n * CVE-2013-5610 Mozilla: Miscellaneous memory safety\n hazards (rv:26.0) (MFSA 2013-104)\n * CVE-2013-5612 Mozilla: Character encoding cross-origin\n XSS attack (MFSA 2013-106)\n * CVE-2013-5614 Mozilla: Sandbox restrictions not applied\n to nested object elements (MFSA 2013-107)\n * CVE-2013-5616 Mozilla: Use-after-free in event listeners\n (MFSA 2013-108)\n * CVE-2013-5619 Mozilla: Potential overflow in JavaScript\n binary search algorithms (MFSA 2013-110)\n * CVE-2013-6671 Mozilla: Segmentation violation when\n replacing ordered list elements (MFSA 2013-111)\n * CVE-2013-6673 Mozilla: Trust settings for built-in roots\n ignored during EV certificate validation (MFSA 2013-113)\n * CVE-2013-5613 Mozilla: Use-after-free in synthetic mouse\n movement (MFSA 2013-114)\n * CVE-2013-5615 Mozilla: GetElementIC typed array stubs can\n be generated outside observed typesets (MFSA 2013-115)\n * CVE-2013-6672 Mozilla: Linux clipboard information\n disclosure though selection paste (MFSA 2013-112)\n * CVE-2013-5618 Mozilla: Use-after-free during Table\n Editing (MFSA 2013-109)\n\n", "modified": "2013-12-13T15:04:36", "published": "2013-12-13T15:04:36", "id": "OPENSUSE-SU-2013:1871-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00004.html", "type": "suse", "title": "Mozilla updates 2013/12 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-10-22T16:41:52", "bulletinFamily": "scanner", "description": "This host is installed with Mozilla Firefox and is prone to multiple\nvulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2013-12-23T00:00:00", "id": "OPENVAS:1361412562310804040", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804040", "title": "Mozilla Firefox Multiple Vulnerabilities-01 Dec13 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_mult_vuln01_dec13_macosx.nasl 33846 2013-12-23 16:51:47Z dec$\n#\n# Mozilla Firefox Multiple Vulnerabilities-01 Dec13 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804040\");\n script_version(\"$Revision: 11865 $\");\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\",\n \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\",\n \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6671\", \"CVE-2013-6672\",\n \"CVE-2013-6673\");\n script_bugtraq_id(64204, 64206, 64214, 64205, 64203, 64207, 64216, 64209, 64211, 64215, 64212, 64210, 64213);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:03:43 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-23 16:51:47 +0530 (Mon, 23 Dec 2013)\");\n script_name(\"Mozilla Firefox Multiple Vulnerabilities-01 Dec13 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 26.0 or later.\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities, refer the reference section.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 26.0 on Mac OS X\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct cross-site scripting\nattacks, bypass certain security restrictions, disclose potentially sensitive\ninformation, and compromise a user's system.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/56002\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-104.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/firefox/all.html\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"26.0\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:41:47", "bulletinFamily": "scanner", "description": "This host is installed with Mozilla Firefox and is prone to multiple\nvulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2013-12-24T00:00:00", "id": "OPENVAS:1361412562310804039", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804039", "title": "Mozilla Firefox Multiple Vulnerabilities-01 Dec13 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_mult_vuln01_dec13_win.nasl 33846 2013-12-24 12:51:53Z dec$\n#\n# Mozilla Firefox Multiple Vulnerabilities-01 Dec13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804039\");\n script_version(\"$Revision: 11865 $\");\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\",\n \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\",\n \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6671\", \"CVE-2013-6672\",\n \"CVE-2013-6673\");\n script_bugtraq_id(64204, 64206, 64214, 64205, 64203, 64207, 64216, 64209, 64211, 64215, 64212, 64210, 64213);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:03:43 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-24 12:51:53 +0530 (Tue, 24 Dec 2013)\");\n script_name(\"Mozilla Firefox Multiple Vulnerabilities-01 Dec13 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 26.0 or later.\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities, refer the reference section.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 26.0 on Windows\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct cross-site scripting\nattacks, bypass certain security restrictions, disclose potentially sensitive\ninformation, and compromise a user's system.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/56002\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-104.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/firefox/all.html\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"26.0\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:41:35", "bulletinFamily": "scanner", "description": "This host is installed with SeaMonkey and is prone to multiple\nvulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2013-12-23T00:00:00", "id": "OPENVAS:1361412562310804046", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804046", "title": "SeaMonkey Multiple Vulnerabilities-01 Dec13 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sea_monkey_mult_vuln01_dec13_macosx.nasl 33846 2013-12-23 18:38:58Z dec$\n#\n# SeaMonkey Multiple Vulnerabilities-01 Dec13 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:seamonkey\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804046\");\n script_version(\"$Revision: 11865 $\");\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5612\", \"CVE-2013-5613\",\n \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\",\n \"CVE-2013-5619\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n script_bugtraq_id(64204, 64206, 64205, 64203, 64207, 64216,\n 64209, 64211, 64215, 64212, 64210, 64213);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:03:43 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-23 18:38:58 +0530 (Mon, 23 Dec 2013)\");\n script_name(\"SeaMonkey Multiple Vulnerabilities-01 Dec13 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with SeaMonkey and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to SeaMonkey version 2.23 or later.\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities, refer the reference section.\");\n script_tag(name:\"affected\", value:\"SeaMonkey version before 2.23 on Mac OS X\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct cross-site scripting\nattacks, bypass certain security restrictions, disclose potentially sensitive\ninformation, and compromise a user's system.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/56002\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-104.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"SeaMonkey/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/seamonkey\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!smVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:smVer, test_version:\"2.23\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:41:28", "bulletinFamily": "scanner", "description": "This host is installed with SeaMonkey and is prone to multiple\nvulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2013-12-23T00:00:00", "id": "OPENVAS:1361412562310804045", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804045", "title": "SeaMonkey Multiple Vulnerabilities-01 Dec13 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sea_monkey_mult_vuln01_dec13_win.nasl 33846 2013-12-23 18:34:28Z dec$\n#\n# SeaMonkey Multiple Vulnerabilities-01 Dec13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:seamonkey\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804045\");\n script_version(\"$Revision: 11865 $\");\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5612\", \"CVE-2013-5613\",\n \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\",\n \"CVE-2013-5619\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n script_bugtraq_id(64204, 64206, 64205, 64203, 64207, 64216,\n 64209, 64211, 64215, 64212, 64210, 64213);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:03:43 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-23 18:34:28 +0530 (Mon, 23 Dec 2013)\");\n script_name(\"SeaMonkey Multiple Vulnerabilities-01 Dec13 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with SeaMonkey and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to SeaMonkey version 2.23 or later.\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities, refer the reference section.\");\n script_tag(name:\"affected\", value:\"SeaMonkey version before 2.23 on Windows\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct cross-site scripting\nattacks, bypass certain security restrictions, disclose potentially sensitive\ninformation, and compromise a user's system.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/56002\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-104.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_seamonkey_detect_win.nasl\");\n script_mandatory_keys(\"Seamonkey/Win/Ver\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/seamonkey\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!smVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:smVer, test_version:\"2.23\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-22T13:10:27", "bulletinFamily": "scanner", "description": "Check for the Version of thunderbird", "modified": "2018-01-22T00:00:00", "published": "2013-12-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841653", "id": "OPENVAS:841653", "title": "Ubuntu Update for thunderbird USN-2053-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2053_1.nasl 8483 2018-01-22 06:58:04Z teissa $\n#\n# Ubuntu Update for thunderbird USN-2053-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841653);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 12:07:42 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-6671\",\n \"CVE-2013-6673\", \"CVE-2013-5613\", \"CVE-2013-5615\", \"CVE-2013-6629\",\n \"CVE-2013-6630\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for thunderbird USN-2053-1\");\n\n tag_insight = \"Ben Turner, Bobby Holley, Jesse Ruderman and Christian Holler\ndiscovered multiple memory safety issues in Thunderbird. If a user were\ntricked in to opening a specially crafted message with scripting enabled, an\nattacker could potentially exploit these to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Thunderbird. (CVE-2013-5609)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in\nevent listeners. If a user had enabled scripting, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nThunderbird. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An\nattacker could potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Thunderbird. (CVE-2013-5618)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when inserting\nan ordered list in to a document using script. If a user had enabled\nscripting, an attacker could potentially exploit this to execute\narbitrary code with the privileges of the user invoking Thunderbird.\n(CVE-2013-6671)\n\nSijie Xia discovered that trust settings for built-in EV root certificates\nwere ignored under certain circumstances, removing the ability for a user\nto manually untrust certificates from specific authorities.\n(CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a\nuse-after-free in functions for synthetic mouse movement handling. If a\nuser had enabled scripting, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute arbitrary\ncode with the privileges of the user invoking Thunderbird. (CVE-2013-5613)\n\nEric Faust discovered that GetElementIC typed array stubs can be generated\noutside observed typesets. If a user had enabled scripting, an attacker\ncould possibly exploit this to cause undefined behaviour with a potential\nsecurity impact. (CVE-2013-5615)\n\nMichal Zalewski discovered several issues with JPEG image handling. An\nattacker could potentially exploit these to obtain sensitive information.\n(CVE-2013-6629, CVE-2013-6630)\";\n\n tag_affected = \"thunderbird on Ubuntu 13.10 ,\n Ubuntu 13.04 ,\n Ubuntu 12.10 ,\n Ubuntu 12.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2053-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2053-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:24.2.0+build1-0ubuntu0.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:24.2.0+build1-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:24.2.0+build1-0ubuntu0.13.10.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:24.2.0+build1-0ubuntu0.13.04.1\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:04:40", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:1361412562310841653", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841653", "title": "Ubuntu Update for thunderbird USN-2053-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2053_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# Ubuntu Update for thunderbird USN-2053-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841653\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 12:07:42 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-6671\",\n \"CVE-2013-6673\", \"CVE-2013-5613\", \"CVE-2013-5615\", \"CVE-2013-6629\",\n \"CVE-2013-6630\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for thunderbird USN-2053-1\");\n\n\n script_tag(name:\"affected\", value:\"thunderbird on Ubuntu 13.10,\n Ubuntu 13.04,\n Ubuntu 12.10,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"Ben Turner, Bobby Holley, Jesse Ruderman and Christian Holler\ndiscovered multiple memory safety issues in Thunderbird. If a user were\ntricked in to opening a specially crafted message with scripting enabled, an\nattacker could potentially exploit these to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Thunderbird. (CVE-2013-5609)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in\nevent listeners. If a user had enabled scripting, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nThunderbird. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An\nattacker could potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Thunderbird. (CVE-2013-5618)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when inserting\nan ordered list in to a document using script. If a user had enabled\nscripting, an attacker could potentially exploit this to execute\narbitrary code with the privileges of the user invoking Thunderbird.\n(CVE-2013-6671)\n\nSijie Xia discovered that trust settings for built-in EV root certificates\nwere ignored under certain circumstances, removing the ability for a user\nto manually untrust certificates from specific authorities.\n(CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a\nuse-after-free in functions for synthetic mouse movement handling. If a\nuser had enabled scripting, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute arbitrary\ncode with the privileges of the user invoking Thunderbird. (CVE-2013-5613)\n\nEric Faust discovered that GetElementIC typed array stubs can be generated\noutside observed typesets. If a user had enabled scripting, an attacker\ncould possibly exploit this to cause undefined behaviour with a potential\nsecurity impact. (CVE-2013-5615)\n\nMichal Zalewski discovered several issues with JPEG image handling. An\nattacker could potentially exploit these to obtain sensitive information.\n(CVE-2013-6629, CVE-2013-6630)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2053-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2053-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.10|12\\.04 LTS|13\\.10|13\\.04)\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:24.2.0+build1-0ubuntu0.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:24.2.0+build1-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:24.2.0+build1-0ubuntu0.13.10.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:24.2.0+build1-0ubuntu0.13.04.1\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:15:00", "bulletinFamily": "scanner", "description": "Check for the Version of Mozilla", "modified": "2017-12-08T00:00:00", "published": "2013-12-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=850559", "id": "OPENVAS:850559", "title": "SuSE Update for Mozilla openSUSE-SU-2013:1871-1 (Mozilla)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2013_1871_1.nasl 8045 2017-12-08 08:39:37Z santu $\n#\n# SuSE Update for Mozilla openSUSE-SU-2013:1871-1 (Mozilla)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(850559);\n script_version(\"$Revision: 8045 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:39:37 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 12:03:27 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5613\", \"CVE-2013-5615\",\n \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-6629\", \"CVE-2013-6630\",\n \"CVE-2013-6671\", \"CVE-2013-6673\", \"CVE-2013-5611\", \"CVE-2013-5612\",\n \"CVE-2013-5614\", \"CVE-2013-5619\", \"CVE-2013-6672\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Update for Mozilla openSUSE-SU-2013:1871-1 (Mozilla)\");\n\n tag_insight = \"\n This patch contains\n * mozilla-nss 3.15.3.1 which includes a certstore update\n (1.95) to explicitely revoke AC DG Tresor SSL\n intermediate CA which was misused.\n * Firefox 24.2esr\n * Thunderbird 24.2\n * Seamonkey 2.23\n\n These updates fix several security issues:\n\n * CVE-2013-5611 Mozilla: Application Installation\n doorhanger persists on navigation (MFSA 2013-105)\n * CVE-2013-5609 Mozilla: Miscellaneous memory safety\n hazards (rv:24.2) (MFSA 2013-104)\n * CVE-2013-5610 Mozilla: Miscellaneous memory safety\n hazards (rv:26.0) (MFSA 2013-104)\n * CVE-2013-5612 Mozilla: Character encoding cross-origin\n XSS attack (MFSA 2013-106)\n * CVE-2013-5614 Mozilla: Sandbox restrictions not applied\n to nested object elements (MFSA 2013-107)\n * CVE-2013-5616 Mozilla: Use-after-free in event listeners\n (MFSA 2013-108)\n * CVE-2013-5619 Mozilla: Potential overflow in JavaScript\n binary search algorithms (MFSA 2013-110)\n * CVE-2013-6671 Mozilla: Segmentation violation when\n replacing ordered list elements (MFSA 2013-111)\n * CVE-2013-6673 Mozilla: Trust settings for built-in roots\n ignored during EV certificate validation (MFSA 2013-113)\n * CVE-2013-5613 Mozilla: Use-after-free in synthetic mouse\n movement (MFSA 2013-114)\n * CVE-2013-5615 Mozilla: GetElementIC typed array stubs can\n be generated outside observed typesets (MFSA 2013-115)\n * CVE-2013-6672 Mozilla: Linux clipboard information\n disclosure though selection paste (MFSA 2013-112)\n * CVE-2013-5618 Mozilla: Use-after-free during Table\n Editing (MFSA 2013-109)\";\n\n tag_affected = \"Mozilla on openSUSE 11.4\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"openSUSE-SU\", value: \"2013:1871_1\");\n script_summary(\"Check for the Version of Mozilla\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~24.2.0~95.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~24.2.0~95.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~24.2.0~95.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~24.2.0~95.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~24.2.0~95.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~24.2.0~95.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~24.2.0~95.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~24.2.0~95.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~24.2.0~81.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-buildsymbols\", rpm:\"MozillaThunderbird-buildsymbols~24.2.0~81.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-debuginfo\", rpm:\"MozillaThunderbird-debuginfo~24.2.0~81.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-debugsource\", rpm:\"MozillaThunderbird-debugsource~24.2.0~81.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~24.2.0~81.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~24.2.0~81.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~24.2.0~81.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"enigmail\", rpm:\"enigmail~1.6.0+24.2.0~81.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-debuginfo\", rpm:\"libfreebl3-debuginfo~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3\", rpm:\"libsoftokn3~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-debuginfo\", rpm:\"libsoftokn3-debuginfo~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs\", rpm:\"mozilla-nss-certs~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo\", rpm:\"mozilla-nss-certs-debuginfo~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debuginfo\", rpm:\"mozilla-nss-debuginfo~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debugsource\", rpm:\"mozilla-nss-debugsource~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-devel\", rpm:\"mozilla-nss-devel~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit\", rpm:\"mozilla-nss-sysinit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo\", rpm:\"mozilla-nss-sysinit-debuginfo~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-tools-debuginfo\", rpm:\"mozilla-nss-tools-debuginfo~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~2.23~85.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~2.23~85.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debugsource\", rpm:\"seamonkey-debugsource~2.23~85.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~2.23~85.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-irc\", rpm:\"seamonkey-irc~2.23~85.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-translations-common\", rpm:\"seamonkey-translations-common~2.23~85.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-translations-other\", rpm:\"seamonkey-translations-other~2.23~85.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-venkman\", rpm:\"seamonkey-venkman~2.23~85.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-debuginfo-32bit\", rpm:\"libfreebl3-debuginfo-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-32bit\", rpm:\"libsoftokn3-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-32bit\", rpm:\"libsoftokn3-debuginfo-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-32bit\", rpm:\"mozilla-nss-certs-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-32bit\", rpm:\"mozilla-nss-certs-debuginfo-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-32bit\", rpm:\"mozilla-nss-debuginfo-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-32bit\", rpm:\"mozilla-nss-sysinit-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-32bit\", rpm:\"mozilla-nss-sysinit-debuginfo-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-debuginfo-x86\", rpm:\"libfreebl3-debuginfo-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-x86\", rpm:\"libfreebl3-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-x86\", rpm:\"libsoftokn3-debuginfo-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-x86\", rpm:\"libsoftokn3-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-x86\", rpm:\"mozilla-nss-certs-debuginfo-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-x86\", rpm:\"mozilla-nss-certs-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-x86\", rpm:\"mozilla-nss-debuginfo-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-x86\", rpm:\"mozilla-nss-sysinit-debuginfo-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-x86\", rpm:\"mozilla-nss-sysinit-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-x86\", rpm:\"mozilla-nss-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:04:34", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:1361412562310841651", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841651", "title": "Ubuntu Update for firefox USN-2052-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2052_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# Ubuntu Update for firefox USN-2052-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841651\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 12:05:51 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\",\n \"CVE-2013-5614\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\",\n \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\", \"CVE-2013-5613\",\n \"CVE-2013-5615\", \"CVE-2013-6629\", \"CVE-2013-6630\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for firefox USN-2052-1\");\n\n\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 13.10,\n Ubuntu 13.04,\n Ubuntu 12.10,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler\nand Christoph Diehl discovered multiple memory safety issues in Firefox. If\na user were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2013-5609, CVE-2013-5610)\n\nMyk Melez discovered that the doorhanger notification for web app\ninstallation could persist between page navigations. An attacker could\npotentially exploit this to conduct clickjacking attacks. (CVE-2013-5611)\n\nMasato Kinugawa discovered that pages with missing character set encoding\ninformation can inherit character encodings across navigations from\nanother domain. An attacker could potentially exploit this to conduct\ncross-site scripting attacks. (CVE-2013-5612)\n\nDaniel Veditz discovered that a sandboxed iframe could use an object\nelement to bypass its own restrictions. (CVE-2013-5614)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in\nevent listeners. An attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An\nattacker could potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2013-5618)\n\nDan Gohman discovered that binary search algorithms in Spidermonkey\nused arithmetic prone to overflow in several places. However, this\nis issue not believed to be exploitable. (CVE-2013-5619)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when inserting\nan ordered list in to a document using script. An attacker could\npotentially exploit this to execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-6671)\n\nVincent Lefevre discovered that web content could access clipboard data\nunder certain circumstances, resulting in information disclosure.\n(CVE-2013-6672)\n\nSijie Xia discovered that trust settings for built-in EV root certificates\nwere ignored under certain circumstances, removing the ability for a user\nto manually untrust certificates from specific authorities.\n(CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a\nuse-after-free in functions for synthetic mouse movement handling. An\nattacker could potentially exploit this to cause a denial of service via\napplication crash, ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2052-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2052-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.10|12\\.04 LTS|13\\.10|13\\.04)\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"26.0+build2-0ubuntu0.12.10.2\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"26.0+build2-0ubuntu0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"26.0+build2-0ubuntu0.13.10.2\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"26.0+build2-0ubuntu0.13.04.2\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:04:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:1361412562310850559", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850559", "title": "SuSE Update for Mozilla openSUSE-SU-2013:1871-1 (Mozilla)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2013_1871_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for Mozilla openSUSE-SU-2013:1871-1 (Mozilla)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850559\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 12:03:27 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5613\", \"CVE-2013-5615\",\n \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-6629\", \"CVE-2013-6630\",\n \"CVE-2013-6671\", \"CVE-2013-6673\", \"CVE-2013-5611\", \"CVE-2013-5612\",\n \"CVE-2013-5614\", \"CVE-2013-5619\", \"CVE-2013-6672\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Update for Mozilla openSUSE-SU-2013:1871-1 (Mozilla)\");\n script_tag(name:\"affected\", value:\"Mozilla on openSUSE 11.4\");\n script_tag(name:\"insight\", value:\"This patch contains\n\n * mozilla-nss 3.15.3.1 which includes a certstore update\n (1.95) to explicitly revoke AC DG Tresor SSL\n intermediate CA which was misused.\n\n * Firefox 24.2esr\n\n * Thunderbird 24.2\n\n * Seamonkey 2.23\n\n These updates fix several security issues:\n\n * CVE-2013-5611 Mozilla: Application Installation\n doorhanger persists on navigation (MFSA 2013-105)\n\n * CVE-2013-5609 Mozilla: Miscellaneous memory safety\n hazards (rv:24.2) (MFSA 2013-104)\n\n * CVE-2013-5610 Mozilla: Miscellaneous memory safety\n hazards (rv:26.0) (MFSA 2013-104)\n\n * CVE-2013-5612 Mozilla: Character encoding cross-origin\n XSS attack (MFSA 2013-106)\n\n * CVE-2013-5614 Mozilla: Sandbox restrictions not applied\n to nested object elements (MFSA 2013-107)\n\n * CVE-2013-5616 Mozilla: Use-after-free in event listeners\n (MFSA 2013-108)\n\n * CVE-2013-5619 Mozilla: Potential overflow in JavaScript\n binary search algorithms (MFSA 2013-110)\n\n * CVE-2013-6671 Mozilla: Segmentation violation when\n replacing ordered list elements (MFSA 2013-111)\n\n * CVE-2013-6673 Mozilla: Trust settings for built-in roots\n ignored during EV certificate validation (MFSA 2013-113)\n\n * CVE-2013-5613 Mozilla: Use-after-free in synthetic mouse\n movement (MFSA 2013-114)\n\n * CVE-2013-5615 Mozilla: GetElementIC typed array stubs can\n be generated outside observed typesets (MFSA 2013-115)\n\n * CVE-2013-6672 Mozilla: Linux clipboard information\n disclosure though selection paste (MFSA 2013-112)\n\n * CVE-2013-5618 Mozilla: Use-after-free during Table\n Editing (MFSA 2013-109)\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2013:1871_1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Mozilla'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE11\\.4\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~24.2.0~95.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~24.2.0~95.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~24.2.0~95.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~24.2.0~95.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~24.2.0~95.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~24.2.0~95.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~24.2.0~95.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~24.2.0~95.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~24.2.0~81.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-buildsymbols\", rpm:\"MozillaThunderbird-buildsymbols~24.2.0~81.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-debuginfo\", rpm:\"MozillaThunderbird-debuginfo~24.2.0~81.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-debugsource\", rpm:\"MozillaThunderbird-debugsource~24.2.0~81.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~24.2.0~81.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~24.2.0~81.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~24.2.0~81.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"enigmail\", rpm:\"enigmail~1.6.0+24.2.0~81.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-debuginfo\", rpm:\"libfreebl3-debuginfo~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3\", rpm:\"libsoftokn3~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-debuginfo\", rpm:\"libsoftokn3-debuginfo~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs\", rpm:\"mozilla-nss-certs~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo\", rpm:\"mozilla-nss-certs-debuginfo~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debuginfo\", rpm:\"mozilla-nss-debuginfo~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debugsource\", rpm:\"mozilla-nss-debugsource~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-devel\", rpm:\"mozilla-nss-devel~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit\", rpm:\"mozilla-nss-sysinit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo\", rpm:\"mozilla-nss-sysinit-debuginfo~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-tools-debuginfo\", rpm:\"mozilla-nss-tools-debuginfo~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~2.23~85.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~2.23~85.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debugsource\", rpm:\"seamonkey-debugsource~2.23~85.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~2.23~85.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-irc\", rpm:\"seamonkey-irc~2.23~85.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-translations-common\", rpm:\"seamonkey-translations-common~2.23~85.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-translations-other\", rpm:\"seamonkey-translations-other~2.23~85.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-venkman\", rpm:\"seamonkey-venkman~2.23~85.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-debuginfo-32bit\", rpm:\"libfreebl3-debuginfo-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-32bit\", rpm:\"libsoftokn3-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-32bit\", rpm:\"libsoftokn3-debuginfo-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-32bit\", rpm:\"mozilla-nss-certs-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-32bit\", rpm:\"mozilla-nss-certs-debuginfo-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-32bit\", rpm:\"mozilla-nss-debuginfo-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-32bit\", rpm:\"mozilla-nss-sysinit-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-32bit\", rpm:\"mozilla-nss-sysinit-debuginfo-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-debuginfo-x86\", rpm:\"libfreebl3-debuginfo-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-x86\", rpm:\"libfreebl3-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-x86\", rpm:\"libsoftokn3-debuginfo-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-x86\", rpm:\"libsoftokn3-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-x86\", rpm:\"mozilla-nss-certs-debuginfo-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-x86\", rpm:\"mozilla-nss-certs-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-x86\", rpm:\"mozilla-nss-debuginfo-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-x86\", rpm:\"mozilla-nss-sysinit-debuginfo-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-x86\", rpm:\"mozilla-nss-sysinit-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-x86\", rpm:\"mozilla-nss-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-24T11:10:03", "bulletinFamily": "scanner", "description": "Check for the Version of firefox", "modified": "2018-01-24T00:00:00", "published": "2013-12-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841651", "id": "OPENVAS:841651", "title": "Ubuntu Update for firefox USN-2052-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2052_1.nasl 8509 2018-01-24 06:57:46Z teissa $\n#\n# Ubuntu Update for firefox USN-2052-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841651);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 12:05:51 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\",\n \"CVE-2013-5614\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\",\n \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\", \"CVE-2013-5613\",\n \"CVE-2013-5615\", \"CVE-2013-6629\", \"CVE-2013-6630\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for firefox USN-2052-1\");\n\n tag_insight = \"Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler\nand Christoph Diehl discovered multiple memory safety issues in Firefox. If\na user were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2013-5609, CVE-2013-5610)\n\nMyk Melez discovered that the doorhanger notification for web app\ninstallation could persist between page navigations. An attacker could\npotentially exploit this to conduct clickjacking attacks. (CVE-2013-5611)\n\nMasato Kinugawa discovered that pages with missing character set encoding\ninformation can inherit character encodings across navigations from\nanother domain. An attacker could potentially exploit this to conduct\ncross-site scripting attacks. (CVE-2013-5612)\n\nDaniel Veditz discovered that a sandboxed iframe could use an object\nelement to bypass its own restrictions. (CVE-2013-5614)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in\nevent listeners. An attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An\nattacker could potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2013-5618)\n\nDan Gohman discovered that binary search algorithms in Spidermonkey\nused arithmetic prone to overflow in several places. However, this\nis issue not believed to be exploitable. (CVE-2013-5619)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when inserting\nan ordered list in to a document using script. An attacker could\npotentially exploit this to execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-6671)\n\nVincent Lefevre discovered that web content could access clipboard data\nunder certain circumstances, resulting in information disclosure.\n(CVE-2013-6672)\n\nSijie Xia discovered that trust settings for built-in EV root certificates\nwere ignored under certain circumstances, removing the ability for a user\nto manually untrust certificates from specific authorities.\n(CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a\nuse-after-free in functions for synthetic mouse movement handling. An\nattacker could potentially exploit this to cause a denial of service via\napplication crash, ...\n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"firefox on Ubuntu 13.10 ,\n Ubuntu 13.04 ,\n Ubuntu 12.10 ,\n Ubuntu 12.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2052-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2052-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"26.0+build2-0ubuntu0.12.10.2\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"26.0+build2-0ubuntu0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"26.0+build2-0ubuntu0.13.10.2\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"26.0+build2-0ubuntu0.13.04.2\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:17:45", "bulletinFamily": "scanner", "description": "Mozilla Firefox has been updated to the 24.2.0 ESR security release.\n\nThis is a major upgrade from the 17 ESR release branch.\n\nSecurity issues fixed :\n\n - Application Installation doorhanger persists on\n navigation. (MFSA 2013-105). (CVE-2013-5611)\n\n - Miscellaneous memory safety hazards (rv:24.2). (MFSA\n 2013-104). (CVE-2013-5609)\n\n - Miscellaneous memory safety hazards (rv:26.0). (MFSA\n 2013-104). (CVE-2013-5610)\n\n - Character encoding cross-origin XSS attack. (MFSA\n 2013-106). (CVE-2013-5612)\n\n - Sandbox restrictions not applied to nested object\n elements. (MFSA 2013-107). (CVE-2013-5614)\n\n - Use-after-free in event listeners. (MFSA 2013-108).\n (CVE-2013-5616)\n\n - Potential overflow in JavaScript binary search\n algorithms. (MFSA 2013-110). (CVE-2013-5619)\n\n - Segmentation violation when replacing ordered list\n elements. (MFSA 2013-111). (CVE-2013-6671)\n\n - Trust settings for built-in roots ignored during EV\n certificate validation. (MFSA 2013-113). (CVE-2013-6673)\n\n - Use-after-free in synthetic mouse movement. (MFSA\n 2013-114). (CVE-2013-5613)\n\n - GetElementIC typed array stubs can be generated outside\n observed typesets. (MFSA 2013-115). (CVE-2013-5615)\n\n - Linux clipboard information disclosure though selection\n paste. (MFSA 2013-112). (CVE-2013-6672)\n\n - Use-after-free during Table Editing (MFSA 2013-109).\n (CVE-2013-5618)", "modified": "2013-12-20T00:00:00", "published": "2013-12-20T00:00:00", "id": "SUSE_11_FIREFOX24-201312-131216.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71560", "title": "SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8657)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71560);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2013/12/20 11:45:49 $\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n\n script_name(english:\"SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8657)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox has been updated to the 24.2.0 ESR security release.\n\nThis is a major upgrade from the 17 ESR release branch.\n\nSecurity issues fixed :\n\n - Application Installation doorhanger persists on\n navigation. (MFSA 2013-105). (CVE-2013-5611)\n\n - Miscellaneous memory safety hazards (rv:24.2). (MFSA\n 2013-104). (CVE-2013-5609)\n\n - Miscellaneous memory safety hazards (rv:26.0). (MFSA\n 2013-104). (CVE-2013-5610)\n\n - Character encoding cross-origin XSS attack. (MFSA\n 2013-106). (CVE-2013-5612)\n\n - Sandbox restrictions not applied to nested object\n elements. (MFSA 2013-107). (CVE-2013-5614)\n\n - Use-after-free in event listeners. (MFSA 2013-108).\n (CVE-2013-5616)\n\n - Potential overflow in JavaScript binary search\n algorithms. (MFSA 2013-110). (CVE-2013-5619)\n\n - Segmentation violation when replacing ordered list\n elements. (MFSA 2013-111). (CVE-2013-6671)\n\n - Trust settings for built-in roots ignored during EV\n certificate validation. (MFSA 2013-113). (CVE-2013-6673)\n\n - Use-after-free in synthetic mouse movement. (MFSA\n 2013-114). (CVE-2013-5613)\n\n - GetElementIC typed array stubs can be generated outside\n observed typesets. (MFSA 2013-115). (CVE-2013-5615)\n\n - Linux clipboard information disclosure though selection\n paste. (MFSA 2013-112). (CVE-2013-6672)\n\n - Use-after-free during Table Editing (MFSA 2013-109).\n (CVE-2013-5618)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-105.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-107.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-108.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-109.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-110.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-111.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-112.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-113.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-115.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5609.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5610.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5611.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5612.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5613.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5614.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5615.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5616.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5618.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5619.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6671.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6672.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6673.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 8657.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-branding-SLED\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-24.2.0esr-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-branding-SLED-24-0.7.4\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-24.2.0esr-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libfreebl3-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libsoftokn3-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nss-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nss-tools-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"MozillaFirefox-24.2.0esr-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"MozillaFirefox-branding-SLED-24-0.7.4\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"MozillaFirefox-translations-24.2.0esr-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libfreebl3-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libfreebl3-32bit-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libsoftokn3-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libsoftokn3-32bit-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"mozilla-nss-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"mozilla-nss-32bit-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"mozilla-nss-tools-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-24.2.0esr-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-branding-SLED-24-0.7.4\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-24.2.0esr-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libfreebl3-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libsoftokn3-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nss-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nss-tools-3.15.3.1-0.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:17:45", "bulletinFamily": "scanner", "description": "Mozilla Firefox has been updated to the 24.2.0 ESR security release.\n\nThis is a major upgrade from the 17 ESR release branch.\n\nSecurity issues fixed :\n\n - Application Installation doorhanger persists on\n navigation. (MFSA 2013-105). (CVE-2013-5611)\n\n - Miscellaneous memory safety hazards (rv:24.2). (MFSA\n 2013-104). (CVE-2013-5609)\n\n - Miscellaneous memory safety hazards (rv:26.0). (MFSA\n 2013-104). (CVE-2013-5610)\n\n - Character encoding cross-origin XSS attack. (MFSA\n 2013-106). (CVE-2013-5612)\n\n - Sandbox restrictions not applied to nested object\n elements. (MFSA 2013-107). (CVE-2013-5614)\n\n - Use-after-free in event listeners. (MFSA 2013-108).\n (CVE-2013-5616)\n\n - Potential overflow in JavaScript binary search\n algorithms. (MFSA 2013-110). (CVE-2013-5619)\n\n - Segmentation violation when replacing ordered list\n elements. (MFSA 2013-111). (CVE-2013-6671)\n\n - Trust settings for built-in roots ignored during EV\n certificate validation. (MFSA 2013-113). (CVE-2013-6673)\n\n - Use-after-free in synthetic mouse movement. (MFSA\n 2013-114). (CVE-2013-5613)\n\n - GetElementIC typed array stubs can be generated outside\n observed typesets. (MFSA 2013-115). (CVE-2013-5615)\n\n - Linux clipboard information disclosure though selection\n paste. (MFSA 2013-112). (CVE-2013-6672)\n\n - Use-after-free during Table Editing (MFSA 2013-109).\n (CVE-2013-5618)", "modified": "2013-12-20T00:00:00", "published": "2013-12-20T00:00:00", "id": "SUSE_11_FIREFOX24-201312-131215.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71559", "title": "SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8657)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71559);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2013/12/20 11:45:49 $\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n\n script_name(english:\"SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8657)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox has been updated to the 24.2.0 ESR security release.\n\nThis is a major upgrade from the 17 ESR release branch.\n\nSecurity issues fixed :\n\n - Application Installation doorhanger persists on\n navigation. (MFSA 2013-105). (CVE-2013-5611)\n\n - Miscellaneous memory safety hazards (rv:24.2). (MFSA\n 2013-104). (CVE-2013-5609)\n\n - Miscellaneous memory safety hazards (rv:26.0). (MFSA\n 2013-104). (CVE-2013-5610)\n\n - Character encoding cross-origin XSS attack. (MFSA\n 2013-106). (CVE-2013-5612)\n\n - Sandbox restrictions not applied to nested object\n elements. (MFSA 2013-107). (CVE-2013-5614)\n\n - Use-after-free in event listeners. (MFSA 2013-108).\n (CVE-2013-5616)\n\n - Potential overflow in JavaScript binary search\n algorithms. (MFSA 2013-110). (CVE-2013-5619)\n\n - Segmentation violation when replacing ordered list\n elements. (MFSA 2013-111). (CVE-2013-6671)\n\n - Trust settings for built-in roots ignored during EV\n certificate validation. (MFSA 2013-113). (CVE-2013-6673)\n\n - Use-after-free in synthetic mouse movement. (MFSA\n 2013-114). (CVE-2013-5613)\n\n - GetElementIC typed array stubs can be generated outside\n observed typesets. (MFSA 2013-115). (CVE-2013-5615)\n\n - Linux clipboard information disclosure though selection\n paste. (MFSA 2013-112). (CVE-2013-6672)\n\n - Use-after-free during Table Editing (MFSA 2013-109).\n (CVE-2013-5618)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-105.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-107.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-108.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-109.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-110.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-111.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-112.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-113.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-115.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5609.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5610.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5611.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5612.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5613.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5614.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5615.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5616.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5618.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5619.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6671.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6672.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6673.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 8657.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-branding-SLED\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-24.2.0esr-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-branding-SLED-24-0.7.4\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-translations-24.2.0esr-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libfreebl3-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libsoftokn3-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"mozilla-nss-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"mozilla-nss-tools-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-24.2.0esr-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-branding-SLED-24-0.7.4\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-translations-24.2.0esr-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"libfreebl3-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"libsoftokn3-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"mozilla-nss-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"mozilla-nss-tools-3.15.3.1-0.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:17:42", "bulletinFamily": "scanner", "description": "The installed version of SeaMonkey is earlier than 2.23 and is,\ntherefore, potentially affected by the following vulnerabilities :\n\n - Memory issues exist in the browser engine that could\n result in a denial of service or arbitrary code\n execution. (CVE-2013-5609, CVE-2013-5610)\n\n - Cross-site scripting filtering evasion may be possible\n due to character encodings being inherited from a\n previously visited website when character set encoding\n is missing from the current website. (CVE-2013-5612)\n\n - Two use-after-free vulnerabilities exist in the\n functions for synthetic mouse movement handling.\n (CVE-2013-5613)\n\n - Sandbox restrictions may be bypassed because 'iframe\n sandbox' restrictions are not properly applied to\n 'object' elements in sandboxed iframes. (CVE-2013-5614)\n\n - An issue exists in which 'GetElementIC' typed array\n stubs can be generated outside observed typesets. This\n could lead to unpredictable behavior with a potential\n security impact. (CVE-2013-5615)\n\n - A use-after-free vulnerability exists when\n interacting with event listeners from the mListeners\n array. This could result in a denial of service or\n arbitrary code execution. (CVE-2013-5616)\n\n - A use-after-free vulnerability exists in the table\n editing user interface of the editor during garbage\n collection. This could result in a denial of service or\n arbitrary code execution. (CVE-2013-5618)\n\n - Memory issues exist in the binary search algorithms in\n the SpiderMonkey JavaScript engine that could result in\n a denial of service or arbitrary code execution.\n (CVE-2013-5619)\n\n - Issues exist with the JPEG format image processing with\n Start Of Scan (SOS) and Define Huffman Table (DHT)\n markers in the 'libjpeg' library. This could allow\n attackers to read arbitrary memory content as well as\n cross-domain image theft. (CVE-2013-6629, CVE-2013-6630)\n\n - A memory issue exists when inserting an ordered list\n into a document through a script that could result in a\n denial of service or arbitrary code execution.\n (CVE-2013-6671)\n\n - Trust settings for built-in root certificates are\n ignored during extended validation (EV) certificate\n validation. This removes the ability of users to\n explicitly untrust root certificates from specific\n certificate authorities. (CVE-2013-6673)\n\n - An intermediate certificate that is used by a man-in-\n the-middle (MITM) traffic management device exists in\n Mozilla's root certificate authorities. Reportedly,\n this certificate has been misused.", "modified": "2018-07-27T00:00:00", "published": "2013-12-11T00:00:00", "id": "SEAMONKEY_223.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71349", "title": "SeaMonkey < 2.23 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71349);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\n \"CVE-2013-5609\",\n \"CVE-2013-5610\",\n \"CVE-2013-5612\",\n \"CVE-2013-5613\",\n \"CVE-2013-5614\",\n \"CVE-2013-5615\",\n \"CVE-2013-5616\",\n \"CVE-2013-5618\",\n \"CVE-2013-5619\",\n \"CVE-2013-6629\",\n \"CVE-2013-6630\",\n \"CVE-2013-6671\",\n \"CVE-2013-6673\"\n );\n script_bugtraq_id(\n 63676,\n 67679,\n 64203,\n 64204,\n 64205,\n 64206,\n 64207,\n 64209,\n 64211,\n 64212,\n 64213,\n 64215,\n 64216\n );\n\n script_name(english:\"SeaMonkey < 2.23 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of SeaMonkey\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Windows host contains a web browser that is potentially\naffected by multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The installed version of SeaMonkey is earlier than 2.23 and is,\ntherefore, potentially affected by the following vulnerabilities :\n\n - Memory issues exist in the browser engine that could\n result in a denial of service or arbitrary code\n execution. (CVE-2013-5609, CVE-2013-5610)\n\n - Cross-site scripting filtering evasion may be possible\n due to character encodings being inherited from a\n previously visited website when character set encoding\n is missing from the current website. (CVE-2013-5612)\n\n - Two use-after-free vulnerabilities exist in the\n functions for synthetic mouse movement handling.\n (CVE-2013-5613)\n\n - Sandbox restrictions may be bypassed because 'iframe\n sandbox' restrictions are not properly applied to\n 'object' elements in sandboxed iframes. (CVE-2013-5614)\n\n - An issue exists in which 'GetElementIC' typed array\n stubs can be generated outside observed typesets. This\n could lead to unpredictable behavior with a potential\n security impact. (CVE-2013-5615)\n\n - A use-after-free vulnerability exists when\n interacting with event listeners from the mListeners\n array. This could result in a denial of service or\n arbitrary code execution. (CVE-2013-5616)\n\n - A use-after-free vulnerability exists in the table\n editing user interface of the editor during garbage\n collection. This could result in a denial of service or\n arbitrary code execution. (CVE-2013-5618)\n\n - Memory issues exist in the binary search algorithms in\n the SpiderMonkey JavaScript engine that could result in\n a denial of service or arbitrary code execution.\n (CVE-2013-5619)\n\n - Issues exist with the JPEG format image processing with\n Start Of Scan (SOS) and Define Huffman Table (DHT)\n markers in the 'libjpeg' library. This could allow\n attackers to read arbitrary memory content as well as\n cross-domain image theft. (CVE-2013-6629, CVE-2013-6630)\n\n - A memory issue exists when inserting an ordered list\n into a document through a script that could result in a\n denial of service or arbitrary code execution.\n (CVE-2013-6671)\n\n - Trust settings for built-in root certificates are\n ignored during extended validation (EV) certificate\n validation. This removes the ability of users to\n explicitly untrust root certificates from specific\n certificate authorities. (CVE-2013-6673)\n\n - An intermediate certificate that is used by a man-in-\n the-middle (MITM) traffic management device exists in\n Mozilla's root certificate authorities. Reportedly,\n this certificate has been misused.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-104/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-106/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-107/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-108/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-109/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-110/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-111/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-113/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-114/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-115/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-116/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-117/\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to SeaMonkey 2.23 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:seamonkey\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"SeaMonkey/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/SeaMonkey/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"SeaMonkey\");\n\nmozilla_check_version(installs:installs, product:'seamonkey', fix:'2.23', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:17:42", "bulletinFamily": "scanner", "description": "Ben Turner, Bobby Holley, Jesse Ruderman and Christian Holler\ndiscovered multiple memory safety issues in Thunderbird. If a user\nwere tricked in to opening a specially crafted message with scripting\nenabled, an attacker could potentially exploit these to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking Thunderbird. (CVE-2013-5609)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in\nevent listeners. If a user had enabled scripting, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user\ninvoking Thunderbird. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Thunderbird. (CVE-2013-5618)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when\ninserting an ordered list in to a document using script. If a user had\nenabled scripting, an attacker could potentially exploit this to\nexecute arbitrary code with the privileges of the user invoking\nThunderbird. (CVE-2013-6671)\n\nSijie Xia discovered that trust settings for built-in EV root\ncertificates were ignored under certain circumstances, removing the\nability for a user to manually untrust certificates from specific\nauthorities. (CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a\nuse-after-free in functions for synthetic mouse movement handling. If\na user had enabled scripting, an attacker could potentially exploit\nthis to cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking Thunderbird.\n(CVE-2013-5613)\n\nEric Faust discovered that GetElementIC typed array stubs can be\ngenerated outside observed typesets. If a user had enabled scripting,\nan attacker could possibly exploit this to cause undefined behaviour\nwith a potential security impact. (CVE-2013-5615)\n\nMichal Zalewski discovered several issues with JPEG image handling. An\nattacker could potentially exploit these to obtain sensitive\ninformation. (CVE-2013-6629, CVE-2013-6630).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-01T00:00:00", "published": "2013-12-12T00:00:00", "id": "UBUNTU_USN-2053-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71375", "title": "Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : thunderbird vulnerabilities (USN-2053-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2053-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71375);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5613\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6671\", \"CVE-2013-6673\");\n script_bugtraq_id(64203, 64204, 64209, 64211, 64216);\n script_xref(name:\"USN\", value:\"2053-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : thunderbird vulnerabilities (USN-2053-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ben Turner, Bobby Holley, Jesse Ruderman and Christian Holler\ndiscovered multiple memory safety issues in Thunderbird. If a user\nwere tricked in to opening a specially crafted message with scripting\nenabled, an attacker could potentially exploit these to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking Thunderbird. (CVE-2013-5609)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in\nevent listeners. If a user had enabled scripting, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user\ninvoking Thunderbird. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Thunderbird. (CVE-2013-5618)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when\ninserting an ordered list in to a document using script. If a user had\nenabled scripting, an attacker could potentially exploit this to\nexecute arbitrary code with the privileges of the user invoking\nThunderbird. (CVE-2013-6671)\n\nSijie Xia discovered that trust settings for built-in EV root\ncertificates were ignored under certain circumstances, removing the\nability for a user to manually untrust certificates from specific\nauthorities. (CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a\nuse-after-free in functions for synthetic mouse movement handling. If\na user had enabled scripting, an attacker could potentially exploit\nthis to cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking Thunderbird.\n(CVE-2013-5613)\n\nEric Faust discovered that GetElementIC typed array stubs can be\ngenerated outside observed typesets. If a user had enabled scripting,\nan attacker could possibly exploit this to cause undefined behaviour\nwith a potential security impact. (CVE-2013-5615)\n\nMichal Zalewski discovered several issues with JPEG image handling. An\nattacker could potentially exploit these to obtain sensitive\ninformation. (CVE-2013-6629, CVE-2013-6630).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2053-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|12\\.10|13\\.04|13\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 12.10 / 13.04 / 13.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"thunderbird\", pkgver:\"1:24.2.0+build1-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"thunderbird\", pkgver:\"1:24.2.0+build1-0ubuntu0.12.10.1\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"thunderbird\", pkgver:\"1:24.2.0+build1-0ubuntu0.13.04.1\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"thunderbird\", pkgver:\"1:24.2.0+build1-0ubuntu0.13.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:17:44", "bulletinFamily": "scanner", "description": "New upstream.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-19T00:00:00", "published": "2013-12-18T00:00:00", "id": "FEDORA_2013-23519.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71505", "title": "Fedora 20 : firefox-26.0-3.fc20 / thunderbird-24.2.0-3.fc20 / xulrunner-26.0-2.fc20 (2013-23519)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-23519.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71505);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:47:14 $\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n script_xref(name:\"FEDORA\", value:\"2013-23519\");\n\n script_name(english:\"Fedora 20 : firefox-26.0-3.fc20 / thunderbird-24.2.0-3.fc20 / xulrunner-26.0-2.fc20 (2013-23519)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New upstream.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124255.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4eabafc3\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124256.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9e57c332\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?776a9916\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox, thunderbird and / or xulrunner packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"firefox-26.0-3.fc20\")) flag++;\nif (rpm_check(release:\"FC20\", reference:\"thunderbird-24.2.0-3.fc20\")) flag++;\nif (rpm_check(release:\"FC20\", reference:\"xulrunner-26.0-2.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / thunderbird / xulrunner\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:17:43", "bulletinFamily": "scanner", "description": "The Mozilla Project reports :\n\nMFSA 2013-116 JPEG information leak\n\nMFSA 2013-105 Application Installation doorhanger persists on\nnavigation\n\nMFSA 2013-106 Character encoding cross-origin XSS attack\n\nMFSA 2013-107 Sandbox restrictions not applied to nested object\nelements\n\nMFSA 2013-108 Use-after-free in event listeners\n\nMFSA 2013-109 Use-after-free during Table Editing\n\nMFSA 2013-110 Potential overflow in JavaScript binary search\nalgorithms\n\nMFSA 2013-111 Segmentation violation when replacing ordered list\nelements\n\nMFSA 2013-112 Linux clipboard information disclosure though selection\npaste\n\nMFSA 2013-113 Trust settings for built-in roots ignored during EV\ncertificate validation\n\nMFSA 2013-114 Use-after-free in synthetic mouse movement\n\nMFSA 2013-115 GetElementIC typed array stubs can be generated outside\nobserved typesets\n\nMFSA 2013-116 JPEG information leak\n\nMFSA 2013-117 Mis-issued ANSSI/DCSSI certificate", "modified": "2018-11-23T00:00:00", "published": "2013-12-16T00:00:00", "id": "FREEBSD_PKG_DD116B1964B311E3868F0025905A4771.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71452", "title": "FreeBSD : mozilla -- multiple vulnerabilities (dd116b19-64b3-11e3-868f-0025905a4771)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71452);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/23 12:49:57\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n\n script_name(english:\"FreeBSD : mozilla -- multiple vulnerabilities (dd116b19-64b3-11e3-868f-0025905a4771)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla Project reports :\n\nMFSA 2013-116 JPEG information leak\n\nMFSA 2013-105 Application Installation doorhanger persists on\nnavigation\n\nMFSA 2013-106 Character encoding cross-origin XSS attack\n\nMFSA 2013-107 Sandbox restrictions not applied to nested object\nelements\n\nMFSA 2013-108 Use-after-free in event listeners\n\nMFSA 2013-109 Use-after-free during Table Editing\n\nMFSA 2013-110 Potential overflow in JavaScript binary search\nalgorithms\n\nMFSA 2013-111 Segmentation violation when replacing ordered list\nelements\n\nMFSA 2013-112 Linux clipboard information disclosure though selection\npaste\n\nMFSA 2013-113 Trust settings for built-in roots ignored during EV\ncertificate validation\n\nMFSA 2013-114 Use-after-free in synthetic mouse movement\n\nMFSA 2013-115 GetElementIC typed array stubs can be generated outside\nobserved typesets\n\nMFSA 2013-116 JPEG information leak\n\nMFSA 2013-117 Mis-issued ANSSI/DCSSI certificate\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-104.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-104/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-105.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-105/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-106.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-106/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-107.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-107/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-108.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-108/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-109.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-109/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-110.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-110/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-111.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-111/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-112.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-112/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-113.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-113/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-114.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-114/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-115.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-115/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-116.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-116/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-117.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-117/\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/known-vulnerabilities/\"\n );\n # https://vuxml.freebsd.org/freebsd/dd116b19-64b3-11e3-868f-0025905a4771.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2d1f23a6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox>25.0,1<26.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"firefox<24.2.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<26.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey<2.23\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-thunderbird<24.2.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<2.23\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<24.2.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:17:42", "bulletinFamily": "scanner", "description": "Update to Firefox 26.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-19T00:00:00", "published": "2013-12-12T00:00:00", "id": "FEDORA_2013-23127.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71365", "title": "Fedora 19 : firefox-26.0-2.fc19 / xulrunner-26.0-1.fc19 (2013-23127)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-23127.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71365);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:47:14 $\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n script_bugtraq_id(63676, 63679, 64203, 64204, 64205, 64206, 64207, 64209, 64210, 64211, 64212, 64213, 64214, 64215, 64216);\n script_xref(name:\"FEDORA\", value:\"2013-23127\");\n\n script_name(english:\"Fedora 19 : firefox-26.0-2.fc19 / xulrunner-26.0-1.fc19 (2013-23127)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to Firefox 26.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123436.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?60424139\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dcdf3aa2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or xulrunner packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"firefox-26.0-2.fc19\")) flag++;\nif (rpm_check(release:\"FC19\", reference:\"xulrunner-26.0-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:18:52", "bulletinFamily": "scanner", "description": "- update to Firefox 26.0 (bnc#854367, bnc#854370)\n\n - rebased patches\n\n - requires NSPR 4.10.2 and NSS 3.15.3.1\n\n - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous\n memory safety hazards\n\n - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application\n Installation doorhanger persists on navigation\n\n - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character\n encoding cross-origin XSS attack\n\n - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox\n restrictions not applied to nested object elements\n\n - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free\n in event listeners\n\n - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free\n during Table Editing\n\n - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential\n overflow in JavaScript binary search algorithms\n\n - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation\n violation when replacing ordered list elements\n\n - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard\n information disclosure though selection paste\n\n - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings\n for built-in roots ignored during EV certificate\n validation\n\n - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)\n Use-after-free in synthetic mouse movement\n\n - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC\n typed array stubs can be generated outside observed\n typesets\n\n - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)\n JPEG information leak\n\n - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI\n certificate (fixed via NSS 3.15.3.1)\n\n - removed gecko.js preference file as GStreamer is enabled\n by default now", "modified": "2018-11-10T00:00:00", "published": "2014-06-13T00:00:00", "id": "OPENSUSE-2013-994.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75240", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1917-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-994.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75240);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/10 11:50:01\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1917-1)\");\n script_summary(english:\"Check for the openSUSE-2013-994 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to Firefox 26.0 (bnc#854367, bnc#854370)\n\n - rebased patches\n\n - requires NSPR 4.10.2 and NSS 3.15.3.1\n\n - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous\n memory safety hazards\n\n - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application\n Installation doorhanger persists on navigation\n\n - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character\n encoding cross-origin XSS attack\n\n - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox\n restrictions not applied to nested object elements\n\n - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free\n in event listeners\n\n - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free\n during Table Editing\n\n - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential\n overflow in JavaScript binary search algorithms\n\n - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation\n violation when replacing ordered list elements\n\n - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard\n information disclosure though selection paste\n\n - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings\n for built-in roots ignored during EV certificate\n validation\n\n - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)\n Use-after-free in synthetic mouse movement\n\n - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC\n typed array stubs can be generated outside observed\n typesets\n\n - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)\n JPEG information leak\n\n - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI\n certificate (fixed via NSS 3.15.3.1)\n\n - removed gecko.js preference file as GStreamer is enabled\n by default now\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaFirefox-26.0-1.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaFirefox-branding-upstream-26.0-1.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaFirefox-buildsymbols-26.0-1.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaFirefox-debuginfo-26.0-1.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaFirefox-debugsource-26.0-1.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaFirefox-devel-26.0-1.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaFirefox-translations-common-26.0-1.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaFirefox-translations-other-26.0-1.43.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:18:54", "bulletinFamily": "scanner", "description": "This update fixes the following security issues with SeaMonkey :\n\n - update to SeaMonkey 2.23 (bnc#854370))\n\n - requires NSPR 4.10.2 and NSS 3.15.3.1\n\n - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous\n memory safety hazards\n\n - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application\n Installation doorhanger persists on navigation\n\n - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character\n encoding cross-origin XSS attack\n\n - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox\n restrictions not applied to nested object elements\n\n - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free\n in event listeners\n\n - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free\n during Table Editing\n\n - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential\n overflow in JavaScript binary search algorithms\n\n - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation\n violation when replacing ordered list elements\n\n - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard\n information disclosure though selection paste\n\n - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings\n for built-in roots ignored during EV certificate\n validation\n\n - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)\n Use-after-free in synthetic mouse movement\n\n - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC\n typed array stubs can be generated outside observed\n typesets\n\n - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)\n JPEG information leak\n\n - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI\n certificate (fixed via NSS 3.15.3.1)\n\n - rebased patches :\n\n - mozilla-nongnome-proxies.patch\n\n - mozilla-shared-nss-db.patch", "modified": "2018-11-10T00:00:00", "published": "2014-06-13T00:00:00", "id": "OPENSUSE-2014-2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75327", "title": "openSUSE Security Update : seamonkey (openSUSE-SU-2014:0008-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-2.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75327);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/10 11:50:01\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n script_bugtraq_id(63676, 63679, 64203, 64204, 64205, 64206, 64207, 64209, 64210, 64211, 64212, 64213, 64214, 64215, 64216);\n\n script_name(english:\"openSUSE Security Update : seamonkey (openSUSE-SU-2014:0008-1)\");\n script_summary(english:\"Check for the openSUSE-2014-2 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues with SeaMonkey :\n\n - update to SeaMonkey 2.23 (bnc#854370))\n\n - requires NSPR 4.10.2 and NSS 3.15.3.1\n\n - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous\n memory safety hazards\n\n - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application\n Installation doorhanger persists on navigation\n\n - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character\n encoding cross-origin XSS attack\n\n - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox\n restrictions not applied to nested object elements\n\n - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free\n in event listeners\n\n - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free\n during Table Editing\n\n - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential\n overflow in JavaScript binary search algorithms\n\n - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation\n violation when replacing ordered list elements\n\n - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard\n information disclosure though selection paste\n\n - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings\n for built-in roots ignored during EV certificate\n validation\n\n - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)\n Use-after-free in synthetic mouse movement\n\n - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC\n typed array stubs can be generated outside observed\n typesets\n\n - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)\n JPEG information leak\n\n - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI\n certificate (fixed via NSS 3.15.3.1)\n\n - rebased patches :\n\n - mozilla-nongnome-proxies.patch\n\n - mozilla-shared-nss-db.patch\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2|SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2 / 12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-2.23-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debuginfo-2.23-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debugsource-2.23-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-dom-inspector-2.23-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-irc-2.23-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-common-2.23-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-other-2.23-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-venkman-2.23-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"seamonkey-2.23-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"seamonkey-debuginfo-2.23-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"seamonkey-debugsource-2.23-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"seamonkey-dom-inspector-2.23-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"seamonkey-irc-2.23-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"seamonkey-translations-common-2.23-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"seamonkey-translations-other-2.23-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"seamonkey-venkman-2.23-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-2.23-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-debuginfo-2.23-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-debugsource-2.23-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-dom-inspector-2.23-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-irc-2.23-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-translations-common-2.23-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-translations-other-2.23-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-venkman-2.23-4.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-debuginfo / seamonkey-debugsource / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:18:52", "bulletinFamily": "scanner", "description": "- update to Firefox 26.0 (bnc#854367, bnc#854370)\n\n - rebased patches\n\n - requires NSPR 4.10.2 and NSS 3.15.3.1\n\n - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous\n memory safety hazards\n\n - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application\n Installation doorhanger persists on navigation\n\n - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character\n encoding cross-origin XSS attack\n\n - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox\n restrictions not applied to nested object elements\n\n - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free\n in event listeners\n\n - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free\n during Table Editing\n\n - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential\n overflow in JavaScript binary search algorithms\n\n - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation\n violation when replacing ordered list elements\n\n - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard\n information disclosure though selection paste\n\n - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings\n for built-in roots ignored during EV certificate\n validation\n\n - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)\n Use-after-free in synthetic mouse movement\n\n - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC\n typed array stubs can be generated outside observed\n typesets\n\n - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)\n JPEG information leak\n\n - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI\n certificate (fixed via NSS 3.15.3.1)\n\n - removed gecko.js preference file as GStreamer is enabled\n by default now", "modified": "2018-11-10T00:00:00", "published": "2014-06-13T00:00:00", "id": "OPENSUSE-2013-993.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75239", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1916-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-993.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75239);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/10 11:50:01\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1916-1)\");\n script_summary(english:\"Check for the openSUSE-2013-993 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to Firefox 26.0 (bnc#854367, bnc#854370)\n\n - rebased patches\n\n - requires NSPR 4.10.2 and NSS 3.15.3.1\n\n - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous\n memory safety hazards\n\n - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application\n Installation doorhanger persists on navigation\n\n - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character\n encoding cross-origin XSS attack\n\n - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox\n restrictions not applied to nested object elements\n\n - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free\n in event listeners\n\n - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free\n during Table Editing\n\n - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential\n overflow in JavaScript binary search algorithms\n\n - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation\n violation when replacing ordered list elements\n\n - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard\n information disclosure though selection paste\n\n - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings\n for built-in roots ignored during EV certificate\n validation\n\n - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)\n Use-after-free in synthetic mouse movement\n\n - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC\n typed array stubs can be generated outside observed\n typesets\n\n - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)\n JPEG information leak\n\n - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI\n certificate (fixed via NSS 3.15.3.1)\n\n - removed gecko.js preference file as GStreamer is enabled\n by default now\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-26.0-2.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-branding-upstream-26.0-2.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-buildsymbols-26.0-2.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debuginfo-26.0-2.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debugsource-26.0-2.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-devel-26.0-2.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-common-26.0-2.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-other-26.0-2.67.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:58", "bulletinFamily": "unix", "description": "Ben Turner, Bobby Holley, Jesse Ruderman and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5609)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in event listeners. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5618)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when inserting an ordered list in to a document using script. If a user had enabled scripting, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-6671)\n\nSijie Xia discovered that trust settings for built-in EV root certificates were ignored under certain circumstances, removing the ability for a user to manually untrust certificates from specific authorities. (CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a use-after-free in functions for synthetic mouse movement handling. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5613)\n\nEric Faust discovered that GetElementIC typed array stubs can be generated outside observed typesets. If a user had enabled scripting, an attacker could possibly exploit this to cause undefined behaviour with a potential security impact. (CVE-2013-5615)\n\nMichal Zalewski discovered several issues with JPEG image handling. An attacker could potentially exploit these to obtain sensitive information. (CVE-2013-6629, CVE-2013-6630)", "modified": "2013-12-11T00:00:00", "published": "2013-12-11T00:00:00", "id": "USN-2053-1", "href": "https://usn.ubuntu.com/2053-1/", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:46", "bulletinFamily": "unix", "description": "Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph Diehl discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5609, CVE-2013-5610)\n\nMyk Melez discovered that the doorhanger notification for web app installation could persist between page navigations. An attacker could potentially exploit this to conduct clickjacking attacks. (CVE-2013-5611)\n\nMasato Kinugawa discovered that pages with missing character set encoding information can inherit character encodings across navigations from another domain. An attacker could potentially exploit this to conduct cross-site scripting attacks. (CVE-2013-5612)\n\nDaniel Veditz discovered that a sandboxed iframe could use an object element to bypass its own restrictions. (CVE-2013-5614)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in event listeners. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5618)\n\nDan Gohman discovered that binary search algorithms in Spidermonkey used arithmetic prone to overflow in several places. However, this is issue not believed to be exploitable. (CVE-2013-5619)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when inserting an ordered list in to a document using script. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-6671)\n\nVincent Lefevre discovered that web content could access clipboard data under certain circumstances, resulting in information disclosure. (CVE-2013-6672)\n\nSijie Xia discovered that trust settings for built-in EV root certificates were ignored under certain circumstances, removing the ability for a user to manually untrust certificates from specific authorities. (CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a use-after-free in functions for synthetic mouse movement handling. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5613)\n\nEric Faust discovered that GetElementIC typed array stubs can be generated outside observed typesets. An attacker could possibly exploit this to cause undefined behaviour with a potential security impact. (CVE-2013-5615)\n\nMichal Zalewski discovered several issues with JPEG image handling. An attacker could potentially exploit these to obtain sensitive information. (CVE-2013-6629, CVE-2013-6630)", "modified": "2013-12-11T00:00:00", "published": "2013-12-11T00:00:00", "id": "USN-2052-1", "href": "https://usn.ubuntu.com/2052-1/", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:10:24", "bulletinFamily": "unix", "description": "Michal Zalewski discovered that libjpeg and libjpeg-turbo incorrectly handled certain memory operations. An attacker could use this issue with a specially-crafted JPEG file to possibly expose sensitive information.", "modified": "2013-12-19T00:00:00", "published": "2013-12-19T00:00:00", "id": "USN-2060-1", "href": "https://usn.ubuntu.com/2060-1/", "title": "libjpeg, libjpeg-turbo vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:53", "bulletinFamily": "software", "description": "Multiple memory corruptions, XSS, information leakage, certificate check bypass.", "modified": "2013-12-23T00:00:00", "published": "2013-12-23T00:00:00", "id": "SECURITYVULNS:VULN:13460", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13460", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:49", "bulletinFamily": "software", "description": "\r\n\r\nDearly beloved,\r\n\r\nSo, for one reason or another, the IJG jpeg library has gained some\r\nnotoriety as one of the most robust pieces of complex,\r\nsecurity-critical C code. Despite countless fuzzing efforts, I don&#39;t\r\nrecall any reports of serious vulnerabilities at least since the\r\nrelease of jpeg6b in 1998 &#40;that&#39;s still the most commonly-used version\r\nof that library&#41;. Compared to the track record of libraries such as\r\nlibpng or libtiff, that&#39;s quite a feat.\r\n\r\nWell, as it happens, jpeg6b and some of its optimized clones &#40;e.g.,\r\nlibjpeg-turbo&#41; will use uninitialized memory when decoding images with\r\nmissing SOS data for the luminance component &#40;Y&#41; in presence of valid\r\nchroma data &#40;Cr, Cb&#41;. Here&#39;s a nice PoC for Chrome, Firefox &amp; Safari,\r\nwith fixes shipping as we speak &#40;CVE-2013-6629&#41;:\r\n\r\nhttp://lcamtuf.coredump.cx/jpeg_leak/\r\n\r\nFunnily enough, as we were investigating this finding, we noticed that\r\nthe problem has been independently spotted back in 2003, but not\r\nrecognized as a security issue:\r\n\r\nhttp://bugs.ghostscript.com/show_bug.cgi?id=686980\r\n\r\nThe patch developed by Ghotscript folks to fix rendering problems with\r\na particular document apparently ended up in limbo until 2013, at\r\nwhich point it was incorporated into a relatively little-used version\r\n9 of IJG jpeg. As far as I can tell, there are no changelog entries\r\nassociated with this fix.\r\n\r\nAnyway, if you&#39;re using libjpeg-turbo, jpeg6b, or any derived code,\r\nyou probably want to backport the changes to get_sos&#40;&#41; in jdmarker.c.\r\nLook for the section that talks about checking for unique component\r\nIDs. A new version of libjpeg-turbo will probably fix this upstream\r\nsoon. I wouldn&#39;t expect upstream fixes to jpeg6b itself.\r\n\r\n...\r\n\r\nWhile we&#39;re on the topic of JPEG libraries... a bit less\r\ninterestingly, there is also a separate but similar issue in the\r\nhandling of Huffman tables in libjpeg-turbo. This one apparently does\r\nnot affect IJG jpeg, and doesn&#39;t such a colorful history to go with\r\nit. A raw image illustrating the problem &#40;CVE-2013-6630&#41; is here:\r\n\r\nhttp://lcamtuf.coredump.cx/jpeg_leak/turbo-dht.jpg\r\n\r\nA simple fix for this is to locate get_dht in jdmarker.c and make sure\r\nthat the huffval[] table is zeroed before use.\r\n\r\n...\r\n\r\nWell, that&#39;s it. As far as the impact goes, similar info leaks have\r\nbeen previously shown to allow a variety of things in the browser\r\nenvironment, including cookie theft or bypassing ASLR; see\r\nhttp://vexillium.org/?sec-ff for one cool example.\r\n\r\nThe general case of code that performs one-shot image conversions in a\r\nseparate process is of minimal concern; in-process or multi-shot\r\nconversions can be problematic. Converters that do not directly decode\r\nuser-supplied JPEGs should be OK.\r\n\r\nPS. If you&#39;re interested about the tool used to generate and isolate\r\nthese inputs, check out http://code.google.com/p/american-fuzzy-lop/\r\n\r\n/mz\r\n", "modified": "2013-12-09T00:00:00", "published": "2013-12-09T00:00:00", "id": "SECURITYVULNS:DOC:30065", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30065", "title": "bugs in IJG jpeg6b &amp; libjpeg-turbo", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:53", "bulletinFamily": "unix", "description": "\nThe Mozilla Project reports:\n\nMFSA 2013-116 JPEG information leak\nMFSA 2013-105 Application Installation doorhanger persists on\n\t navigation\nMFSA 2013-106 Character encoding cross-origin XSS attack\nMFSA 2013-107 Sandbox restrictions not applied to nested object\n\t elements\nMFSA 2013-108 Use-after-free in event listeners\nMFSA 2013-109 Use-after-free during Table Editing\nMFSA 2013-110 Potential overflow in JavaScript binary search\n\t algorithms\nMFSA 2013-111 Segmentation violation when replacing ordered list\n\t elements\nMFSA 2013-112 Linux clipboard information disclosure though\n\t selection paste\nMFSA 2013-113 Trust settings for built-in roots ignored during EV\n\t certificate validation\nMFSA 2013-114 Use-after-free in synthetic mouse movement\nMFSA 2013-115 GetElementIC typed array stubs can be generated\n\t outside observed typesets\nMFSA 2013-116 JPEG information leak\nMFSA 2013-117 Mis-issued ANSSI/DCSSI certificate\n\n", "modified": "2013-12-09T00:00:00", "published": "2013-12-09T00:00:00", "id": "DD116B19-64B3-11E3-868F-0025905A4771", "href": "https://vuxml.freebsd.org/freebsd/dd116b19-64b3-11e3-868f-0025905a4771.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:45:17", "bulletinFamily": "unix", "description": "[24.2.0-1.0.1.el6_4]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one\n- Build with nspr-devel >= 4.10.0 to fix build failure\n[24.2.0-1]\n- Update to 24.2.0 ESR\n[24.1.0-4]\n- Fixed mozbz#938730 - avoid mix of memory allocators (crashes)\n when using system sqlite\n[24.1.0-3]\n- Fixed locale pickup (rhbz#1034541)\n[24.1.0-2]\n- Fixed package reinstall issue\n[24.1.0-1]\n- Update to 24.1.0 ESR\n[24.0-0.1]\n- Update to 24.0 ESR", "modified": "2013-12-11T00:00:00", "published": "2013-12-11T00:00:00", "id": "ELSA-2013-1812", "href": "http://linux.oracle.com/errata/ELSA-2013-1812.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:42:43", "bulletinFamily": "unix", "description": "[24.2.0-1.0.1.el6_5]\r\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\r\n- Make sure build with nspr-devel >= 4.10.0\r\n \n[24.2.0-1]\r\n- Update to 24.2.0 ESR\r\n \n[24.1.0-1]\r\n- Update to 24.1.0 ESR", "modified": "2013-12-11T00:00:00", "published": "2013-12-11T00:00:00", "id": "ELSA-2013-1823", "href": "http://linux.oracle.com/errata/ELSA-2013-1823.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:24:59", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2013:1812\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to terminate\nunexpectedly or, potentially, execute arbitrary code with the privileges of\nthe user running Firefox. (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618,\nCVE-2013-6671, CVE-2013-5613)\n\nA flaw was found in the way Firefox rendered web content with missing\ncharacter encoding information. An attacker could use this flaw to possibly\nbypass same-origin inheritance and perform cross-site scripting (XSS)\nattacks. (CVE-2013-5612)\n\nIt was found that certain malicious web content could bypass restrictions\napplied by sandboxed iframes. An attacker could combine this flaw with\nother vulnerabilities to execute arbitrary code with the privileges of the\nuser running Firefox. (CVE-2013-5614)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Ben Turner, Bobby Holley, Jesse Ruderman, Christian\nHoller, Masato Kinugawa, Daniel Veditz, Jesse Schwartzentruber, Nils, Tyson\nSmith, and Atte Kettunen as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 24.2.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 24.2.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-December/020067.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-December/020073.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1812.html", "modified": "2013-12-13T00:08:28", "published": "2013-12-11T11:44:39", "href": "http://lists.centos.org/pipermail/centos-announce/2013-December/020067.html", "id": "CESA-2013:1812", "title": "firefox security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:25:01", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2013:1823\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613)\n\nA flaw was found in the way Thunderbird rendered web content with missing\ncharacter encoding information. An attacker could use this flaw to possibly\nbypass same-origin inheritance and perform cross site-scripting (XSS)\nattacks. (CVE-2013-5612)\n\nIt was found that certain malicious web content could bypass restrictions\napplied by sandboxed iframes. An attacker could combine this flaw with\nother vulnerabilities to execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2013-5614)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Ben Turner, Bobby Holley, Jesse Ruderman, Christian\nHoller, Masato Kinugawa, Daniel Veditz, Jesse Schwartzentruber, Nils, Tyson\nSmith, and Atte Kettunen as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 24.2.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 24.2.0 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-December/020068.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-December/020072.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1823.html", "modified": "2013-12-13T00:07:12", "published": "2013-12-11T23:13:52", "href": "http://lists.centos.org/pipermail/centos-announce/2013-December/020068.html", "id": "CESA-2013:1823", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T19:43:26", "bulletinFamily": "unix", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to terminate\nunexpectedly or, potentially, execute arbitrary code with the privileges of\nthe user running Firefox. (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618,\nCVE-2013-6671, CVE-2013-5613)\n\nA flaw was found in the way Firefox rendered web content with missing\ncharacter encoding information. An attacker could use this flaw to possibly\nbypass same-origin inheritance and perform cross-site scripting (XSS)\nattacks. (CVE-2013-5612)\n\nIt was found that certain malicious web content could bypass restrictions\napplied by sandboxed iframes. An attacker could combine this flaw with\nother vulnerabilities to execute arbitrary code with the privileges of the\nuser running Firefox. (CVE-2013-5614)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Ben Turner, Bobby Holley, Jesse Ruderman, Christian\nHoller, Masato Kinugawa, Daniel Veditz, Jesse Schwartzentruber, Nils, Tyson\nSmith, and Atte Kettunen as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 24.2.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 24.2.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "modified": "2018-06-06T20:24:37", "published": "2013-12-11T05:00:00", "id": "RHSA-2013:1812", "href": "https://access.redhat.com/errata/RHSA-2013:1812", "type": "redhat", "title": "(RHSA-2013:1812) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:43:18", "bulletinFamily": "unix", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613)\n\nA flaw was found in the way Thunderbird rendered web content with missing\ncharacter encoding information. An attacker could use this flaw to possibly\nbypass same-origin inheritance and perform cross site-scripting (XSS)\nattacks. (CVE-2013-5612)\n\nIt was found that certain malicious web content could bypass restrictions\napplied by sandboxed iframes. An attacker could combine this flaw with\nother vulnerabilities to execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2013-5614)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Ben Turner, Bobby Holley, Jesse Ruderman, Christian\nHoller, Masato Kinugawa, Daniel Veditz, Jesse Schwartzentruber, Nils, Tyson\nSmith, and Atte Kettunen as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 24.2.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 24.2.0 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n", "modified": "2018-06-06T20:24:20", "published": "2013-12-11T05:00:00", "id": "RHSA-2013:1823", "href": "https://access.redhat.com/errata/RHSA-2013:1823", "type": "redhat", "title": "(RHSA-2013:1823) Important: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2017-04-18T15:54:11", "bulletinFamily": "NVD", "description": "The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.", "modified": "2016-10-03T21:59:21", "published": "2013-11-18T23:50:56", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6630", "id": "CVE-2013-6630", "title": "CVE-2013-6630", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-04-18T15:54:06", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.", "modified": "2016-12-21T21:59:03", "published": "2013-12-11T10:55:12", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5616", "id": "CVE-2013-5616", "title": "CVE-2013-5616", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-01T05:14:12", "bulletinFamily": "NVD", "description": "Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations.", "modified": "2018-10-30T12:27:37", "published": "2013-12-11T10:55:13", "id": "CVE-2013-6672", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6672", "title": "CVE-2013-6672", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-11-01T05:14:12", "bulletinFamily": "NVD", "description": "Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.", "modified": "2018-10-30T12:27:37", "published": "2013-12-11T10:55:13", "id": "CVE-2013-6673", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6673", "title": "CVE-2013-6673", "type": "cve", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-18T15:54:06", "bulletinFamily": "NVD", "description": "The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors.", "modified": "2016-12-21T21:59:03", "published": "2013-12-11T10:55:12", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5615", "id": "CVE-2013-5615", "title": "CVE-2013-5615", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-18T15:54:06", "bulletinFamily": "NVD", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "modified": "2016-12-21T21:59:02", "published": "2013-12-11T10:55:07", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5610", "id": "CVE-2013-5610", "title": "CVE-2013-5610", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-18T15:54:06", "bulletinFamily": "NVD", "description": "Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.", "modified": "2016-12-21T21:59:03", "published": "2013-12-11T10:55:12", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5614", "id": "CVE-2013-5614", "title": "CVE-2013-5614", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-11-01T05:14:12", "bulletinFamily": "NVD", "description": "Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.", "modified": "2018-10-30T12:27:37", "published": "2013-12-11T10:55:12", "id": "CVE-2013-5611", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5611", "title": "CVE-2013-5611", "type": "cve", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-01T05:14:12", "bulletinFamily": "NVD", "description": "Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.", "modified": "2018-10-30T12:27:37", "published": "2013-12-11T10:55:13", "id": "CVE-2013-5619", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5619", "title": "CVE-2013-5619", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-18T15:54:06", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function.", "modified": "2016-12-21T21:59:03", "published": "2013-12-11T10:55:12", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5613", "id": "CVE-2013-5613", "title": "CVE-2013-5613", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "f5": [{"lastseen": "2017-06-08T00:16:24", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 440213 (BIG-IP), ID 572613 (BIG-IQ), and ID 572614 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H59503294 on the **Diagnostics** &gt; **Identified** &gt; **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| libjpeg \nlibjpeg-turbo* \nBIG-IP AAM| 12.0.0 \n11.4.0 - 11.6.1| 12.1.0| Low| libjpeg \nlibjpeg-turbo* \nBIG-IP AFM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0| Low| libjpeg \nlibjpeg-turbo* \nBIG-IP Analytics| 12.0.0 \n11.0.0 - 11.6.1| 12.1.0| Low| libjpeg \nlibjpeg-turbo* \nBIG-IP APM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| libjpeg \nlibjpeg-turbo* \nBIG-IP ASM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| libjpeg \nlibjpeg-turbo* \nBIG-IP DNS| 12.0.0| 12.1.0| Low| libjpeg-turbo* \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| libjpeg \nBIG-IP GTM| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| None| Low| libjpeg \nBIG-IP Link Controller| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| libjpeg \nlibjpeg-turbo* \nBIG-IP PEM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0| Low| libjpeg \nlibjpeg-turbo* \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low| libjpeg \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| libjpeg \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| libjpeg \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| libjpeg \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| libjpeg \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| libjpeg \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| libjpeg \nBIG-IQ ADC| 4.5.0| None| Low| libjpeg \nBIG-IQ Centralized Management| 4.6.0| None| Low| libjpeg \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Low| libjpeg \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None \n \n*The libjpeg-turbo package is installed on the BIG-IP system starting with version 12.0.0. BIG-IP versions prior to 12.0.0 only contain the libjpeg package.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n", "modified": "2017-04-12T17:06:00", "published": "2016-02-19T11:29:00", "id": "F5:K59503294", "href": "https://support.f5.com/csp/article/K59503294", "title": "libjpeg vulnerability CVE-2013-6629", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-06-08T00:16:04", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 572277 (BIG-IP) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H62655427 on the **Diagnostics** &gt; **Identified** &gt; **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0| 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4*| Low| libjpeg-turbo \nBIG-IP AAM| 12.0.0| 11.4.0 - 11.6.0*| Low| libjpeg-turbo \nBIG-IP AFM| 12.0.0| 11.3.0 - 11.6.0*| Low| libjpeg-turbo \nBIG-IP Analytics| 12.0.0| 11.0.0 - 11.6.0*| Low| libjpeg-turbo \nBIG-IP APM| 12.0.0| 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4*| Low| libjpeg-turbo \nBIG-IP ASM| 12.0.0| 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4*| Low| libjpeg-turbo \nBIG-IP DNS| 12.0.0| None| Low| libjpeg-turbo \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4*| Not vulnerable| None \nBIG-IP Link Controller| 12.0.0| 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4*| Low| libjpeg-turbo \nBIG-IP PEM| 12.0.0| 11.3.0 - 11.6.0*| Low| libjpeg-turbo \nBIG-IP PSM| None| 11.0.0 - 11.4.1* \n10.1.0 - 10.2.4*| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| Not vulnerable| None \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None \n \n*The libjpeg-turbo package is installed on the BIG-IP system starting with version 12.0.0. BIG-IP versions prior to 12.0.0 do not contain the libjpeg-turbo package.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n", "modified": "2017-04-12T17:05:00", "published": "2016-02-19T10:26:00", "href": "https://support.f5.com/csp/article/K62655427", "id": "F5:K62655427", "type": "f5", "title": "libjpeg-turbo vulnerability CVE-2013-6630", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-26T17:23:09", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n", "modified": "2016-02-18T00:00:00", "published": "2016-02-18T00:00:00", "id": "SOL62655427", "href": "http://support.f5.com/kb/en-us/solutions/public/k/62/sol62655427.html", "type": "f5", "title": "SOL62655427 - libjpeg-turbo vulnerability CVE-2013-6630", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-26T17:23:18", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity **values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL15106: Managing BIG-IQ product hotfixes\n * SOL15113: BIG-IQ hotfix matrix\n", "modified": "2016-05-23T00:00:00", "published": "2016-02-19T00:00:00", "id": "SOL59503294", "href": "http://support.f5.com/kb/en-us/solutions/public/k/59/sol59503294.html", "type": "f5", "title": "SOL59503294 - libjpeg vulnerability CVE-2013-6629", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "symantec": [{"lastseen": "2018-03-14T22:43:09", "bulletinFamily": "software", "description": "### Description\n\nlibjpeg and libjpeg-turbo libraries are prone to a memory-corruption vulnerability. Attackers can exploit this issue to bypass Address Space Layout Randomization (ASLR) protection mechanisms of applications. This may aid in further attacks that may lead to arbitrary code execution.\n\n### Technologies Affected\n\n * Apple Apple TV 1.0 \n * Apple Apple TV 1.1.0 \n * Apple Apple TV 2.0.0 \n * Apple Apple TV 2.0.1 \n * Apple Apple TV 2.0.2 \n * Apple Apple TV 2.1 \n * Apple Apple TV 2.2.0 \n * Apple Apple TV 2.3.0 \n * Apple Apple TV 2.3.1 \n * Apple Apple TV 2.4.0 \n * Apple Apple TV 3.0.0 \n * Apple Apple TV 3.0.1 \n * Apple Apple TV 3.0.2 \n * Apple Apple TV 4.0 \n * Apple Apple TV 4.1 \n * Apple Apple TV 4.1.0 \n * Apple Apple TV 4.1.1 \n * Apple Apple TV 4.2 \n * Apple Apple TV 4.2.0 \n * Apple Apple TV 4.2.1 \n * Apple Apple TV 4.2.2 \n * Apple Apple TV 4.3 \n * Apple Apple TV 4.3.0 \n * Apple Apple TV 4.4 \n * Apple Apple TV 4.4.0 \n * Apple Apple TV 4.4.2 \n * Apple Apple TV 4.4.3 \n * Apple Apple TV 4.4.4 \n * Apple Apple TV 5.0 \n * Apple Apple TV 5.0.0 \n * Apple Apple TV 5.0.1 \n * Apple Apple TV 5.0.2 \n * Apple Apple TV 5.1 \n * Apple Apple TV 5.1.0 \n * Apple Apple TV 5.1.1 \n * Apple Apple TV 5.2 \n * Apple Apple TV 5.2.1 \n * Apple Apple TV 6.0 \n * Apple Apple TV 6.0.1 \n * Apple Apple TV 6.0.2 \n * Apple Mac OS X 10.7.5 \n * Apple Mac OS X 10.8.5 \n * Apple Mac OS X 10.9 \n * Apple Mac OS X 10.9.1 \n * Apple Mac OS X Server 10.7.5 \n * Apple iOS 2.0 \n * Apple iOS 2.1 \n * Apple iOS 3.0 \n * Apple iOS 3.1 \n * Apple iOS 3.2 \n * Apple iOS 3.2.1 \n * Apple iOS 3.2.2 \n * Apple iOS 4 \n * Apple iOS 4.0.1 \n * Apple iOS 4.0.2 \n * Apple iOS 4.1 \n * Apple iOS 4.2 \n * Apple iOS 4.2 beta \n * Apple iOS 4.2.1 \n * Apple iOS 4.2.10 \n * Apple iOS 4.2.5 \n * Apple iOS 4.2.6 \n * Apple iOS 4.2.7 \n * Apple iOS 4.2.8 \n * Apple iOS 4.2.9 \n * Apple iOS 4.3 \n * Apple iOS 4.3.1 \n * Apple iOS 4.3.2 \n * Apple iOS 4.3.3 \n * Apple iOS 4.3.4 \n * Apple iOS 4.3.5 \n * Apple iOS 5 \n * Apple iOS 5.0.1 \n * Apple iOS 5.1 \n * Apple iOS 5.1.1 \n * Apple iOS 6 \n * Apple iOS 6 Beta 4 \n * Apple iOS 6 for Developer \n * Apple iOS 6.0.1 \n * Apple iOS 6.0.2 \n * Apple iOS 6.1 \n * Apple iOS 6.1.3 \n * Apple iOS 6.1.4 \n * Apple iOS 6.1.6 \n * Apple iOS 6.3.1 \n * Apple iOS 7 \n * Apple iOS 7.0.1 \n * Apple iOS 7.0.2 \n * Apple iOS 7.0.3 \n * Apple iOS 7.0.4 \n * Apple iOS 7.0.6 \n * Apple iPad \n * Apple iPhone 4.0 \n * Apple iPhone 5.1 \n * Apple iPod Touch \n * Avant Browser Avant Browser 2013 build 115 \n * Avant Force Avant Browser 2013 build 117 \n * Avant Force Avant Browser 2013 build 118 \n * Avant Force Avant Browser 2013 build 119 \n * Avaya Aura Application Enablement Services 5.0 \n * Avaya Aura Application Enablement Services 5.2 \n * Avaya Aura Application Enablement Services 5.2.1 \n * Avaya Aura Application Enablement Services 5.2.2 \n * Avaya Aura Application Enablement Services 5.2.3 \n * Avaya Aura Application Enablement Services 5.2.4 \n * Avaya Aura Application Enablement Services 6.0 \n * Avaya Aura Application Enablement Services 6.1 \n * Avaya Aura Application Enablement Services 6.1.1 \n * Avaya Aura Application Enablement Services 6.1.2 \n * Avaya Aura Application Enablement Services 6.2 \n * Avaya Aura Application Server 5300 SIP Core 2.0 \n * Avaya Aura Application Server 5300 SIP Core 2.1 \n * Avaya Aura Application Server 5300 SIP Core 3.0 \n * Avaya Aura Collaboration Environment 2.0 \n * Avaya Aura Communication Manager 5.2 \n * Avaya Aura Communication Manager 5.2.1 \n * Avaya Aura Communication Manager Utility Services 1.1 \n * Avaya Aura Communication Manager Utility Services 6.0 \n * Avaya Aura Communication Manager Utility Services 6.1 \n * Avaya Aura Communication Manager Utility Services 6.1.0.9.8 \n * Avaya Aura Communication Manager Utility Services 6.2 \n * Avaya Aura Communication Manager Utility Services 6.2.4.0.15 \n * Avaya Aura Communication Manager Utility Services 6.2.5.0.15 \n * Avaya Aura Communication Manager Utility Services 6.3 \n * Avaya Aura Conferencing 6.0 SP1 Standard \n * Avaya Aura Conferencing 6.0 Standard \n * Avaya Aura Conferencing 7.0 \n * Avaya Aura Experience Portal 6.0 \n * Avaya Aura Experience Portal 6.0.1 \n * Avaya Aura Experience Portal 6.0.2 \n * Avaya Aura Experience Portal 7.0 \n * Avaya Aura Messaging 6.0 \n * Avaya Aura Messaging 6.0.1 \n * Avaya Aura Messaging 6.1 \n * Avaya Aura Messaging 6.1.1 \n * Avaya Aura Messaging 6.2 \n * Avaya Aura Presence Services 6.0 \n * Avaya Aura Presence Services 6.1 \n * Avaya Aura Presence Services 6.1 SP1 \n * Avaya Aura Presence Services 6.1.1 \n * Avaya Aura Presence Services 6.1.2 \n * Avaya Aura Session Manager 5.2 \n * Avaya Aura Session Manager 5.2 SP1 \n * Avaya Aura Session Manager 5.2 SP2 \n * Avaya Aura Session Manager 5.2.1 \n * Avaya Aura Session Manager 5.2.4 \n * Avaya Aura Session Manager 6.0 \n * Avaya Aura Session Manager 6.0 SP1 \n * Avaya Aura Session Manager 6.0.1 \n * Avaya Aura Session Manager 6.0.2 \n * Avaya Aura Session Manager 6.1 \n * Avaya Aura Session Manager 6.1 SP1 \n * Avaya Aura Session Manager 6.1 SP2 \n * Avaya Aura Session Manager 6.1.1 \n * Avaya Aura Session Manager 6.1.2 \n * Avaya Aura Session Manager 6.1.3 \n * Avaya Aura Session Manager 6.1.5 \n * Avaya Aura Session Manager 6.2 \n * Avaya Aura Session Manager 6.2 SP1 \n * Avaya Aura Session Manager 6.2.1 \n * Avaya Aura Session Manager 6.2.2 \n * Avaya Aura Session Manager 6.2.3 \n * Avaya Aura Session Manager 6.3 \n * Avaya Aura Session Manager 6.3.1 \n * Avaya Aura System Manager 5.2 \n * Avaya Aura System Manager 6.0 \n * Avaya Aura System Manager 6.0 SP1 \n * Avaya Aura System Manager 6.1 \n * Avaya Aura System Manager 6.1 SP1 \n * Avaya Aura System Manager 6.1 SP2 \n * Avaya Aura System Manager 6.1.1 \n * Avaya Aura System Manager 6.1.2 \n * Avaya Aura System Manager 6.1.3 \n * Avaya Aura System Manager 6.1.5 \n * Avaya Aura System Manager 6.2 \n * Avaya Aura System Manager 6.2 SP3 \n * Avaya Aura System Manager 6.2.3 \n * Avaya Aura System Manager 6.3 \n * Avaya Aura System Platform 1.0 \n * Avaya Aura System Platform 1.1 \n * Avaya Aura System Platform 6.0.1 \n * Avaya Aura System Platform 6.0.2 \n * Avaya Aura System Platform 6.0.3.0.3 \n * Avaya Aura System Platform 6.0.3.8.3 \n * Avaya Aura System Platform 6.0.3.9.3 \n * Avaya Aura System Platform 6.2 \n * Avaya Aura System Platform 6.2.1 \n * Avaya Aura System Platform 6.2.1.0.9 \n * Avaya Aura System Platform 6.2.2 \n * Avaya Aura System Platform 6.3 \n * Avaya CMS R17ac.g \n * Avaya CMS R17ac.h \n * Avaya Communication Server 1000E 6.0 \n * Avaya Communication Server 1000E 7.0 \n * Avaya Communication Server 1000E 7.5 \n * Avaya Communication Server 1000E 7.6 \n * Avaya Communication Server 1000E Signaling Server 7.0 \n * Avaya Communication Server 1000E Signaling Server 7.5 \n * Avaya Communication Server 1000M 6.0 \n * Avaya Communication Server 1000M 7.0 \n * Avaya Communication Server 1000M 7.5 \n * Avaya Communication Server 1000M 7.6 \n * Avaya Communication Server 1000M Signaling Server 7.0 \n * Avaya Communication Server 1000M Signaling Server 7.5 \n * Avaya Conferencing Standard Edition 6.0 \n * Avaya Conferencing Standard Edition 6.0.1 \n * Avaya IP Office Application Server 8.0 \n * Avaya IP Office Application Server 8.1 \n * Avaya IP Office Server Edition 8.1 \n * Avaya IQ 5 \n * Avaya IQ 5.1 \n * Avaya IQ 5.1.1 \n * Avaya IQ 5.2 \n * Avaya Meeting Exchange 6.0 \n * Avaya Meeting Exchange 6.2 \n * Avaya Messaging Application Server 5.2 \n * Avaya Messaging Application Server 5.2.1 \n * Avaya Messaging Message Storage Server 5.2.1 \n * Avaya Proactive Contact 5.0 \n * Avaya Proactive Contact 5.1 \n * Avaya Voice Portal 5.0 \n * Avaya Voice Portal 5.1 \n * Avaya Voice Portal 5.1.1 \n * Avaya Voice Portal 5.1.2 \n * Avaya Voice Portal 5.1.3 \n * Avaya one-X Client Enablement Services 6.1.1 \n * Avaya one-X Client Enablement Services 6.1.2 \n * Avaya one-X Client Enablement Services 6.2 \n * CentOS CentOS 5 \n * CentOS CentOS 6 \n * Debian Linux 6.0 amd64 \n * Debian Linux 6.0 arm \n * Debian Linux 6.0 ia-32 \n * Debian Linux 6.0 ia-64 \n * Debian Linux 6.0 mips \n * Debian Linux 6.0 powerpc \n * Debian Linux 6.0 s/390 \n * Debian Linux 6.0 sparc \n * Fedoraproject Fedora 18 \n * Fedoraproject Fedora 19 \n * Fedoraproject Fedora 20 \n * Gentoo Linux \n * Google Chrome 0.2.152.1 \n * Google Chrome 0.2.153.1 \n * Google Chrome 0.3.154 9 \n * Google Chrome 0.3.154.0 \n * Google Chrome 0.3.154.3 \n * Google Chrome 0.4.154.18 \n * Google Chrome 0.4.154.22 \n * Google Chrome 0.4.154.31 \n * Google Chrome 0.4.154.33 \n * Google Chrome 1.0.154.36 \n * Google Chrome 1.0.154.39 \n * Google Chrome 1.0.154.42 \n * Google Chrome 1.0.154.43 \n * Google Chrome 1.0.154.46 \n * Google Chrome 1.0.154.48 \n * Google Chrome 1.0.154.52 \n * Google Chrome 1.0.154.53 \n * Google Chrome 1.0.154.55 \n * Google Chrome 1.0.154.59 \n * Google Chrome 1.0.154.64 \n * Google Chrome 1.0.154.65 \n * Google Chrome 10 \n * Google Chrome 10.0.648.127 \n * Google Chrome 10.0.648.128 \n * Google Chrome 10.0.648.133 \n * Google Chrome 10.0.648.204 \n * Google Chrome 10.0.648.205 \n * Google Chrome 11 \n * Google Chrome 11.0.672.2 \n * Google Chrome 11.0.696.43 \n * Google Chrome 11.0.696.57 \n * Google Chrome 11.0.696.65 \n * Google Chrome 11.0.696.68 \n * Google Chrome 11.0.696.71 \n * Google Chrome 11.0.696.77 \n * Google Chrome 12 \n * Google Chrome 12.0.742.100 \n * Google Chrome 12.0.742.112 \n * Google Chrome 12.0.742.91 \n * Google Chrome 13 \n * Google Chrome 13.0.782.107 \n * Google Chrome 13.0.782.112 \n * Google Chrome 13.0.782.215 \n * Google Chrome 14 \n * Google Chrome 14.0.835.163 \n * Google Chrome 14.0.835.186 \n * Google Chrome 14.0.835.202 \n * Google Chrome 15 \n * Google Chrome 15.0.874 102 \n * Google Chrome 15.0.874.120 \n * Google Chrome 15.0.874.121 \n * Google Chrome 16 \n * Google Chrome 16.0.912.63 \n * Google Chrome 16.0.912.75 \n * Google Chrome 16.0.912.75 \n * Google Chrome 16.0.912.77 \n * Google Chrome 17 \n * Google Chrome 17.0.963.46 \n * Google Chrome 17.0.963.56 \n * Google Chrome 17.0.963.60 \n * Google Chrome 17.0.963.78 \n * Google Chrome 17.0.963.83 \n * Google Chrome 18 \n * Google Chrome 18.0.1025.142 \n * Google Chrome 18.0.1025.151 \n * Google Chrome 18.0.1025.162 \n * Google Chrome 18.0.1025.168 \n * Google Chrome 19 \n * Google Chrome 19.0.1084.21 \n * Google Chrome 19.0.1084.52 \n * Google Chrome 2.0.156.1 \n * Google Chrome 2.0.157.0 \n * Google Chrome 2.0.157.2 \n * Google Chrome 2.0.158.0 \n * Google Chrome 2.0.159.0 \n * Google Chrome 2.0.169.0 \n * Google Chrome 2.0.169.1 \n * Google Chrome 2.0.170.0 \n * Google Chrome 2.0.172 \n * Google Chrome 2.0.172.2 \n * Google Chrome 2.0.172.27 \n * Google Chrome 2.0.172.28 \n * Google Chrome 2.0.172.38 \n * Google Chrome 2.0.172.8 \n * Google Chrome 20.0.1132.23 \n * Google Chrome 20.0.1132.43 \n * Google Chrome 20.0.1132.57 \n * Google Chrome 21 \n * Google Chrome 21.0.1180.49 \n * Google Chrome 21.0.1180.50 \n * Google Chrome 21.0.1180.57 \n * Google Chrome 21.0.1180.60 \n * Google Chrome 21.0.1180.75 \n * Google Chrome 21.0.1180.79 \n * Google Chrome 21.0.1180.81 \n * Google Chrome 21.0.1180.82 \n * Google Chrome 21.0.1180.83 \n * Google Chrome 21.0.1180.89 \n * Google Chrome 22 \n * Google Chrome 22.0.1229.79 \n * Google Chrome 22.0.1229.92 \n * Google Chrome 22.0.1229.94 \n * Google Chrome 23.0.1271.64 \n * Google Chrome 23.0.1271.91 \n * Google Chrome 23.0.1271.95 \n * Google Chrome 23.0.1271.97 \n * Google Chrome 24.0.1312.52 \n * Google Chrome 24.0.1312.56 \n * Google Chrome 24.0.1312.57 \n * Google Chrome 24.0.1312.70 \n * Google Chrome 25 \n * Google Chrome 25.0.1364.152 \n * Google Chrome 25.0.1364.160 \n * Google Chrome 25.0.1364.172 \n * Google Chrome 25.0.1364.95 \n * Google Chrome 25.0.1364.97 \n * Google Chrome 25.0.1364.99 \n * Google Chrome 26.0.1410.28 \n * Google Chrome 26.0.1410.43 \n * Google Chrome 26.0.1410.46 \n * Google Chrome 26.0.1410.53 \n * Google Chrome 26.0.1410.63 \n * Google Chrome 26.0.1410.64 \n * Google Chrome 27.0.1444.3 \n * Google Chrome 27.0.1453.110 \n * Google Chrome 27.0.1453.93 \n * Google Chrome 28.0.1498.0 \n * Google Chrome 28.0.1500.53 \n * Google Chrome 28.0.1500.71 \n * Google Chrome 28.0.1500.95 \n * Google Chrome 29.0.1547.57 \n * Google Chrome 29.0.1547.76 \n * Google Chrome 3 \n * Google Chrome 3.0 Beta \n * Google Chrome 3.0.182.2 \n * Google Chrome 3.0.190.2 \n * Google Chrome 3.0.193.2 Beta \n * Google Chrome 3.0.195.2 \n * Google Chrome 3.0.195.21 \n * Google Chrome 3.0.195.25 \n * Google Chrome 3.0.195.27 \n * Google Chrome 3.0.195.36 \n * Google Chrome 3.0.195.37 \n * Google Chrome 30.0.1599.101 \n * Google Chrome 30.0.1599.66 \n * Google Chrome 4 \n * Google Chrome 5.0.306.0 \n * Google Chrome 5.0.307.1 \n * Google Chrome 5.0.308.0 \n * Google Chrome 5.0.309.0 \n * Google Chrome 5.0.313.0 \n * Google Chrome 5.0.314.0 \n * Google Chrome 5.0.315.0 \n * Google Chrome 5.0.316.0 \n * Google Chrome 5.0.317.0 \n * Google Chrome 5.0.318.0 \n * Google Chrome 5.0.319.0 \n * Google Chrome 5.0.320.0 \n * Google Chrome 5.0.321.0 \n * Google Chrome 5.0.322.0 \n * Google Chrome 5.0.323.0 \n * Google Chrome 5.0.324.0 \n * Google Chrome 5.0.325.0 \n * Google Chrome 5.0.326.0 \n * Google Chrome 6.0.397.0 \n * Google Chrome 6.0.398.0 \n * Google Chrome 6.0.399.0 \n * Google Chrome 6.0.400.0 \n * Google Chrome 6.0.408.0 \n * Google Chrome 6.0.408.1 \n * Google Chrome 7.0.497.0 \n * Google Chrome 7.0.498.0 \n * Google Chrome 7.0.499.0 \n * Google Chrome 7.0.499.1 \n * Google Chrome 7.0.500.0 \n * Google Chrome 8.0.549.0 \n * Google Chrome 8.0.551.0 \n * Google Chrome 8.0.551.1 \n * Google Chrome 8.0.552.0 \n * Google Chrome 8.0.552.1 \n * Google Chrome 8.0.552.10 \n * Google Chrome 8.0.552.100 \n * Google Chrome 8.0.552.101 \n * Google Chrome 8.0.552.102 \n * Google Chrome 8.0.552.103 \n * Google Chrome 8.0.552.104 \n * Google Chrome 8.0.552.105 \n * Google Chrome 8.0.552.11 \n * Google Chrome 8.0.552.12 \n * Google Chrome 8.0.552.13 \n * Google Chrome 8.0.552.14 \n * Google Chrome 8.0.552.15 \n * Google Chrome 8.0.552.16 \n * Google Chrome 8.0.552.17 \n * Google Chrome 8.0.552.18 \n * Google Chrome 8.0.552.19 \n * Google Chrome 8.0.552.2 \n * Google Chrome 8.0.552.20 \n * Google Chrome 8.0.552.200 \n * Google Chrome 8.0.552.201 \n * Google Chrome 8.0.552.202 \n * Google Chrome 8.0.552.203 \n * Google Chrome 8.0.552.204 \n * Google Chrome 8.0.552.205 \n * Google Chrome 8.0.552.206 \n * Google Chrome 8.0.552.207 \n * Google Chrome 8.0.552.208 \n * Google Chrome 8.0.552.209 \n * Google Chrome 8.0.552.21 \n * Google Chrome 8.0.552.210 \n * Google Chrome 8.0.552.211 \n * Google Chrome 8.0.552.212 \n * Google Chrome 8.0.552.213 \n * Google Chrome 8.0.552.214 \n * Google Chrome 8.0.552.215 \n * Google Chrome 8.0.552.216 \n * Google Chrome 8.0.552.217 \n * Google Chrome 8.0.552.218 \n * Google Chrome 8.0.552.219 \n * Google Chrome 8.0.552.220 \n * Google Chrome 8.0.552.221 \n * Google Chrome 8.0.552.222 \n * Google Chrome 8.0.552.223 \n * Google Chrome 8.0.552.224 \n * Google Chrome 8.0.552.225 \n * Google Chrome 8.0.552.226 \n * Google Chrome 8.0.552.237 \n * Google Chrome 8.0.552.300 \n * Google Chrome 8.0.552.301 \n * Google Chrome 8.0.552.302 \n * Google Chrome 8.0.552.303 \n * Google Chrome 8.0.552.304 \n * Google Chrome 8.0.552.305 \n * Google Chrome 8.0.552.306 \n * Google Chrome 8.0.552.307 \n * Google Chrome 8.0.552.308 \n * Google Chrome 8.0.552.309 \n * Google Chrome 8.0.552.310 \n * Google Chrome 8.0.552.344 \n * Google Chrome 9 \n * Google Chrome 9.0.597.107 \n * Google Chrome 9.0.597.84 \n * Google Chrome 9.0.597.94 \n * HP HP-UX B.11.11 \n * HP HP-UX B.11.23 \n * HP HP-UX B.11.31 \n * Hitachi Cosminexus Application Server 05-00 (AIX) \n * Hitachi Cosminexus Application Server 05-00 (Windows) \n * Hitachi Cosminexus Application Server 05-00-/I (Windows) \n * Hitachi Cosminexus Application Server 05-00-/S (AIX) \n * Hitachi Cosminexus Application Server 05-01 (Windows) \n * Hitachi Cosminexus Application Server 05-01-/L (Windows) \n * Hitachi Cosminexus Application Server 05-02 (HP-UX) \n * Hitachi Cosminexus Application Server 05-02-/E (HP-UX) \n * Hitachi Cosminexus Application Server 05-05 (AIX) \n * Hitachi Cosminexus Application Server 05-05 (HP-UX) \n * Hitachi Cosminexus Application Server 05-05 (Linux) \n * Hitachi Cosminexus Application Server 05-05 (Windows) \n * Hitachi Cosminexus Application Server 05-05-/I (HP-UX) \n * Hitachi Cosminexus Application Server 05-05-/I (Linux) \n * Hitachi Cosminexus Application Server 05-05-/O (AIX) \n * Hitachi Cosminexus Application Server 05-05-/R (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/E (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/E (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/I (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/I (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-02 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-02 (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-02 (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/D (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/F (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/G (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (Solaris) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/C (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/C (Solaris) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/F (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/F (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/I (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-51 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-51 (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-51 (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/E (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/N (Windows) \n * Hitachi Cosminexus Application Server Standard 06-00 (AIX) \n * Hitachi Cosminexus Application Server Standard 06-00 (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00 (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-00 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00 (Linux) \n * Hitachi Cosminexus Application Server Standard 06-00 (Windows) \n * Hitachi Cosminexus Application Server Standard 06-00-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00-/E (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-00-/E (Linux) \n * Hitachi Cosminexus Application Server Standard 06-00-/I (AIX) \n * Hitachi Cosminexus Application Server Standard 06-00-/I (Windows) \n * Hitachi Cosminexus Application Server Standard 06-02 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-02 (Linux) \n * Hitachi Cosminexus Application Server Standard 06-02 (Windows) \n * Hitachi Cosminexus Application Server Standard 06-02-/D (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-02-/F (Linux) \n * Hitachi Cosminexus Application Server Standard 06-02-/G (Windows) \n * Hitachi Cosminexus Application Server Standard 06-50 (AIX) \n * Hitachi Cosminexus Application Server Standard 06-50 (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50 (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-50 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50 (Linux) \n * Hitachi Cosminexus Application Server Standard 06-50 (Solaris) \n * Hitachi Cosminexus Application Server Standard 06-50 (Windows) \n * Hitachi Cosminexus Application Server Standard 06-50-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50-/C (Linux) \n * Hitachi Cosminexus Application Server Standard 06-50-/C (Solaris) \n * Hitachi Cosminexus Application Server Standard 06-50-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50-/F (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-50-/F (Windows) \n * Hitachi Cosminexus Application Server Standard 06-50-/I (AIX) \n * Hitachi Cosminexus Application Server Standard 06-51 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-51 (Linux) \n * Hitachi Cosminexus Application Server Standard 06-51 (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-51-/E (Linux) \n * Hitachi Cosminexus Application Server Standard 06-51-/N (Windows) \n * Hitachi Cosminexus Client 06-00 (AIX) \n * Hitachi Cosminexus Client 06-00 (HP-UX(IPF)) \n * Hitachi Cosminexus Client 06-00 (HP-UX) \n * Hitachi Cosminexus Client 06-00 (Linux(IPF)) \n * Hitachi Cosminexus Client 06-00 (Linux) \n * Hitachi Cosminexus Client 06-00 (Windows) \n * Hitachi Cosminexus Client 06-00-/B (Linux(IPF)) \n * Hitachi Cosminexus Client 06-00-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Client 06-00-/E (HP-UX) \n * Hitachi Cosminexus Client 06-00-/E (Linux) \n * Hitachi Cosminexus Client 06-00-/I (AIX) \n * Hitachi Cosminexus Client 06-00-/I (Windows) \n * Hitachi Cosminexus Client 06-02 (Linux(IPF)) \n * Hitachi Cosminexus Client 06-02 (Linux) \n * Hitachi Cosminexus Client 06-02 (Windows) \n * Hitachi Cosminexus Client 06-02-/D (Linux(IPF)) \n * Hitachi Cosminexus Client 06-02-/F (Linux) \n * Hitachi Cosminexus Client 06-02-/G (Windows) \n * Hitachi Cosminexus Client 06-50 (AIX) \n * Hitachi Cosminexus Client 06-50 (HP-UX(IPF)) \n * Hitachi Cosminexus Client 06-50 (HP-UX) \n * Hitachi Cosminexus Client 06-50 (Linux(IPF)) \n * Hitachi Cosminexus Client 06-50 (Linux) \n * Hitachi Cosminexus Client 06-50 (Solaris) \n * Hitachi Cosminexus Client 06-50 (Windows) \n * Hitachi Cosminexus Client 06-50-/B (Linux(IPF)) \n * Hitachi Cosminexus Client 06-50-/C (Linux) \n * Hitachi Cosminexus Client 06-50-/C (Solaris) \n * Hitachi Cosminexus Client 06-50-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Client 06-50-/F (HP-UX) \n * Hitachi Cosminexus Client 06-50-/F (Windows) \n * Hitachi Cosminexus Client 06-50-/I (AIX) \n * Hitachi Cosminexus Client 06-51 (Linux(IPF)) \n * Hitachi Cosminexus Client 06-51 (Linux) \n * Hitachi Cosminexus Client 06-51 (Windows) \n * Hitachi Cosminexus Client 06-51-/B (Linux(IPF)) \n * Hitachi Cosminexus Client 06-51-/E (Linux) \n * Hitachi Cosminexus Client 06-51-/N (Windows) \n * Hitachi Cosminexus Developer 05-00 (AIX) \n * Hitachi Cosminexus Developer 05-00 (Windows) \n * Hitachi Cosminexus Developer 05-00-/I (Windows) \n * Hitachi Cosminexus Developer 05-00-/S (AIX) \n * Hitachi Cosminexus Developer 05-01 (Windows) \n * Hitachi Cosminexus Developer 05-01-/L (Windows) \n * Hitachi Cosminexus Developer 05-02 (HP-UX) \n * Hitachi Cosminexus Developer 05-02-/E (HP-UX) \n * Hitachi Cosminexus Developer 05-05 (AIX) \n * Hitachi Cosminexus Developer 05-05 (HP-UX) \n * Hitachi Cosminexus Developer 05-05 (Linux) \n * Hitachi Cosminexus Developer 05-05 (Windows) \n * Hitachi Cosminexus Developer 05-05-/I (HP-UX) \n * Hitachi Cosminexus Developer 05-05-/I (Linux) \n * Hitachi Cosminexus Developer 05-05-/O (AIX) \n * Hitachi Cosminexus Developer 05-05-/R (Windows) \n * Hitachi Cosminexus Developer Light 06-00 (Windows) \n * Hitachi Cosminexus Developer Light 06-00-/I (Windows) \n * Hitachi Cosminexus Developer Light 06-02 (Windows) \n * Hitachi Cosminexus Developer Light 06-02-/G (Windows) \n * Hitachi Cosminexus Developer Light 06-50 (Windows) \n * Hitachi Cosminexus Developer Light 06-50-/F (Windows) \n * Hitachi Cosminexus Developer Light 06-51 (Windows) \n * Hitachi Cosminexus Developer Professional 06-00 (AIX) \n * Hitachi Cosminexus Developer Professional 06-00 (HP-UX(IPF)) \n * Hitachi Cosminexus Developer Professional 06-00 (HP-UX) \n * Hitachi Cosminexus Developer Professional 06-00 (Linux(IPF)) \n * Hitachi Cosminexus Developer Professional 06-00 (Linux) \n * Hitachi Cosminexus Developer Professional 06-00 (Windows) \n * Hitachi Cosminexus Developer Professional 06-00-/B (Linux(IPF)) \n * Hitachi Cosminexus Developer Professional 06-00-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Developer Professional 06-00-/E (HP-UX) \n * Hitachi Cosminexus Developer Professional 06-00-/E (Linux) \n * Hitachi Cosminexus Developer Professional 06-00-/I (AIX) \n * Hitachi Cosminexus Developer Professional 06-00-/I (Windows) \n * Hitachi Cosminexus Developer Professional 06-02 (Linux(IPF)) \n * Hitachi Cosminexus Developer Professional 06-02 (Linux) \n * Hitachi Cosminexus Developer Professional 06-02 (Windows) \n * Hitachi Cosminexus Developer Professional 06-02-/D (Linux(IPF)) \n * Hitachi Cosminexus Developer Professional 06-02-/F (Linux) \n * Hitachi Cosminexus Developer Professional 06-02-/G (Windows) \n * Hitachi Cosminexus Developer Professional 06-50 (AIX) \n * Hitachi Cosminexus Developer Professional 06-50 (HP-UX(IPF)) \n * Hitachi Cosminexus Developer Professional 06-50 (HP-UX) \n * Hitachi Cosminexus Developer Professional 06-50 (Linux(IPF)) \n * Hitachi Cosminexus Developer Professional 06-50 (Linux) \n * Hitachi Cosminexus Developer Professional 06-50 (Solaris) \n * Hitachi Cosminexus Developer Professional 06-50 (Windows) \n * Hitachi Cosminexus Developer Professional 06-50-/B (Linux(IPF)) \n * Hitachi Cosminexus Developer Professional 06-50-/C (Linux) \n * Hitachi Cosminexus Developer Professional 06-50-/C (Solaris) \n * Hitachi Cosminexus Developer Professional 06-50-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Developer Professional 06-50-/F (HP-UX) \n * Hitachi Cosminexus Developer Professional 06-50-/F (Windows) \n * Hitachi Cosminexus Developer Professional 06-50-/I (AIX) \n * Hitachi Cosminexus Developer Professional 06-51 (Linux(IPF)) \n * Hitachi Cosminexus Developer Professional 06-51 (Linux) \n * Hitachi Cosminexus Developer Professional 06-51 (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/B (Linux(IPF)) \n * Hitachi Cosminexus Developer Professional 06-51-/E (Linux) \n * Hitachi Cosminexus Developer Professional 06-51-/N (Windows) \n * Hitachi Cosminexus Developer Standard 06-00 (Windows) \n * Hitachi Cosminexus Developer Standard 06-00-/I (Windows) \n * Hitachi Cosminexus Developer Standard 06-02 (Windows) \n * Hitachi Cosminexus Developer Standard 06-02-/G (Windows) \n * Hitachi Cosminexus Developer Standard 06-50 (Windows) \n * Hitachi Cosminexus Developer Standard 06-50-/F (Windows) \n * Hitachi Cosminexus Developer Standard 06-51 (Windows) \n * Hitachi Cosminexus Primary Server Base 06-00 (AIX) \n * Hitachi Cosminexus Primary Server Base 06-00 (HP-UX(IPF)) \n * Hitachi Cosminexus Primary Server Base 06-00 (HP-UX) \n * Hitachi Cosminexus Primary Server Base 06-00 (Linux(IPF)) \n * Hitachi Cosminexus Primary Server Base 06-00 (Linux) \n * Hitachi Cosminexus Primary Server Base 06-00 (Windows) \n * Hitachi Cosminexus Primary Server Base 06-00-/B (Linux(IPF)) \n * Hitachi Cosminexus Primary Server Base 06-00-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Primary Server Base 06-00-/E (HP-UX) \n * Hitachi Cosminexus Primary Server Base 06-00-/E (Linux) \n * Hitachi Cosminexus Primary Server Base 06-00-/I (AIX) \n * Hitachi Cosminexus Primary Server Base 06-00-/I (Windows) \n * Hitachi Cosminexus Primary Server Base 06-02 (Linux(IPF)) \n * Hitachi Cosminexus Primary Server Base 06-02 (Linux) \n * Hitachi Cosminexus Primary Server Base 06-02 (Windows) \n * Hitachi Cosminexus Primary Server Base 06-02-/D (Linux(IPF)) \n * Hitachi Cosminexus Primary Server Base 06-02-/F (Linux) \n * Hitachi Cosminexus Primary Server Base 06-02-/G (Windows) \n * Hitachi Cosminexus Primary Server Base 06-50 (AIX) \n * Hitachi Cosminexus Primary Server Base 06-50 (HP-UX(IPF)) \n * Hitachi Cosminexus Primary Server Base 06-50 (HP-UX) \n * Hitachi Cosminexus Primary Server Base 06-50 (Linux(IPF)) \n * Hitachi Cosminexus Primary Server Base 06-50 (Linux) \n * Hitachi Cosminexus Primary Server Base 06-50 (Solaris) \n * Hitachi Cosminexus Primary Server Base 06-50 (Windows) \n * Hitachi Cosminexus Primary Server Base 06-50-/B (Linux(IPF)) \n * Hitachi Cosminexus Primary Server Base 06-50-/C (Linux) \n * Hitachi Cosminexus Primary Server Base 06-50-/C (Solaris) \n * Hitachi Cosminexus Primary Server Base 06-50-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Primary Server Base 06-50-/F (HP-UX) \n * Hitachi Cosminexus Primary Server Base 06-50-/F (Windows) \n * Hitachi Cosminexus Primary Server Base 06-50-/I (AIX) \n * Hitachi Cosminexus Primary Server Base 06-51 (Linux(IPF)) \n * Hitachi Cosminexus Primary Server Base 06-51 (Linux) \n * Hitachi Cosminexus Primary Server Base 06-51 (Windows) \n * Hitachi Cosminexus Primary Server Base 06-51-/B (Linux(IPF)) \n * Hitachi Cosminexus Primary Server Base 06-51-/E (Linux) \n * Hitachi Cosminexus Primary Server Base 06-51-/N (Windows) \n * Hitachi Cosminexus Studio 05-00 (AIX) \n * Hitachi Cosminexus Studio 05-00 (Windows) \n * Hitachi Cosminexus Studio 05-00-/I (Windows) \n * Hitachi Cosminexus Studio 05-00-/S (AIX) \n * Hitachi Cosminexus Studio 05-01 (Windows) \n * Hitachi Cosminexus Studio 05-01-/L (Windows) \n * Hitachi Cosminexus Studio 05-02 (HP-UX) \n * Hitachi Cosminexus Studio 05-02-/E (HP-UX) \n * Hitachi Cosminexus Studio 05-05 (AIX) \n * Hitachi Cosminexus Studio 05-05 (HP-UX) \n * Hitachi Cosminexus Studio 05-05 (Linux) \n * Hitachi Cosminexus Studio 05-05 (Windows) \n * Hitachi Cosminexus Studio 05-05-/I (HP-UX) \n * Hitachi Cosminexus Studio 05-05-/I (Linux) \n * Hitachi Cosminexus Studio 05-05-/O (AIX) \n * Hitachi Cosminexus Studio 05-05-/R (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (Solaris) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (Windows(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/A (Windows(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/E (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/F (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/F (Solaris) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/F (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/I (Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/P (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/Q (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-71 (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-71 (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/I (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/M (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-72 (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-72-/D (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 07-00 (AIX) \n * Hitachi uCosminexus Application Server Enterprise 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 07-00 (Linux) \n * Hitachi uCosminexus Application Server Enterprise 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Application Server Enterprise 07-00 (Windows) \n * Hitachi uCosminexus Application Server Enterprise 07-10 (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Application Server Enterprise 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Application Server Enterprise 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 08-50 (Windows(x64)) \n * Hitachi uCosminexus Application Server Enterprise 09-00 (AIX) \n * Hitachi uCosminexus Application Server Enterprise 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 09-50 (Windows) \n * Hitachi uCosminexus Application Server Express 07-00 (AIX) \n * Hitachi uCosminexus Application Server Express 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Express 07-00 (Linux) \n * Hitachi uCosminexus Application Server Express 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Application Server Express 07-00 (Windows) \n * Hitachi uCosminexus Application Server Express 07-10 (HP-UX) \n * Hitachi uCosminexus Application Server Express 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Express 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Application Server Express 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Application Server Express 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Express 08-50 (Windows(x64)) \n * Hitachi uCosminexus Application Server Express 09-00 (AIX) \n * Hitachi uCosminexus Application Server Express 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Express 09-50 (Windows(x64)) \n * Hitachi uCosminexus Application Server Express 09-50 (Windows) \n * Hitachi uCosminexus Application Server Light 07-00 (AIX) \n * Hitachi uCosminexus Application Server Light 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Light 07-00 (Linux) \n * Hitachi uCosminexus Application Server Light 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Application Server Light 07-00 (Windows) \n * Hitachi uCosminexus Application Server Light 07-10 (HP-UX) \n * Hitachi uCosminexus Application Server Light 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Light 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Application Server Light 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Application Server Light 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Light 08-50 (Windows(x64)) \n * Hitachi uCosminexus Application Server Light 09-00 (AIX) \n * Hitachi uCosminexus Application Server Light 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Light 09-50 (Windows(x64)) \n * Hitachi uCosminexus Application Server Light 09-50 (Windows) \n * Hitachi uCosminexus Application Server Smart Edition 07-00 (AIX) \n * Hitachi uCosminexus Application Server Smart Edition 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Smart Edition 07-00 (Linux) \n * Hitachi uCosminexus Application Server Smart Edition 07-00 (Windows) \n * Hitachi uCosminexus Application Server Smart Edition 07-10 (HP-UX) \n * Hitachi uCosminexus Application Server Smart Edition 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Smart Edition 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Application Server Smart Edition 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Application Server Smart Edition 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70 (AIX) \n * Hitachi uCosminexus Application Server Standard 06-70 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70 (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-70 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70 (Linux) \n * Hitachi uCosminexus Application Server Standard 06-70 (Solaris) \n * Hitachi uCosminexus Application Server Standard 06-70 (Windows(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70 (Windows) \n * Hitachi uCosminexus Application Server Standard 06-70-/A (Windows(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/E (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-70-/F (Linux) \n * Hitachi uCosminexus Application Server Standard 06-70-/F (Solaris) \n * Hitachi uCosminexus Application Server Standard 06-70-/F (Windows) \n * Hitachi uCosminexus Application Server Standard 06-70-/P (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/Q (AIX) \n * Hitachi uCosminexus Application Server Standard 06-71 (Linux) \n * Hitachi uCosminexus Application Server Standard 06-71 (Windows) \n * Hitachi uCosminexus Application Server Standard 06-71-/I (Linux) \n * Hitachi uCosminexus Application Server Standard 06-72 (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-72-/D (HP-UX) \n * Hitachi uCosminexus Application Server Standard 07-00 (AIX) \n * Hitachi uCosminexus Application Server Standard 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 07-00 (Linux) \n * Hitachi uCosminexus Application Server Standard 07-00 (Windows) \n * Hitachi uCosminexus Application Server Standard 07-10 (HP-UX) \n * Hitachi uCosminexus Application Server Standard 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Application Server Standard 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Application Server Standard 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard 09-00 (AIX) \n * Hitachi uCosminexus Application Server Standard-R 07-00 (AIX) \n * Hitachi uCosminexus Application Server Standard-R 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard-R 07-00 (Linux) \n * Hitachi uCosminexus Application Server Standard-R 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Application Server Standard-R 07-00 (Windows) \n * Hitachi uCosminexus Application Server Standard-R 07-10 (HP-UX) \n * Hitachi uCosminexus Application Server Standard-R 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard-R 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Application Server Standard-R 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Application Server Standard-R 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard-R 08-50 (Windows(x64)) \n * Hitachi uCosminexus Application Server Standard-R 09-00 (AIX) \n * Hitachi uCosminexus Application Server Standard-R 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard-R 09-50 (Windows(x64)) \n * Hitachi uCosminexus Application Server Standard-R 09-50 (Windows) \n * Hitachi uCosminexus Client 06-70 (AIX) \n * Hitachi uCosminexus Client 06-70 (HP-UX(IPF)) \n * Hitachi uCosminexus Client 06-70 (HP-UX) \n * Hitachi uCosminexus Client 06-70 (Linux(IPF)) \n * Hitachi uCosminexus Client 06-70 (Linux) \n * Hitachi uCosminexus Client 06-70 (Solaris) \n * Hitachi uCosminexus Client 06-70 (Windows(IPF)) \n * Hitachi uCosminexus Client 06-70 (Windows) \n * Hitachi uCosminexus Client 06-70-/A (Windows(IPF)) \n * Hitachi uCosminexus Client 06-70-/E (HP-UX) \n * Hitachi uCosminexus Client 06-70-/F (Linux) \n * Hitachi uCosminexus Client 06-70-/F (Solaris) \n * Hitachi uCosminexus Client 06-70-/F (Windows) \n * Hitachi uCosminexus Client 06-70-/I (Linux(IPF)) \n * Hitachi uCosminexus Client 06-70-/P (HP-UX(IPF)) \n * Hitachi uCosminexus Client 06-70-/Q (AIX) \n * Hitachi uCosminexus Client 06-71 (Linux) \n * Hitachi uCosminexus Client 06-71 (Windows) \n * Hitachi uCosminexus Client 06-71-/I (Linux) \n * Hitachi uCosminexus Client 06-71-/M (Windows) \n * Hitachi uCosminexus Client 06-72 (HP-UX) \n * Hitachi uCosminexus Client 06-72-/D (HP-UX) \n * Hitachi uCosminexus Client 07-00 (AIX) \n * Hitachi uCosminexus Client 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Client 07-00 (Linux) \n * Hitachi uCosminexus Client 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Client 07-00 (Windows) \n * Hitachi uCosminexus Client 07-10 (HP-UX) \n * Hitachi uCosminexus Client 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Client 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Client 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Client 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Client 08-50 (Windows(x64)) \n * Hitachi uCosminexus Client 09-00 (AIX) \n * Hitachi uCosminexus Client 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Client 09-50 (Windows(x64)) \n * Hitachi uCosminexus Client 09-50 (Windows) \n * Hitachi uCosminexus Client for Plug-in 07-00 (AIX) \n * Hitachi uCosminexus Client for Plug-in 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Client for Plug-in 07-00 (Linux) \n * Hitachi uCosminexus Client for Plug-in 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Client for Plug-in 07-00 (Windows) \n * Hitachi uCosminexus Client for Plug-in 07-10 (HP-UX) \n * Hitachi uCosminexus Client for Plug-in 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Client for Plug-in 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Client for Plug-in 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Client for Plug-in 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Client for Plug-in 08-50 (Windows(x64)) \n * Hitachi uCosminexus Client for Plug-in 09-00 (AIX) \n * Hitachi uCosminexus Client for Plug-in 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Client for Plug-in 09-50 (Windows(x64)) \n * Hitachi uCosminexus Client for Plug-in 09-50 (Windows) \n * Hitachi uCosminexus Developer 01 07-00 (AIX) \n * Hitachi uCosminexus Developer 01 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Developer 01 07-00 (Linux) \n * Hitachi uCosminexus Developer 01 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Developer 01 07-00 (Windows) \n * Hitachi uCosminexus Developer 01 07-10 (HP-UX) \n * Hitachi uCosminexus Developer 01 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Developer 01 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Developer 01 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Developer 01 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Developer 01 08-50 (Windows(x64)) \n * Hitachi uCosminexus Developer 01 09-00 (AIX) \n * Hitachi uCosminexus Developer 01 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Developer 01 09-50 (Windows(x64)) \n * Hitachi uCosminexus Developer 01 09-50 (Windows) \n * Hitachi uCosminexus Developer Light 06-70 (Windows) \n * Hitachi uCosminexus Developer Light 06-70-/F (Windows) \n * Hitachi uCosminexus Developer Light 06-71 (Windows) \n * Hitachi uCosminexus Developer Light 07-00 (AIX) \n * Hitachi uCosminexus Developer Light 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Developer Light 07-00 (Linux) \n * Hitachi uCosminexus Developer Light 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Developer Light 07-00 (Windows) \n * Hitachi uCosminexus Developer Light 07-10 (HP-UX) \n * Hitachi uCosminexus Developer Light 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Developer Light 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Developer Light 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Developer Light 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Developer Light 08-50 (Windows(x64)) \n * Hitachi uCosminexus Developer Light 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Developer Professional 06-70 (Windows) \n * Hitachi uCosminexus Developer Professional 06-70-/F (Windows) \n * Hitachi uCosminexus Developer Professional 06-71 (Windows) \n * Hitachi uCosminexus Developer Professional 07-00 (Windows) \n * Hitachi uCosminexus Developer Professional for Plug-in 07-00 (AIX) \n * Hitachi uCosminexus Developer Professional for Plug-in 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Developer Professional for Plug-in 07-00 (Linux) \n * Hitachi uCosminexus Developer Professional for Plug-in 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Developer Professional for Plug-in 07-00 (Windows) \n * Hitachi uCosminexus Developer Professional for Plug-in 07-10 (HP-UX) \n * Hitachi uCosminexus Developer Professional for Plug-in 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Developer Professional for Plug-in 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Developer Professional for Plug-in 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Developer Professional for Plug-in 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Developer Professional for Plug-in 08-50 (Windows(x64)) \n * Hitachi uCosminexus Developer Professional for Plug-in 09-00 (AIX) \n * Hitachi uCosminexus Developer Professional for Plug-in 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Developer Professional for Plug-in 09-50 (Windows(x64)) \n * Hitachi uCosminexus Developer Professional for Plug-in 09-50 (Windows) \n * Hitachi uCosminexus Developer Standard 06-70 (AIX) \n * Hitachi uCosminexus Developer Standard 06-70 (HP-UX(IPF)) \n * Hitachi uCosminexus Developer Standard 06-70 (HP-UX) \n * Hitachi uCosminexus Developer Standard 06-70 (Linux(IPF)) \n * Hitachi uCosminexus Developer Standard 06-70 (Linux) \n * Hitachi uCosminexus Developer Standard 06-70 (Solaris) \n * Hitachi uCosminexus Developer Standard 06-70 (Windows(IPF)) \n * Hitachi uCosminexus Developer Standard 06-70 (Windows) \n * Hitachi uCosminexus Developer Standard 06-70-/A (Windows(IPF)) \n * Hitachi uCosminexus Developer Standard 06-70-/E (HP-UX) \n * Hitachi uCosminexus Developer Standard 06-70-/F (Linux) \n * Hitachi uCosminexus Developer Standard 06-70-/F (Solaris) \n * Hitachi uCosminexus Developer Standard 06-70-/F (Windows) \n * Hitachi uCosminexus Developer Standard 06-70-/I (Linux(IPF)) \n * Hitachi uCosminexus Developer Standard 06-70-/P (HP-UX(IPF)) \n * Hitachi uCosminexus Developer Standard 06-70-/Q (AIX) \n * Hitachi uCosminexus Developer Standard 06-71 (Linux) \n * Hitachi uCosminexus Developer Standard 06-71 (Windows) \n * Hitachi uCosminexus Developer Standard 06-71-/I (Linux) \n * Hitachi uCosminexus Developer Standard 06-71-/M (Windows) \n * Hitachi uCosminexus Developer Standard 06-72 (HP-UX) \n * Hitachi uCosminexus Developer Standard 06-72-/D (HP-UX) \n * Hitachi uCosminexus Developer Standard 07-00 (Windows) \n * Hitachi uCosminexus Operator 07-00 (AIX) \n * Hitachi uCosminexus Operator 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Operator 07-00 (Linux) \n * Hitachi uCosminexus Operator 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Operator 07-00 (Windows) \n * Hitachi uCosminexus Operator 07-10 (HP-UX) \n * Hitachi uCosminexus Operator 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Operator 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Operator 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Operator 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Operator 08-50 (Windows(x64)) \n * Hitachi uCosminexus Operator 09-00 (AIX) \n * Hitachi uCosminexus Operator 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Operator 09-50 (Windows(x64)) \n * Hitachi uCosminexus Operator 09-50 (Windows) \n * Hitachi uCosminexus Primary Server Base 07-00 (AIX) \n * Hitachi uCosminexus Primary Server Base 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Primary Server Base 07-00 (Linux) \n * Hitachi uCosminexus Primary Server Base 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Primary Server Base 07-00 (Windows) \n * Hitachi uCosminexus Primary Server Base 07-10 (HP-UX) \n * Hitachi uCosminexus Primary Server Base 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Primary Server Base 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Primary Server Base 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Primary Server Base 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Primary Server Base 08-50 (Windows(x64)) \n * Hitachi uCosminexus Primary Server Base 09-00 (AIX) \n * Hitachi uCosminexus Primary Server Base 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Primary Server Base 09-50 (Windows(x64)) \n * Hitachi uCosminexus Primary Server Base 09-50 (Windows) \n * Hitachi uCosminexus Primary Server Base 09-60 (Linux) \n * Hitachi uCosminexus Service Architect 07-00 (AIX) \n * Hitachi uCosminexus Service Architect 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Service Architect 07-00 (Linux) \n * Hitachi uCosminexus Service Architect 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Service Architect 07-00 (Windows) \n * Hitachi uCosminexus Service Architect 07-10 (HP-UX) \n * Hitachi uCosminexus Service Architect 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Service Architect 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Service Architect 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Service Architect 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Service Architect 08-50 (Windows(x64)) \n * Hitachi uCosminexus Service Architect 09-00 (AIX) \n * Hitachi uCosminexus Service Architect 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Service Architect 09-50 (Windows(x64)) \n * Hitachi uCosminexus Service Architect 09-50 (Windows) \n * Hitachi uCosminexus Service Architect 09-60 (Linux) \n * Hitachi uCosminexus Service Platform - Messaging 07-00 (AIX) \n * Hitachi uCosminexus Service Platform - Messaging 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Service Platform - Messaging 07-00 (Linux) \n * Hitachi uCosminexus Service Platform - Messaging 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Service Platform - Messaging 07-00 (Windows) \n * Hitachi uCosminexus Service Platform - Messaging 07-10 (HP-UX) \n * Hitachi uCosminexus Service Platform - Messaging 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Service Platform - Messaging 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Service Platform - Messaging 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Service Platform - Messaging 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Service Platform - Messaging 08-50 (Windows(x64)) \n * Hitachi uCosminexus Service Platform - Messaging 09-00 (AIX) \n * Hitachi uCosminexus Service Platform - Messaging 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Service Platform - Messaging 09-50 (Windows(x64)) \n * Hitachi uCosminexus Service Platform - Messaging 09-50 (Windows) \n * Hitachi uCosminexus Service Platform 07-00 (AIX) \n * Hitachi uCosminexus Service Platform 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Service Platform 07-00 (Linux) \n * Hitachi uCosminexus Service Platform 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Service Platform 07-00 (Windows) \n * Hitachi uCosminexus Service Platform 07-10 (HP-UX) \n * Hitachi uCosminexus Service Platform 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Service Platform 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Service Platform 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Service Platform 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Service Platform 08-50 (Windows(x64)) \n * Hitachi uCosminexus Service Platform 09-00 (AIX) \n * Hitachi uCosminexus Service Platform 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Service Platform 09-50 (Windows(x64)) \n * Hitachi uCosminexus Service Platform 09-50 (Windows) \n * Hitachi uCosminexus Service Platform 09-60 (Linux) \n * Huawei eSpace IVS V100R001 \n * IBM AIX 5.3 \n * IBM AIX 6.1 \n * IBM AIX 7.1 \n * IBM CICS Transaction Gateway 7.0 \n * IBM CICS Transaction Gateway 7.1 \n * IBM CICS Transaction Gateway 7.2 \n * IBM CICS Transaction Gateway 8.0 \n * IBM CICS Transaction Gateway 8.1 \n * IBM CICS Transaction Gateway 9.0 \n * IBM Endpoint Manager for Remote Control 9.0.0 \n * IBM Endpoint Manager for Remote Control 9.0.1 \n * IBM Endpoint Manager for Remote Control 9.1.0 \n * IBM Forms Viewer 4.0 \n * IBM Forms Viewer 4.0.0 \n * IBM Forms Viewer 4.0.0.1 \n * IBM Forms Viewer 4.0.0.2 \n * IBM Forms Viewer 4.0.0.3 \n * IBM Forms Viewer 8.0 \n * IBM Forms Viewer 8.0.0 \n * IBM Forms Viewer 8.0.1 \n * IBM Forms Viewer 8.0.1.1 \n * IBM Lotus Domino 8.5.0 \n * IBM Lotus Domino 8.5.1 \n * IBM Lotus Domino 8.5.2 \n * IBM Lotus Domino 8.5.3 \n * IBM Lotus Domino 9.0.1.0 \n * IBM Lotus Domino 9.0.1.1 \n * IBM Maximo Asset Management 7.1.1 \n * IBM Maximo Asset Management 7.5 \n * IBM Rational DOORS Next Generation 4.0.0 \n * IBM Rational DOORS Next Generation 4.0.1 \n * IBM Rational DOORS Next Generation 4.0.2 \n * IBM Rational DOORS Next Generation 4.0.3 \n * IBM Rational DOORS Next Generation 4.0.4 \n * IBM Rational DOORS Next Generation 4.0.5 \n * IBM Rational DOORS Next Generation 4.0.6 \n * IBM Rational DOORS Next Generation 5.0 \n * IBM Rational Engineering Lifecycle Manager 1.0 \n * IBM Rational Engineering Lifecycle Manager 1.0.0.1 \n * IBM Rational Engineering Lifecycle Manager 4.0.3 \n * IBM Rational Engineering Lifecycle Manager 4.0.4 \n * IBM Rational Engineering Lifecycle Manager 4.0.5 \n * IBM Rational Engineering Lifecycle Manager 4.0.6 \n * IBM Rational Functional Tester 8.0 \n * IBM Rational Functional Tester 8.0.0.1 \n * IBM Rational Functional Tester 8.0.0.2 \n * IBM Rational Functional Tester 8.0.0.3 \n * IBM Rational Functional Tester 8.0.0.4 \n * IBM Rational Functional Tester 8.1 \n * IBM Rational Functional Tester 8.1.0.1 \n * IBM Rational Functional Tester 8.1.0.2 \n * IBM Rational Functional Tester 8.1.0.3 \n * IBM Rational Functional Tester 8.1.1 \n * IBM Rational Functional Tester 8.1.1.1 \n * IBM Rational Functional Tester 8.1.1.2 \n * IBM Rational Functional Tester 8.1.1.3 \n * IBM Rational Functional Tester 8.2 \n * IBM Rational Functional Tester 8.2.0.2 \n * IBM Rational Functional Tester 8.2.1 \n * IBM Rational Functional Tester 8.2.1.1 \n * IBM Rational Functional Tester 8.2.2 \n * IBM Rational Functional Tester 8.2.2.1 \n * IBM Rational Functional Tester 8.3 \n * IBM Rational Functional Tester 8.3.0.1 \n * IBM Rational Functional Tester 8.3.0.2 \n * IBM Rational Functional Tester 8.5 \n * IBM Rational Functional Tester 8.5.0.1 \n * IBM Rational Functional Tester 8.5.1 \n * IBM Rational Functional Tester 8.5.1.1 \n * IBM Rational Functional Tester 8.5.1.2 \n * IBM Rational Quality Manager 2.0 \n * IBM Rational Quality Manager 2.0.1 \n * IBM Rational Quality Manager 3.0 \n * IBM Rational Quality Manager 3.0.1.1 \n * IBM Rational Quality Manager 3.0.1.2 \n * IBM Rational Quality Manager 3.0.1.3 \n * IBM Rational Quality Manager 3.0.1.4 \n * IBM Rational Quality Manager 3.0.1.5 \n * IBM Rational Quality Manager 3.0.1.6 \n * IBM Rational Quality Manager 4.0 \n * IBM Rational Quality Manager 4.0.1 \n * IBM Rational Quality Manager 4.0.2 \n * IBM Rational Quality Manager 4.0.3 \n * IBM Rational Quality Manager 4.0.4 \n * IBM Rational Quality Manager 4.0.5 \n * IBM Rational Quality Manager 4.0.6 \n * IBM Rational Quality Manager 5.0 \n * IBM Rational Requirements Composer 2.0 \n * IBM Rational Requirements Composer 2.0.0.1 \n * IBM Rational Requirements Composer 2.0.0.2 \n * IBM Rational Requirements Composer 2.0.0.4 \n * IBM Rational Requirements Composer 3.0 \n * IBM Rational Requirements Composer 3.0.1 \n * IBM Rational Requirements Composer 3.0.1.1 \n * IBM Rational Requirements Composer 3.0.1.2 \n * IBM Rational Requirements Composer 3.0.1.3 \n * IBM Rational Requirements Composer 3.0.1.4 \n * IBM Rational Requirements Composer 3.0.1.5 \n * IBM Rational Requirements Composer 3.0.1.6 \n * IBM Rational Requirements Composer 4.0 \n * IBM Rational Requirements Composer 4.0.0 \n * IBM Rational Requirements Composer 4.0.1 \n * IBM Rational Requirements Composer 4.0.2 \n * IBM Rational Requirements Composer 4.0.3 \n * IBM Rational Requirements Composer 4.0.4 \n * IBM Rational Requirements Composer 4.0.5 \n * IBM Rational Requirements Composer 4.0.6 \n * IBM Rational Rhapsody Design Manager 3.0 \n * IBM Rational Rhapsody Design Manager 3.0.1 \n * IBM Rational Rhapsody Design Manager 4.0 \n * IBM Rational Rhapsody Design Manager 4.0.1 \n * IBM Rational Rhapsody Design Manager 4.0.2 \n * IBM Rational Rhapsody Design Manager 4.0.3 \n * IBM Rational Rhapsody Design Manager 4.0.4 \n * IBM Rational Rhapsody Design Manager 4.0.5 \n * IBM Rational Rhapsody Design Manager 4.0.6 \n * IBM Rational Rhpasody Design Manager 5.0 \n * IBM Rational Software Architect Design Manager 3.0 \n * IBM Rational Software Architect Design Manager 3.0.0 \n * IBM Rational Software Architect Design Manager 3.0.1 \n * IBM Rational Software Architect Design Manager 4.0.0 \n * IBM Rational Software Architect Design Manager 4.0.1 \n * IBM Rational Software Architect Design Manager 4.0.2 \n * IBM Rational Software Architect Design Manager 4.0.3 \n * IBM Rational Software Architect Design Manager 4.0.4 \n * IBM Rational Software Architect Design Manager 4.0.5 \n * IBM Rational Software Architect Design Manager 4.0.6 \n * IBM Rational Software Architect Design Manager 5.0 \n * IBM Rational Team Concert 2.0 \n * IBM Rational Team Concert 2.0.0.1 \n * IBM Rational Team Concert 2.0.0.2 \n * IBM Rational Team Concert 3.0 \n * IBM Rational Team Concert 3.0.1 \n * IBM Rational Team Concert 3.0.1.2 \n * IBM Rational Team Concert 3.0.1.3 \n * IBM Rational Team Concert 3.0.1.4 \n * IBM Rational Team Concert 3.0.1.5 \n * IBM Rational Team Concert 3.0.1.6 \n * IBM Rational Team Concert 4.0 \n * IBM Rational Team Concert 4.0.1 \n * IBM Rational Team Concert 4.0.2 \n * IBM Rational Team Concert 4.0.3 \n * IBM Rational Team Concert 4.0.4 \n * IBM Rational Team Concert 4.0.5 \n * IBM Rational Team Concert 4.0.6 \n * IBM Rational Team Concert 5.0 \n * IBM Security SiteProtector System 2.9 \n * IBM Security SiteProtector System 3.0 \n * IBM Security SiteProtector System 3.1 \n * IBM TS7720 Virtualization Engine 3957-VEA \n * IBM TS7740 Virtualization Engine 3957-V06 \n * IBM TS7740 Virtualization Engine 3957-V07 \n * IBM Tivoli Application Dependency Discovery Manager 7.1.2 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.0 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1.6 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.2 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.2.1 \n * IBM Tivoli Composite Application Manager for Transactions 7.1.0 \n * IBM Tivoli Composite Application Manager for Transactions 7.2.0 \n * IBM Tivoli Composite Application Manager for Transactions 7.3.0 \n * IBM Tivoli Composite Application Manager for Transactions 7.4 \n * IBM Tivoli Endpoint Manager for Remote Control 8.2 \n * IBM Tivoli Endpoint Manager for Remote Control 8.2.1 \n * IBM Tivoli Monitoring 6.2.0 \n * IBM Tivoli Monitoring 6.2.1 \n * IBM Tivoli Monitoring 6.2.2 \n * IBM Tivoli Monitoring 6.2.3 \n * IBM Tivoli Monitoring 6.3.0 \n * IBM Tivoli Storage Productivity Center 4.1.1 \n * IBM Tivoli Storage Productivity Center 4.2.0 \n * IBM Tivoli Storage Productivity Center 4.2.1 \n * IBM Tivoli Storage Productivity Center 4.2.1.185 \n * IBM Tivoli Storage Productivity Center 4.2.2 \n * IBM Tivoli Storage Productivity Center 4.2.2.143 \n * IBM Tivoli Storage Productivity Center 4.2.2.145 \n * IBM Tivoli Storage Productivity Center 4.2.2.177 \n * IBM Tivoli Storage Productivity Center 4.2.2.178 \n * IBM Tivoli Storage Productivity Center 5.1.0 \n * IBM Tivoli Storage Productivity Center 5.1.1 \n * IBM Tivoli Storage Productivity Center 5.1.1.0 \n * IBM Tivoli Storage Productivity Center 5.1.1.1 \n * IBM Tivoli Storage Productivity Center 5.1.1.2 \n * IBM Tivoli Storage Productivity Center 5.1.1.3 \n * IBM Tivoli Storage Productivity Center 5.1.1.4 \n * IBM Tivoli Storage Productivity Center 5.2.0 \n * IBM Tivoli Storage Productivity Center 5.2.1.0 \n * IBM Tivoli Storage Productivity Center 5.2.1.1 \n * IBM Tivoli Storage Productivity Center 5.2.2 \n * IBM Vios 2.1.2.13 \n * IBM Vios 2.2.0.10 \n * IBM Vios 2.2.0.12 \n * IBM Vios 2.2.0.13 \n * IBM Vios 2.2.1.0 \n * IBM Vios 2.2.1.1 \n * IBM Vios 2.2.1.3 \n * IBM Vios 2.2.1.4 \n * IBM Vios 2.2.1.8 \n * IBM Vios 2.2.1.9 \n * IBM Vios 2.2.2.0 \n * IBM Vios 2.2.2.0 \n * IBM Vios 2.2.2.4 \n * IBM Vios 2.2.2.5 \n * IBM Vios 2.2.3 \n * IBM Vios 2.2.3.0 \n * IBM Vios 2.2.3.2 \n * IBM Vios 2.2.3.3 \n * IBM Web Sphere Real Time 3 Service Refresh 6 Fix Pack 1 \n * IBM i 6.1 \n * IBM i 7.1 \n * IBM i 7.2.0 \n * Mandriva Business Server 1 \n * Mandriva Business Server 1 X86 64 \n * Mandriva Enterprise Server 5 \n * Mandriva Enterprise Server 5 X86 64 \n * Microsoft Mono Framework 4.8.1.0 \n * Microsoft Mono Framework 5.0.0.48 \n * Microsoft Silverlight 5.0 \n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n * Microsoft Windows Vista Service Pack 2 \n * Microsoft Windows Vista x64 Edition Service Pack 2 \n * Mozilla Firefox 0.1 \n * Mozilla Firefox 0.10.0 \n * Mozilla Firefox 0.10.1 \n * Mozilla Firefox 0.2 \n * Mozilla Firefox 0.3 \n * Mozilla Firefox 0.4 \n * Mozilla Firefox 0.5 \n * Mozilla Firefox 0.6 \n * Mozilla Firefox 0.6.1 \n * Mozilla Firefox 0.7 \n * Mozilla Firefox 0.8.0 \n * Mozilla Firefox 0.9.0 \n * Mozilla Firefox 0.9.0 Rc \n * Mozilla Firefox 0.9.1 \n * Mozilla Firefox 0.9.2 \n * Mozilla Firefox 0.9.3 \n * Mozilla Firefox 1.0 Preview Release \n * Mozilla Firefox 1.0.0 \n * Mozilla Firefox 1.0.1 \n * Mozilla Firefox 1.0.2 \n * Mozilla Firefox 1.0.3 \n * Mozilla Firefox 1.0.4 \n * Mozilla Firefox 1.0.5 \n * Mozilla Firefox 1.0.6 \n * Mozilla Firefox 1.0.7 \n * Mozilla Firefox 1.0.8 \n * Mozilla Firefox 1.4.1 \n * Mozilla Firefox 1.5.0 12 \n * Mozilla Firefox 1.5.0 \n * Mozilla Firefox 1.5.0 Beta 1 \n * Mozilla Firefox 1.5.0 Beta 2 \n * Mozilla Firefox 1.5.0.1 \n * Mozilla Firefox 1.5.0.10 \n * Mozilla Firefox 1.5.0.11 \n * Mozilla Firefox 1.5.0.2 \n * Mozilla Firefox 1.5.0.3 \n * Mozilla Firefox 1.5.0.4 \n * Mozilla Firefox 1.5.0.5 \n * Mozilla Firefox 1.5.0.6 \n * Mozilla Firefox 1.5.0.7 \n * Mozilla Firefox 1.5.0.8 \n * Mozilla Firefox 1.5.0.9 \n * Mozilla Firefox 1.5.1 \n * Mozilla Firefox 1.5.2 \n * Mozilla Firefox 1.5.3 \n * Mozilla Firefox 1.5.4 \n * Mozilla Firefox 1.5.5 \n * Mozilla Firefox 1.5.6 \n * Mozilla Firefox 1.5.7 \n * Mozilla Firefox 1.5.8 \n * Mozilla Firefox 1.8 \n * Mozilla Firefox 10 \n * Mozilla Firefox 10.0 \n * Mozilla Firefox 10.0.1 \n * Mozilla Firefox 10.0.2 \n * Mozilla Firefox 11.0 \n * Mozilla Firefox 12.0 \n * Mozilla Firefox 13.0 \n * Mozilla Firefox 14 \n * Mozilla Firefox 14.0 \n * Mozilla Firefox 14.01 \n * Mozilla Firefox 15 \n * Mozilla Firefox 15.0.1 \n * Mozilla Firefox 16 \n * Mozilla Firefox 16.0.1 \n * Mozilla Firefox 16.0.2 \n * Mozilla Firefox 17.0 \n * Mozilla Firefox 17.0.1 \n * Mozilla Firefox 18.0 \n * Mozilla Firefox 19.0 \n * Mozilla Firefox 19.0.2 \n * Mozilla Firefox 2.0 \n * Mozilla Firefox 2.0 Beta 1 \n * Mozilla Firefox 2.0 RC2 \n * Mozilla Firefox 2.0 RC3 \n * Mozilla Firefox 2.0.0 .19 \n * Mozilla Firefox 2.0.0 20 \n * Mozilla Firefox 2.0.0.1 \n * Mozilla Firefox 2.0.0.10 \n * Mozilla Firefox 2.0.0.11 \n * Mozilla Firefox 2.0.0.12 \n * Mozilla Firefox 2.0.0.13 \n * Mozilla Firefox 2.0.0.14 \n * Mozilla Firefox 2.0.0.15 \n * Mozilla Firefox 2.0.0.16 \n * Mozilla Firefox 2.0.0.17 \n * Mozilla Firefox 2.0.0.18 \n * Mozilla Firefox 2.0.0.19 \n * Mozilla Firefox 2.0.0.2 \n * Mozilla Firefox 2.0.0.3 \n * Mozilla Firefox 2.0.0.4 \n * Mozilla Firefox 2.0.0.5 \n * Mozilla Firefox 2.0.0.6 \n * Mozilla Firefox 2.0.0.7 \n * Mozilla Firefox 2.0.0.8 \n * Mozilla Firefox 2.0.0.9 \n * Mozilla Firefox 20.0 \n * Mozilla Firefox 20.0.1 \n * Mozilla Firefox 21.0 \n * Mozilla Firefox 22.0 \n * Mozilla Firefox 23.0 \n * Mozilla Firefox 24.0 \n * Mozilla Firefox 25.0 \n * Mozilla Firefox 25.0.1 \n * Mozilla Firefox 3.0 \n * Mozilla Firefox 3.0 Beta 5 \n * Mozilla Firefox 3.0.1 \n * Mozilla Firefox 3.0.10 \n * Mozilla Firefox 3.0.11 \n * Mozilla Firefox 3.0.12 \n * Mozilla Firefox 3.0.13 \n * Mozilla Firefox 3.0.14 \n * Mozilla Firefox 3.0.15 \n * Mozilla Firefox 3.0.16 \n * Mozilla Firefox 3.0.17 \n * Mozilla Firefox 3.0.18 \n * Mozilla Firefox 3.0.19 \n * Mozilla Firefox 3.0.2 \n * Mozilla Firefox 3.0.3 \n * Mozilla Firefox 3.0.4 \n * Mozilla Firefox 3.0.5 \n * Mozilla Firefox 3.0.6 \n * Mozilla Firefox 3.0.7 \n * Mozilla Firefox 3.0.7 Beta \n * Mozilla Firefox 3.0.8 \n * Mozilla Firefox 3.0.9 \n * Mozilla Firefox 3.1 \n * Mozilla Firefox 3.1 Beta 1 \n * Mozilla Firefox 3.1 Beta 2 \n * Mozilla Firefox 3.1 Beta 3 \n * Mozilla Firefox 3.5.0 \n * Mozilla Firefox 3.5.1 \n * Mozilla Firefox 3.5.10 \n * Mozilla Firefox 3.5.11 \n * Mozilla Firefox 3.5.12 \n * Mozilla Firefox 3.5.13 \n * Mozilla Firefox 3.5.14 \n * Mozilla Firefox 3.5.14 \n * Mozilla Firefox 3.5.15 \n * Mozilla Firefox 3.5.16 \n * Mozilla Firefox 3.5.18 \n * Mozilla Firefox 3.5.19 \n * Mozilla Firefox 3.5.2 \n * Mozilla Firefox 3.5.3 \n * Mozilla Firefox 3.5.4 \n * Mozilla Firefox 3.5.5 \n * Mozilla Firefox 3.5.6 \n * Mozilla Firefox 3.5.7 \n * Mozilla Firefox 3.5.8 \n * Mozilla Firefox 3.5.9 \n * Mozilla Firefox 3.6 \n * Mozilla Firefox 3.6 Beta 2 \n * Mozilla Firefox 3.6 Beta 3 \n * Mozilla Firefox 3.6.10 \n * Mozilla Firefox 3.6.11 \n * Mozilla Firefox 3.6.12 \n * Mozilla Firefox 3.6.13 \n * Mozilla Firefox 3.6.14 \n * Mozilla Firefox 3.6.15 \n * Mozilla Firefox 3.6.16 \n * Mozilla Firefox 3.6.17 \n * Mozilla Firefox 3.6.18 \n * Mozilla Firefox 3.6.19 \n * Mozilla Firefox 3.6.2 \n * Mozilla Firefox 3.6.20 \n * Mozilla Firefox 3.6.21 \n * Mozilla Firefox 3.6.22 \n * Mozilla Firefox 3.6.23 \n * Mozilla Firefox 3.6.24 \n * Mozilla Firefox 3.6.25 \n * Mozilla Firefox 3.6.26 \n * Mozilla Firefox 3.6.27 \n * Mozilla Firefox 3.6.28 \n * Mozilla Firefox 3.6.3 \n * Mozilla Firefox 3.6.4 \n * Mozilla Firefox 3.6.5 \n * Mozilla Firefox 3.6.6 \n * Mozilla Firefox 3.6.7 \n * Mozilla Firefox 3.6.8 \n * Mozilla Firefox 3.6.9 \n * Mozilla Firefox 4.0 \n * Mozilla Firefox 4.0 BETA2 \n * Mozilla Firefox 4.0 Beta1 \n * Mozilla Firefox 4.0 Beta10 \n * Mozilla Firefox 4.0 Beta11 \n * Mozilla Firefox 4.0 Beta12 \n * Mozilla Firefox 4.0 Beta3 \n * Mozilla Firefox 4.0 Beta4 \n * Mozilla Firefox 4.0 Beta5 \n * Mozilla Firefox 4.0 Beta6 \n * Mozilla Firefox 4.0 Beta7 \n * Mozilla Firefox 4.0 Beta8 \n * Mozilla Firefox 4.0 Beta9 \n * Mozilla Firefox 4.0.1 \n * Mozilla Firefox 5.0 \n * Mozilla Firefox 5.0.1 \n * Mozilla Firefox 6 \n * Mozilla Firefox 6.0 \n * Mozilla Firefox 6.0.1 \n * Mozilla Firefox 6.0.2 \n * Mozilla Firefox 7 \n * Mozilla Firefox 7.0 \n * Mozilla Firefox 7.0.1 \n * Mozilla Firefox 8.0 \n * Mozilla Firefox 8.0.1 \n * Mozilla Firefox 9.0 \n * Mozilla Firefox 9.0.1 \n * Mozilla Firefox ESR 10.0.10 \n * Mozilla Firefox ESR 10.0.11 \n * Mozilla Firefox ESR 10.0.12 \n * Mozilla Firefox ESR 10.0.2 \n * Mozilla Firefox ESR 10.0.3 \n * Mozilla Firefox ESR 10.0.4 \n * Mozilla Firefox ESR 10.0.5 \n * Mozilla Firefox ESR 10.0.6 \n * Mozilla Firefox ESR 10.0.7 \n * Mozilla Firefox ESR 10.0.8 \n * Mozilla Firefox ESR 10.0.9 \n * Mozilla Firefox ESR 17.0.1 \n * Mozilla Firefox ESR 17.0.10 \n * Mozilla Firefox ESR 17.0.11 \n * Mozilla Firefox ESR 17.0.2 \n * Mozilla Firefox ESR 17.0.3 \n * Mozilla Firefox ESR 17.0.4 \n * Mozilla Firefox ESR 17.0.6 \n * Mozilla Firefox ESR 17.0.7 \n * Mozilla Firefox ESR 17.0.8 \n * Mozilla Firefox ESR 17.0.9 \n * Mozilla Firefox ESR 24.1 \n * Mozilla Firefox ESR 24.1.1 \n * Mozilla SeaMonkey 1.0 \n * Mozilla SeaMonkey 1.0 Alpha \n * Mozilla SeaMonkey 1.0 Beta \n * Mozilla SeaMonkey 1.0 Dev \n * Mozilla SeaMonkey 1.0.1 \n * Mozilla SeaMonkey 1.0.2 \n * Mozilla SeaMonkey 1.0.3 \n * Mozilla SeaMonkey 1.0.4 \n * Mozilla SeaMonkey 1.0.5 \n * Mozilla SeaMonkey 1.0.6 \n * Mozilla SeaMonkey 1.0.7 \n * Mozilla SeaMonkey 1.0.8 \n * Mozilla SeaMonkey 1.0.9 \n * Mozilla SeaMonkey 1.0.99 \n * Mozilla SeaMonkey 1.1 \n * Mozilla SeaMonkey 1.1 Alpha \n * Mozilla SeaMonkey 1.1 Beta \n * Mozilla SeaMonkey 1.1.1 \n * Mozilla SeaMonkey 1.1.10 \n * Mozilla SeaMonkey 1.1.11 \n * Mozilla SeaMonkey 1.1.12 \n * Mozilla SeaMonkey 1.1.13 \n * Mozilla SeaMonkey 1.1.14 \n * Mozilla SeaMonkey 1.1.15 \n * Mozilla SeaMonkey 1.1.16 \n * Mozilla SeaMonkey 1.1.17 \n * Mozilla SeaMonkey 1.1.18 \n * Mozilla SeaMonkey 1.1.19 \n * Mozilla SeaMonkey 1.1.2 \n * Mozilla SeaMonkey 1.1.3 \n * Mozilla SeaMonkey 1.1.4 \n * Mozilla SeaMonkey 1.1.5 \n * Mozilla SeaMonkey 1.1.6 \n * Mozilla SeaMonkey 1.1.7 \n * Mozilla SeaMonkey 1.1.8 \n * Mozilla SeaMonkey 1.1.9 \n * Mozilla SeaMonkey 1.5.0.10 \n * Mozilla SeaMonkey 1.5.0.8 \n * Mozilla SeaMonkey 1.5.0.9 \n * Mozilla SeaMonkey 2.0 \n * Mozilla SeaMonkey 2.0 Alpha 1 \n * Mozilla SeaMonkey 2.0 Alpha 2 \n * Mozilla SeaMonkey 2.0 Alpha 3 \n * Mozilla SeaMonkey 2.0 Beta 1 \n * Mozilla SeaMonkey 2.0 Beta 2 \n * Mozilla SeaMonkey 2.0 RC1 \n * Mozilla SeaMonkey 2.0 RC2 \n * Mozilla SeaMonkey 2.0.1 \n * Mozilla SeaMonkey 2.0.10 \n * Mozilla SeaMonkey 2.0.11 \n * Mozilla SeaMonkey 2.0.12 \n * Mozilla SeaMonkey 2.0.13 \n * Mozilla SeaMonkey 2.0.14 \n * Mozilla SeaMonkey 2.0.2 \n * Mozilla SeaMonkey 2.0.3 \n * Mozilla SeaMonkey 2.0.4 \n * Mozilla SeaMonkey 2.0.5 \n * Mozilla SeaMonkey 2.0.6 \n * Mozilla SeaMonkey 2.0.7 \n * Mozilla SeaMonkey 2.0.8 \n * Mozilla SeaMonkey 2.0.9 \n * Mozilla SeaMonkey 2.1 \n * Mozilla SeaMonkey 2.1 Alpha1 \n * Mozilla SeaMonkey 2.1 Alpha2 \n * Mozilla SeaMonkey 2.1 Alpha3 \n * Mozilla SeaMonkey 2.10 \n * Mozilla SeaMonkey 2.11 \n * Mozilla SeaMonkey 2.12 \n * Mozilla SeaMonkey 2.13 \n * Mozilla SeaMonkey 2.13.1 \n * Mozilla SeaMonkey 2.13.2 \n * Mozilla SeaMonkey 2.14 \n * Mozilla SeaMonkey 2.15 \n * Mozilla SeaMonkey 2.16 \n * Mozilla SeaMonkey 2.16.1 \n * Mozilla SeaMonkey 2.17 \n * Mozilla SeaMonkey 2.1b2 \n * Mozilla SeaMonkey 2.2 \n * Mozilla SeaMonkey 2.20 \n * Mozilla SeaMonkey 2.21 \n * Mozilla SeaMonkey 2.22 \n * Mozilla SeaMonkey 2.22.1 \n * Mozilla SeaMonkey 2.3 \n * Mozilla SeaMonkey 2.4 \n * Mozilla SeaMonkey 2.5 \n * Mozilla SeaMonkey 2.6 \n * Mozilla SeaMonkey 2.7 \n * Mozilla SeaMonkey 2.7.1 \n * Mozilla SeaMonkey 2.7.2 \n * Mozilla SeaMonkey 2.8 \n * Mozilla SeaMonkey 2.9 \n * Mozilla Thunderbird 0.1 \n * Mozilla Thunderbird 0.2 \n * Mozilla Thunderbird 0.3 \n * Mozilla Thunderbird 0.4 \n * Mozilla Thunderbird 0.5 \n * Mozilla Thunderbird 0.6.0 \n * Mozilla Thunderbird 0.7.0 \n * Mozilla Thunderbird 0.7.1 \n * Mozilla Thunderbird 0.7.2 \n * Mozilla Thunderbird 0.7.3 \n * Mozilla Thunderbird 0.8.0 \n * Mozilla Thunderbird 0.9.0 \n * Mozilla Thunderbird 1.0.0 \n * Mozilla Thunderbird 1.0.1 \n * Mozilla Thunderbird 1.0.2 \n * Mozilla Thunderbird 1.0.3 \n * Mozilla Thunderbird 1.0.5 \n * Mozilla Thunderbird 1.0.5 Beta \n * Mozilla Thunderbird 1.0.6 \n * Mozilla Thunderbird 1.0.7 \n * Mozilla Thunderbird 1.0.8 \n * Mozilla Thunderbird 1.5.0 \n * Mozilla Thunderbird 1.5.0 Beta 2 \n * Mozilla Thunderbird 1.5.0.1 \n * Mozilla Thunderbird 1.5.0.10 \n * Mozilla Thunderbird 1.5.0.11 \n * Mozilla Thunderbird 1.5.0.12 \n * Mozilla Thunderbird 1.5.0.13 \n * Mozilla Thunderbird 1.5.0.14 \n * Mozilla Thunderbird 1.5.0.2 \n * Mozilla Thunderbird 1.5.0.3 \n * Mozilla Thunderbird 1.5.0.4 \n * Mozilla Thunderbird 1.5.0.5 \n * Mozilla Thunderbird 1.5.0.6 \n * Mozilla Thunderbird 1.5.0.7 \n * Mozilla Thunderbird 1.5.0.8 \n * Mozilla Thunderbird 1.5.0.9 \n * Mozilla Thunderbird 1.5.1 \n * Mozilla Thunderbird 1.5.2 \n * Mozilla Thunderbird 1.7.1 \n * Mozilla Thunderbird 1.7.3 \n * Mozilla Thunderbird 10.0 \n * Mozilla Thunderbird 10.0.1 \n * Mozilla Thunderbird 10.0.2 \n * Mozilla Thunderbird 11.0 \n * Mozilla Thunderbird 12.0 \n * Mozilla Thunderbird 13.0 \n * Mozilla Thunderbird 14 \n * Mozilla Thunderbird 14.0 \n * Mozilla Thunderbird 15 \n * Mozilla Thunderbird 16 \n * Mozilla Thunderbird 16.0.1 \n * Mozilla Thunderbird 16.0.2 \n * Mozilla Thunderbird 17.0 \n * Mozilla Thunderbird 17.0.2 \n * Mozilla Thunderbird 17.0.3 \n * Mozilla Thunderbird 17.0.4 \n * Mozilla Thunderbird 17.0.5 \n * Mozilla Thunderbird 17.0.6 \n * Mozilla Thunderbird 17.0.7 \n * Mozilla Thunderbird 17.0.8 \n * Mozilla Thunderbird 2.0 \n * Mozilla Thunderbird 2.0.0 .19 \n * Mozilla Thunderbird 2.0.0.0 \n * Mozilla Thunderbird 2.0.0.1 \n * Mozilla Thunderbird 2.0.0.11 \n * Mozilla Thunderbird 2.0.0.12 \n * Mozilla Thunderbird 2.0.0.13 \n * Mozilla Thunderbird 2.0.0.14 \n * Mozilla Thunderbird 2.0.0.15 \n * Mozilla Thunderbird 2.0.0.16 \n * Mozilla Thunderbird 2.0.0.17 \n * Mozilla Thunderbird 2.0.0.18 \n * Mozilla Thunderbird 2.0.0.2 \n * Mozilla Thunderbird 2.0.0.20 \n * Mozilla Thunderbird 2.0.0.21 \n * Mozilla Thunderbird 2.0.0.22 \n * Mozilla Thunderbird 2.0.0.23 \n * Mozilla Thunderbird 2.0.0.24 \n * Mozilla Thunderbird 2.0.0.3 \n * Mozilla Thunderbird 2.0.0.4 \n * Mozilla Thunderbird 2.0.0.5 \n * Mozilla Thunderbird 2.0.0.6 \n * Mozilla Thunderbird 2.0.0.7 \n * Mozilla Thunderbird 2.0.0.8 \n * Mozilla Thunderbird 2.0.0.9 \n * Mozilla Thunderbird 2.0.14 \n * Mozilla Thunderbird 2.1 \n * Mozilla Thunderbird 24.0 \n * Mozilla Thunderbird 24.1 \n * Mozilla Thunderbird 3.0 \n * Mozilla Thunderbird 3.0.1 \n * Mozilla Thunderbird 3.0.10 \n * Mozilla Thunderbird 3.0.11 \n * Mozilla Thunderbird 3.0.2 \n * Mozilla Thunderbird 3.0.3 \n * Mozilla Thunderbird 3.0.4 \n * Mozilla Thunderbird 3.0.5 \n * Mozilla Thunderbird 3.0.6 \n * Mozilla Thunderbird 3.0.7 \n * Mozilla Thunderbird 3.0.8 \n * Mozilla Thunderbird 3.0.9 \n * Mozilla Thunderbird 3.1 \n * Mozilla Thunderbird 3.1.1 \n * Mozilla Thunderbird 3.1.10 \n * Mozilla Thunderbird 3.1.11 \n * Mozilla Thunderbird 3.1.12 \n * Mozilla Thunderbird 3.1.13 \n * Mozilla Thunderbird 3.1.14 \n * Mozilla Thunderbird 3.1.15 \n * Mozilla Thunderbird 3.1.16 \n * Mozilla Thunderbird 3.1.17 \n * Mozilla Thunderbird 3.1.18 \n * Mozilla Thunderbird 3.1.19 \n * Mozilla Thunderbird 3.1.2 \n * Mozilla Thunderbird 3.1.20 \n * Mozilla Thunderbird 3.1.3 \n * Mozilla Thunderbird 3.1.4 \n * Mozilla Thunderbird 3.1.5 \n * Mozilla Thunderbird 3.1.6 \n * Mozilla Thunderbird 3.1.7 \n * Mozilla Thunderbird 3.1.8 \n * Mozilla Thunderbird 3.1.9 \n * Mozilla Thunderbird 3.3 \n * Mozilla Thunderbird 5 \n * Mozilla Thunderbird 5.0 \n * Mozilla Thunderbird 6 \n * Mozilla Thunderbird 6.0 \n * Mozilla Thunderbird 6.0.1 \n * Mozilla Thunderbird 6.0.2 \n * Mozilla Thunderbird 7.0 \n * Mozilla Thunderbird 7.0.1 \n * Mozilla Thunderbird 8.0 \n * Mozilla Thunderbird 9.0 \n * Oracle Enterprise Linux 5 \n * Oracle Enterprise Linux 6 \n * Oracle Enterprise Linux 6.2 \n * Oracle JDK (Linux Production Release) 1.5.0_36 \n * Oracle JDK (Linux Production Release) 1.5.0_38 \n * Oracle JDK (Linux Production Release) 1.5.0_39 \n * Oracle JDK (Linux Production Release) 1.6.0 Update 65 \n * Oracle JDK (Linux Production Release) 1.6.0_22 \n * Oracle JDK (Linux Production Release) 1.6.0_23 \n * Oracle JDK (Linux Production Release) 1.6.0_24 \n * Oracle JDK (Linux Production Release) 1.6.0_25 \n * Oracle JDK (Linux Production Release) 1.6.0_26 \n * Oracle JDK (Linux Production Release) 1.6.0_27 \n * Oracle JDK (Linux Production Release) 1.6.0_28 \n * Oracle JDK (Linux Production Release) 1.6.0_30 \n * Oracle JDK (Linux Production Release) 1.6.0_32 \n * Oracle JDK (Linux Production Release) 1.6.0_34 \n * Oracle JDK (Linux Production Release) 1.6.0_35 \n * Oracle JDK (Linux Production Release) 1.6.0_38 \n * Oracle JDK (Linux Production Release) 1.6.0_39 \n * Oracle JDK (Linux Production Release) 1.6.0_43 \n * Oracle JDK (Linux Production Release) 1.7.0 \n * Oracle JDK (Linux Production Release) 1.7.0 Update 45 \n * Oracle JDK (Linux Production Release) 1.7.0_12 \n * Oracle JDK (Linux Production Release) 1.7.0_13 \n * Oracle JDK (Linux Production Release) 1.7.0_17 \n * Oracle JDK (Linux Production Release) 1.7.0_2 \n * Oracle JDK (Linux Production Release) 1.7.0_4 \n * Oracle JDK (Linux Production Release) 1.7.0_7 \n * Oracle JDK (Solaris Production Release) 1.5.0 Update 36 \n * Oracle JDK (Solaris Production Release) 1.5.0 Update 38 \n * Oracle JDK (Solaris Production Release) 1.5.0 Update 39 \n * Oracle JDK (Solaris Production Release) 1.5.0 Update 40 \n * Oracle JDK (Solaris Production Release) 1.5.0 Update 41 \n * Oracle JDK (Solaris Production Release) 1.5.0 Update 45 \n * Oracle JDK (Solaris Production Release) 1.5.0 Update 51 \n * Oracle JDK (Solaris Production Release) 1.5.0 Update 55 \n * Oracle JDK (Solaris Production Release) 1.5.0_36 \n * Oracle JDK (Solaris Production Release) 1.5.0_38 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 22 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 23 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 24 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 25 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 26 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 27 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 29 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 30 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 31 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 32 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 33 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 34 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 35 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 37 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 38 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 39 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 41 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 43 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 45 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 51 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 60 \n * Oracle JDK (Solaris Production Release) 1.6.0_22 \n * Oracle JDK (Solaris Production Release) 1.6.0_23 \n * Oracle JDK (Solaris Production Release) 1.6.0_24 \n * Oracle JDK (Solaris Production Release) 1.6.0_25 \n * Oracle JDK (Solaris Production Release) 1.6.0_26 \n * Oracle JDK (Solaris Production Release) 1.6.0_27 \n * Oracle JDK (Solaris Production Release) 1.6.0_28 \n * Oracle JDK (Solaris Production Release) 1.6.0_30 \n * Oracle JDK (Solaris Production Release) 1.6.0_32 \n * Oracle JDK (Solaris Production Release) 1.6.0_34 \n * Oracle JDK (Solaris Production Release) 1.6.0_35 \n * Oracle JDK (Solaris Production Release) 1.6.0_37 \n * Oracle JDK (Solaris Production Release) 1.6.0_38 \n * Oracle JDK (Solaris Production Release) 1.6.0_39 \n * Oracle JDK (Solaris Production Release) 1.7.0 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update 40 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update1 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update10 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update11 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update13 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update15 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update17 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update2 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update21 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update25 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update3 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update4 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update5 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update6 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update7 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update9 \n * Oracle JDK (Solaris Production Release) 1.7.0_10 \n * Oracle JDK (Solaris Production Release) 1.7.0_11 \n * Oracle JDK (Solaris Production Release) 1.7.0_13 \n * Oracle JDK (Solaris Production Release) 1.7.0_2 \n * Oracle JDK (Solaris Production Release) 1.7.0_4 \n * Oracle JDK (Solaris Production Release) 1.7.0_7 \n * Oracle JDK (Windows Production Release) 1.5.0_36 \n * Oracle JDK (Windows Production Release) 1.5.0_38 \n * Oracle JDK (Windows Production Release) 1.5.0_51 \n * Oracle JDK (Windows Production Release) 1.6.0_22 \n * Oracle JDK (Windows Production Release) 1.6.0_23 \n * Oracle JDK (Windows Production Release) 1.6.0_24 \n * Oracle JDK (Windows Production Release) 1.6.0_25 \n * Oracle JDK (Windows Production Release) 1.6.0_26 \n * Oracle JDK (Windows Production Release) 1.6.0_27 \n * Oracle JDK (Windows Production Release) 1.6.0_28 \n * Oracle JDK (Windows Production Release) 1.6.0_30 \n * Oracle JDK (Windows Production Release) 1.6.0_32 \n * Oracle JDK (Windows Production Release) 1.6.0_35 \n * Oracle JDK (Windows Production Release) 1.6.0_37 \n * Oracle JDK (Windows Production Release) 1.6.0_38 \n * Oracle JDK (Windows Production Release) 1.6.0_39 \n * Oracle JDK (Windows Production Release) 1.6.0_60 \n * Oracle JDK (Windows Production Release) 1.7.0 \n * Oracle JDK (Windows Production Release) 1.7.0_17 \n * Oracle JDK (Windows Production Release) 1.7.0_2 \n * Oracle JDK (Windows Production Release) 1.7.0_4 \n * Oracle JDK (Windows Production Release) 1.7.0_40 \n * Oracle JDK (Windows Production Release) 1.7.0_7 \n * Oracle JDK 1.5.0 \n * Oracle JDK(Linux Production Release) 1.5.0_40 \n * Oracle JDK(Linux Production Release) 1.5.0_41 \n * Oracle JDK(Linux Production Release) 1.5.0_45 \n * Oracle JDK(Linux Production Release) 1.5.0_51 \n * Oracle JDK(Linux Production Release) 1.5.0_55 \n * Oracle JDK(Linux Production Release) 1.5.0_61 \n * Oracle JDK(Linux Production Release) 1.6.0_37 \n * Oracle JDK(Linux Production Release) 1.6.0_40 \n * Oracle JDK(Linux Production Release) 1.6.0_41 \n * Oracle JDK(Linux Production Release) 1.6.0_43 \n * Oracle JDK(Linux Production Release) 1.6.0_45 \n * Oracle JDK(Linux Production Release) 1.6.0_60 \n * Oracle JDK(Linux Production Release) 1.6.0_65 \n * Oracle JDK(Linux Production Release) 1.6.0_71 \n * Oracle JDK(Linux Production Release) 1.7.0_10 \n * Oracle JDK(Linux Production Release) 1.7.0_11 \n * Oracle JDK(Linux Production Release) 1.7.0_13 \n * Oracle JDK(Linux Production Release) 1.7.0_14 \n * Oracle JDK(Linux Production Release) 1.7.0_15 \n * Oracle JDK(Linux Production Release) 1.7.0_17 \n * Oracle JDK(Linux Production Release) 1.7.0_21 \n * Oracle JDK(Linux Production Release) 1.7.0_25 \n * Oracle JDK(Linux Production Release) 1.7.0_40 \n * Oracle JDK(Linux Production Release) 1.7.0_45 \n * Oracle JDK(Linux Production Release) 1.7.0_51 \n * Oracle JDK(Linux Production Release) 1.7.0_8 \n * Oracle JDK(Linux Production Release) 1.7.0_9 \n * Oracle JDK(Linux Production Release) 1.8.0 \n * Oracle JDK(Solaris Production Release) 1.5.0_39 \n * Oracle JDK(Solaris Production Release) 1.5.0_40 \n * Oracle JDK(Solaris Production Release) 1.5.0_41 \n * Oracle JDK(Solaris Production Release) 1.5.0_45 \n * Oracle JDK(Solaris Production Release) 1.5.0_51 \n * Oracle JDK(Solaris Production Release) 1.5.0_55 \n * Oracle JDK(Solaris Production Release) 1.5.0_61 \n * Oracle JDK(Solaris Production Release) 1.6.0_39 \n * Oracle JDK(Solaris Production Release) 1.6.0_40 \n * Oracle JDK(Solaris Production Release) 1.6.0_41 \n * Oracle JDK(Solaris Production Release) 1.6.0_43 \n * Oracle JDK(Solaris Production Release) 1.6.0_45 \n * Oracle JDK(Solaris Production Release) 1.6.0_60 \n * Oracle JDK(Solaris Production Release) 1.6.0_65 \n * Oracle JDK(Solaris Production Release) 1.6.0_71 \n * Oracle JDK(Solaris Production Release) 1.7.0_12 \n * Oracle JDK(Solaris Production Release) 1.7.0_13 \n * Oracle JDK(Solaris Production Release) 1.7.0_14 \n * Oracle JDK(Solaris Production Release) 1.7.0_15 \n * Oracle JDK(Solaris Production Release) 1.7.0_17 \n * Oracle JDK(Solaris Production Release) 1.7.0_21 \n * Oracle JDK(Solaris Production Release) 1.7.0_25 \n * Oracle JDK(Solaris Production Release) 1.7.0_40 \n * Oracle JDK(Solaris Production Release) 1.7.0_45 \n * Oracle JDK(Solaris Production Release) 1.7.0_51 \n * Oracle JDK(Solaris Production Release) 1.7.0_8 \n * Oracle JDK(Solaris Production Release) 1.7.0_9 \n * Oracle JDK(Solaris Production Release) 1.8.0 \n * Oracle JDK(Windows Production Release) 1.5.0_39 \n * Oracle JDK(Windows Production Release) 1.5.0_40 \n * Oracle JDK(Windows Production Release) 1.5.0_41 \n * Oracle JDK(Windows Production Release) 1.5.0_45 \n * Oracle JDK(Windows Production Release) 1.5.0_55 \n * Oracle JDK(Windows Production Release) 1.5.0_61 \n * Oracle JDK(Windows Production Release) 1.6.0_39 \n * Oracle JDK(Windows Production Release) 1.6.0_40 \n * Oracle JDK(Windows Production Release) 1.6.0_41 \n * Oracle JDK(Windows Production Release) 1.6.0_43 \n * Oracle JDK(Windows Production Release) 1.6.0_45 \n * Oracle JDK(Windows Production Release) 1.6.0_65 \n * Oracle JDK(Windows Production Release) 1.6.0_71 \n * Oracle JDK(Windows Production Release) 1.7.0_10 \n * Oracle JDK(Windows Production Release) 1.7.0_11 \n * Oracle JDK(Windows Production Release) 1.7.0_12 \n * Oracle JDK(Windows Production Release) 1.7.0_13 \n * Oracle JDK(Windows Production Release) 1.7.0_14 \n * Oracle JDK(Windows Production Release) 1.7.0_15 \n * Oracle JDK(Windows Production Release) 1.7.0_17 \n * Oracle JDK(Windows Production Release) 1.7.0_21 \n * Oracle JDK(Windows Production Release) 1.7.0_25 \n * Oracle JDK(Windows Production Release) 1.7.0_45 \n * Oracle JDK(Windows Production Release) 1.7.0_51 \n * Oracle JDK(Windows Production Release) 1.7.0_8 \n * Oracle JDK(Windows Production Release) 1.7.0_9 \n * Oracle JDK(Windows Production Release) 1.8.0 \n * Oracle JRE (Linux Production Release) 1.5.0_36 \n * Oracle JRE (Linux Production Release) 1.5.0_38 \n * Oracle JRE (Linux Production Release) 1.5.0_39 \n * Oracle JRE (Linux Production Release) 1.6.0_22 \n * Oracle JRE (Linux Production Release) 1.6.0_23 \n * Oracle JRE (Linux Production Release) 1.6.0_24 \n * Oracle JRE (Linux Production Release) 1.6.0_25 \n * Oracle JRE (Linux Production Release) 1.6.0_26 \n * Oracle JRE (Linux Production Release) 1.6.0_27 \n * Oracle JRE (Linux Production Release) 1.6.0_28 \n * Oracle JRE (Linux Production Release) 1.6.0_30 \n * Oracle JRE (Linux Production Release) 1.6.0_32 \n * Oracle JRE (Linux Production Release) 1.6.0_35 \n * Oracle JRE (Linux Production Release) 1.6.0_39 \n * Oracle JRE (Linux Production Release) 1.7.0_12 \n * Oracle JRE (Linux Production Release) 1.7.0_13 \n * Oracle JRE (Linux Production Release) 1.7.0_17 \n * Oracle JRE (Linux Production Release) 1.7.0_2 \n * Oracle JRE (Linux Production Release) 1.7.0_21 \n * Oracle JRE (Linux Production Release) 1.7.0_4 \n * Oracle JRE (Linux Production Release) 1.7.0_7 \n * Oracle JRE (Solaris Production Release) 1.5.0 Update 36 \n * Oracle JRE (Solaris Production Release) 1.5.0 Update 38 \n * Oracle JRE (Solaris Production Release) 1.5.0 Update 39 \n * Oracle JRE (Solaris Production Release) 1.5.0 Update 40 \n * Oracle JRE (Solaris Production Release) 1.5.0 Update 41 \n * Oracle JRE (Solaris Production Release) 1.5.0 Update 45 \n * Oracle JRE (Solaris Production Release) 1.5.0 Update 51 \n * Oracle JRE (Solaris Production Release) 1.5.0 Update 55 \n * Oracle JRE (Solaris Production Release) 1.5.0_36 \n * Oracle JRE (Solaris Production Release) 1.5.0_38 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 19 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 22 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 23 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 24 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 25 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 26 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 27 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 29 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 30 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 31 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 32 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 33 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 34 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 35 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 37 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 38 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 39 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 41 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 43 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 45 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 51 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 60 \n * Oracle JRE (Solaris Production Release) 1.6.0_22 \n * Oracle JRE (Solaris Production Release) 1.6.0_23 \n * Oracle JRE (Solaris Production Release) 1.6.0_24 \n * Oracle JRE (Solaris Production Release) 1.6.0_25 \n * Oracle JRE (Solaris Production Release) 1.6.0_26 \n * Oracle JRE (Solaris Production Release) 1.6.0_27 \n * Oracle JRE (Solaris Production Release) 1.6.0_28 \n * Oracle JRE (Solaris Production Release) 1.6.0_30 \n * Oracle JRE (Solaris Production Release) 1.6.0_32 \n * Oracle JRE (Solaris Production Release) 1.6.0_35 \n * Oracle JRE (Solaris Production Release) 1.6.0_43 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update 40 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update1 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update10 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update11 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update13 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update15 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update17 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update2 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update21 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update25 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update3 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update4 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update5 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update6 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update7 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update9 \n * Oracle JRE (Solaris Production Release) 1.7.0_17 \n * Oracle JRE (Solaris Production Release) 1.7.0_2 \n * Oracle JRE (Solaris Production Release) 1.7.0_4 \n * Oracle JRE (Solaris Production Release) 1.7.0_7 \n * Oracle JRE (Windows Production Release) 1.5.0_36 \n * Oracle JRE (Windows Production Release) 1.5.0_38 \n * Oracle JRE (Windows Production Release) 1.5.0_45 \n * Oracle JRE (Windows Production Release) 1.5.0_51 \n * Oracle JRE (Windows Production Release) 1.6.0_22 \n * Oracle JRE (Windows Production Release) 1.6.0_23 \n * Oracle JRE (Windows Production Release) 1.6.0_24 \n * Oracle JRE (Windows Production Release) 1.6.0_25 \n * Oracle JRE (Windows Production Release) 1.6.0_26 \n * Oracle JRE (Windows Production Release) 1.6.0_27 \n * Oracle JRE (Windows Production Release) 1.6.0_28 \n * Oracle JRE (Windows Production Release) 1.6.0_30 \n * Oracle JRE (Windows Production Release) 1.6.0_31 \n * Oracle JRE (Windows Production Release) 1.6.0_32 \n * Oracle JRE (Windows Production Release) 1.6.0_33 \n * Oracle JRE (Windows Production Release) 1.6.0_35 \n * Oracle JRE (Windows Production Release) 1.6.0_37 \n * Oracle JRE (Windows Production Release) 1.6.0_38 \n * Oracle JRE (Windows Production Release) 1.6.0_43 \n * Oracle JRE (Windows Production Release) 1.6.0_45 \n * Oracle JRE (Windows Production Release) 1.6.0_60 \n * Oracle JRE (Windows Production Release) 1.7.0_17 \n * Oracle JRE (Windows Production Release) 1.7.0_2 \n * Oracle JRE (Windows Production Release) 1.7.0_21 \n * Oracle JRE (Windows Production Release) 1.7.0_4 \n * Oracle JRE (Windows Production Release) 1.7.0_40 \n * Oracle JRE (Windows Production Release) 1.7.0_45 \n * Oracle JRE (Windows Production Release) 1.7.0_7 \n * Oracle JRE 1.5.0 Update 22 \n * Oracle JRE 1.6.0 Update 34 \n * Oracle JRE 1.6.0 Update 35 \n * Oracle JRE 1.6.0 Update 41 \n * Oracle JRE 1.6.0 Update 65 \n * Oracle JRE 1.7 Update 10 \n * Oracle JRE 1.7.0 \n * Oracle JRE 1.7.0 Update 1 \n * Oracle JRE 1.7.0 Update 10 \n * Oracle JRE 1.7.0 Update 11 \n * Oracle JRE 1.7.0 Update 12 \n * Oracle JRE 1.7.0 Update 13 \n * Oracle JRE 1.7.0 Update 14 \n * Oracle JRE 1.7.0 Update 15 \n * Oracle JRE 1.7.0 Update 2 \n * Oracle JRE 1.7.0 Update 20 \n * Oracle JRE 1.7.0 Update 21 \n * Oracle JRE 1.7.0 Update 25 \n * Oracle JRE 1.7.0 Update 3 \n * Oracle JRE 1.7.0 Update 4 \n * Oracle JRE 1.7.0 Update 45 \n * Oracle JRE 1.7.0 Update 5 \n * Oracle JRE 1.7.0 Update 6 \n * Oracle JRE 1.7.0 Update 7 \n * Oracle JRE 1.7.0 Update 8 \n * Oracle JRE 1.7.0 Update 9 \n * Oracle JRE 6 update 39 \n * Oracle JRE(Linux Production Release) 1.5.0_40 \n * Oracle JRE(Linux Production Release) 1.5.0_41 \n * Oracle JRE(Linux Production Release) 1.5.0_45 \n * Oracle JRE(Linux Production Release) 1.5.0_51 \n * Oracle JRE(Linux Production Release) 1.5.0_55 \n * Oracle JRE(Linux Production Release) 1.5.0_61 \n * Oracle JRE(Linux Production Release) 1.6.0_38 \n * Oracle JRE(Linux Production Release) 1.6.0_40 \n * Oracle JRE(Linux Production Release) 1.6.0_41 \n * Oracle JRE(Linux Production Release) 1.6.0_43 \n * Oracle JRE(Linux Production Release) 1.6.0_45 \n * Oracle JRE(Linux Production Release) 1.6.0_60 \n * Oracle JRE(Linux Production Release) 1.6.0_65 \n * Oracle JRE(Linux Production Release) 1.6.0_71 \n * Oracle JRE(Linux Production Release) 1.7.0_10 \n * Oracle JRE(Linux Production Release) 1.7.0_11 \n * Oracle JRE(Linux Production Release) 1.7.0_13 \n * Oracle JRE(Linux Production Release) 1.7.0_14 \n * Oracle JRE(Linux Production Release) 1.7.0_15 \n * Oracle JRE(Linux Production Release) 1.7.0_17 \n * Oracle JRE(Linux Production Release) 1.7.0_25 \n * Oracle JRE(Linux Production Release) 1.7.0_40 \n * Oracle JRE(Linux Production Release) 1.7.0_45 \n * Oracle JRE(Linux Production Release) 1.7.0_51 \n * Oracle JRE(Linux Production Release) 1.7.0_8 \n * Oracle JRE(Linux Production Release) 1.7.0_9 \n * Oracle JRE(Linux Production Release) 1.8.0 \n * Oracle JRE(Solaris Production Release) 1.5.0_39 \n * Oracle JRE(Solaris Production Release) 1.5.0_40 \n * Oracle JRE(Solaris Production Release) 1.5.0_41 \n * Oracle JRE(Solaris Production Release) 1.5.0_45 \n * Oracle JRE(Solaris Production Release) 1.5.0_51 \n * Oracle JRE(Solaris Production Release) 1.5.0_55 \n * Oracle JRE(Solaris Production Release) 1.5.0_61 \n * Oracle JRE(Solaris Production Release) 1.6.0_38 \n * Oracle JRE(Solaris Production Release) 1.6.0_39 \n * Oracle JRE(Solaris Production Release) 1.6.0_40 \n * Oracle JRE(Solaris Production Release) 1.6.0_41 \n * Oracle JRE(Solaris Production Release) 1.6.0_43 \n * Oracle JRE(Solaris Production Release) 1.6.0_45 \n * Oracle JRE(Solaris Production Release) 1.6.0_60 \n * Oracle JRE(Solaris Production Release) 1.6.0_65 \n * Oracle JRE(Solaris Production Release) 1.6.0_71 \n * Oracle JRE(Solaris Production Release) 1.7.0_10 \n * Oracle JRE(Solaris Production Release) 1.7.0_11 \n * Oracle JRE(Solaris Production Release) 1.7.0_12 \n * Oracle JRE(Solaris Production Release) 1.7.0_13 \n * Oracle JRE(Solaris Production Release) 1.7.0_14 \n * Oracle JRE(Solaris Production Release) 1.7.0_15 \n * Oracle JRE(Solaris Production Release) 1.7.0_17 \n * Oracle JRE(Solaris Production Release) 1.7.0_21 \n * Oracle JRE(Solaris Production Release) 1.7.0_25 \n * Oracle JRE(Solaris Production Release) 1.7.0_40 \n * Oracle JRE(Solaris Production Release) 1.7.0_45 \n * Oracle JRE(Solaris Production Release) 1.7.0_51 \n * Oracle JRE(Solaris Production Release) 1.7.0_8 \n * Oracle JRE(Solaris Production Release) 1.7.0_9 \n * Oracle JRE(Solaris Production Release) 1.8.0 \n * Oracle JRE(Windows Production Release) 1.5.0_39 \n * Oracle JRE(Windows Production Release) 1.5.0_40 \n * Oracle JRE(Windows Production Release) 1.5.0_41 \n * Oracle JRE(Windows Production Release) 1.5.0_55 \n * Oracle JRE(Windows Production Release) 1.5.0_61 \n * Oracle JRE(Windows Production Release) 1.6.0_38 \n * Oracle JRE(Windows Production Release) 1.6.0_39 \n * Oracle JRE(Windows Production Release) 1.6.0_40 \n * Oracle JRE(Windows Production Release) 1.6.0_41 \n * Oracle JRE(Windows Production Release) 1.6.0_43 \n * Oracle JRE(Windows Production Release) 1.6.0_65 \n * Oracle JRE(Windows Production Release) 1.6.0_71 \n * Oracle JRE(Windows Production Release) 1.7.0_10 \n * Oracle JRE(Windows Production Release) 1.7.0_11 \n * Oracle JRE(Windows Production Release) 1.7.0_12 \n * Oracle JRE(Windows Production Release) 1.7.0_13 \n * Oracle JRE(Windows Production Release) 1.7.0_14 \n * Oracle JRE(Windows Production Release) 1.7.0_15 \n * Oracle JRE(Windows Production Release) 1.7.0_17 \n * Oracle JRE(Windows Production Release) 1.7.0_25 \n * Oracle JRE(Windows Production Release) 1.7.0_45 \n * Oracle JRE(Windows Production Release) 1.7.0_51 \n * Oracle JRE(Windows Production Release) 1.7.0_8 \n * Oracle JRE(Windows Production Release) 1.7.0_9 \n * Oracle JRE(Windows Production Release) 1.8.0 \n * Oracle Java JRE 1.5 \n * Oracle Java JRE 1.5.0.15 \n * Oracle Java JRE 1.6.0_37 \n * Oracle Java JRE 7 Update 51 \n * Oracle Java SE Embedded 7u25 \n * Oracle Java SE Embedded 7u40 \n * Oracle Java SE Embedded 7u45 \n * Oracle Java SE Embedded 7u51 \n * Redhat Enterprise Linux 5 Server \n * Redhat Enterprise Linux Desktop 5 Client \n * Redhat Enterprise Linux Desktop 6 \n * Redhat Enterprise Linux Desktop Supplementary 5 Client \n * Redhat Enterprise Linux Desktop Supplementary 6 \n * Redhat Enterprise Linux Desktop Workstation 5 Client \n * Redhat Enterprise Linux HPC Node 6 \n * Redhat Enterprise Linux HPC Node Supplementary 6 \n * Redhat Enterprise Linux Resilient Storage EUS 6.5.z \n * Redhat Enterprise Linux Server 6 \n * Redhat Enterprise Linux Server AUS 6.5 \n * Redhat Enterprise Linux Server EUS 6.5.z \n * Redhat Enterprise Linux Server Supplementary 6 \n * Redhat Enterprise Linux Supplementary 5 Server \n * Redhat Enterprise Linux Workstation 6 \n * Redhat Enterprise Linux Workstation Supplementary 6 \n * Slackware Linux 13.0 \n * Slackware Linux 13.1 \n * Slackware Linux 13.37 \n * Slackware Linux 14.0 \n * Slackware Linux 14.1 \n * SuSE Linux Enterprise Server 11 SP2 LTSS \n * SuSE Manager (for SLE 11 SP2) 1.7 \n * SuSE SUSE Linux Enterprise Java 11 SP3 \n * SuSE SUSE Linux Enterprise Server 10 SP3 LTSS \n * SuSE SUSE Linux Enterprise Server 10 SP4 LTSS \n * SuSE SUSE Linux Enterprise Server 11 SP1 LTSS \n * SuSE SUSE Linux Enterprise Server 11 SP3 \n * SuSE SUSE Linux Enterprise Server 11 SP3 for VMware \n * SuSE SUSE Linux Enterprise Software Development Kit 11 SP3 \n * SuSE Suse Linux Enterprise Desktop 11 SP3 \n * SuSE openSUSE 11.4 \n * SuSE openSUSE 12.2 \n * SuSE openSUSE 12.3 \n * SuSE openSUSE 13.1 \n * Ubuntu Ubuntu Linux 10.04.LTS \n * Ubuntu Ubuntu Linux 12.04 LTS \n * Ubuntu Ubuntu Linux 12.10 \n * Ubuntu Ubuntu Linux 13.04 \n * Ubuntu Ubuntu Linux 13.10 \n * VMWare Vcenter Update Manager 5.5 \n * VMWare vCenter Server 5.5 \n * libjpeg libjpeg \n * libjpeg-turbo libjpeg-turbo \n * openSUSE openSUSE 12.3 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nEnsure that all nonadministrative tasks, such as browsing the web and reading email, are performed as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This may indicate exploit attempts or activity that results from a successful exploit.\n\n**Do not follow links provided by unknown or untrusted sources.** \nTo reduce the likelihood of successful exploits, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.\n\n**Set web browser security to disable the execution of script code or active content.** \nTo prevent a successful exploit of script-execution vulnerabilities, disable support for script code and active content within the client browser. Note that this tactic might adversely affect websites that rely on HTML or script code.\n\n**Implement multiple redundant layers of security.** \nVarious memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may hinder an attacker's ability to exploit memory corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2013-11-12T00:00:00", "published": "2013-11-12T00:00:00", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/63676", "id": "SMNTC-63676", "type": "symantec", "title": "libjpeg/libjpeg-turbo Library CVE-2013-6629 Memory Corruption Vulnerability", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:07", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nAn uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan (SOS) JPEG markers or Define Huffman Table (DHT) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. ([CVE-2013-6629 __](<https://access.redhat.com/security/cve/CVE-2013-6629>), [CVE-2013-6630 __](<https://access.redhat.com/security/cve/CVE-2013-6630>))\n\n \n**Affected Packages:** \n\n\nlibjpeg-turbo\n\n \n**Issue Correction:** \nRun _yum update libjpeg-turbo_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n libjpeg-turbo-static-1.2.1-3.4.amzn1.i686 \n libjpeg-turbo-debuginfo-1.2.1-3.4.amzn1.i686 \n libjpeg-turbo-utils-1.2.1-3.4.amzn1.i686 \n turbojpeg-1.2.1-3.4.amzn1.i686 \n turbojpeg-devel-1.2.1-3.4.amzn1.i686 \n libjpeg-turbo-devel-1.2.1-3.4.amzn1.i686 \n libjpeg-turbo-1.2.1-3.4.amzn1.i686 \n \n src: \n libjpeg-turbo-1.2.1-3.4.amzn1.src \n \n x86_64: \n libjpeg-turbo-static-1.2.1-3.4.amzn1.x86_64 \n libjpeg-turbo-debuginfo-1.2.1-3.4.amzn1.x86_64 \n libjpeg-turbo-devel-1.2.1-3.4.amzn1.x86_64 \n turbojpeg-devel-1.2.1-3.4.amzn1.x86_64 \n libjpeg-turbo-utils-1.2.1-3.4.amzn1.x86_64 \n turbojpeg-1.2.1-3.4.amzn1.x86_64 \n libjpeg-turbo-1.2.1-3.4.amzn1.x86_64 \n \n \n", "modified": "2014-09-16T22:13:00", "published": "2014-09-16T22:13:00", "id": "ALAS-2013-267", "href": "https://alas.aws.amazon.com/ALAS-2013-267.html", "title": "Medium: libjpeg-turbo", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "mozilla": [{"lastseen": "2016-09-05T13:37:48", "bulletinFamily": "software", "description": "Google security researcher Michal Zalewski reported issues\nwith JPEG format image processing with Start Of Scan (SOS) and Define Huffman\nTable (DHT) markers in the libjpeg library. This could allow for the possible\nreading of arbitrary memory content as well as cross-domain image theft.", "modified": "2013-12-10T00:00:00", "published": "2013-12-10T00:00:00", "id": "MFSA2013-116", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2013-116/", "type": "mozilla", "title": "JPEG information leak", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-05T13:37:50", "bulletinFamily": "software", "description": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.\nIn general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "modified": "2013-12-10T00:00:00", "published": "2013-12-10T00:00:00", "id": "MFSA2013-104", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2013-104/", "type": "mozilla", "title": "Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}