Search...

Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : thunderbird vulnerabilities (USN-2506-1)

2015-03-05T00:00:00

ID UBUNTU_USN-2506-1.NASL
Type nessus
Reporter Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2015-03-05T00:00:00

Description

Armin Razmdjou discovered that contents of locally readable files could be made available via manipulation of form autocomplete in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-0822)

Abhishek Arya discovered an out-of-bounds read and write when rendering SVG content in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-0827)

Paul Bandha discovered a use-after-free in IndexedDB. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-0831)

Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Liz Henry, Byron Campen, Tom Schuster, and Ryan VanderMeulen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-0836).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2506-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# &lt;http://www.ubuntu.com/usn/&gt;. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(81644);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2015-0822", "CVE-2015-0827", "CVE-2015-0831", "CVE-2015-0836");
  script_xref(name:"USN", value:"2506-1");

  script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : thunderbird vulnerabilities (USN-2506-1)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Armin Razmdjou discovered that contents of locally readable files
could be made available via manipulation of form autocomplete in some
circumstances. If a user were tricked in to opening a specially
crafted message with scripting enabled, an attacker could potentially
exploit this to obtain sensitive information. (CVE-2015-0822)

Abhishek Arya discovered an out-of-bounds read and write when
rendering SVG content in some circumstances. If a user were tricked in
to opening a specially crafted message with scripting enabled, an
attacker could potentially exploit this to obtain sensitive
information. (CVE-2015-0827)

Paul Bandha discovered a use-after-free in IndexedDB. If a user were
tricked in to opening a specially crafted message with scripting
enabled, an attacker could potentially exploit this to cause a denial
of service via application crash, or execute arbitrary code with the
privileges of the user invoking Thunderbird. (CVE-2015-0831)

Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Liz Henry,
Byron Campen, Tom Schuster, and Ryan VanderMeulen discovered multiple
memory safety issues in Thunderbird. If a user were tricked in to
opening a specially crafted message with scripting enabled, an
attacker could potentially exploit these to cause a denial of service
via application crash, or execute arbitrary code with the privileges
of the user invoking Thunderbird. (CVE-2015-0836).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/2506-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected thunderbird package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:thunderbird");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/03/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/05");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(12\.04|14\.04|14\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 14.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" &gt;!&lt; cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"12.04", pkgname:"thunderbird", pkgver:"1:31.5.0+build1-0ubuntu0.12.04.1")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"thunderbird", pkgver:"1:31.5.0+build1-0ubuntu0.14.04.1")) flag++;
if (ubuntu_check(osver:"14.10", pkgname:"thunderbird", pkgver:"1:31.5.0+build1-0ubuntu0.14.10.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird");
}

JSON Vulners Source

Initial Source

{"id": "UBUNTU_USN-2506-1.NASL", "bulletinFamily": "scanner", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : thunderbird vulnerabilities (USN-2506-1)", "description": "Armin Razmdjou discovered that contents of locally readable files\ncould be made available via manipulation of form autocomplete in some\ncircumstances. If a user were tricked in to opening a specially\ncrafted message with scripting enabled, an attacker could potentially\nexploit this to obtain sensitive information. (CVE-2015-0822)\n\nAbhishek Arya discovered an out-of-bounds read and write when\nrendering SVG content in some circumstances. If a user were tricked in\nto opening a specially crafted message with scripting enabled, an\nattacker could potentially exploit this to obtain sensitive\ninformation. (CVE-2015-0827)\n\nPaul Bandha discovered a use-after-free in IndexedDB. If a user were\ntricked in to opening a specially crafted message with scripting\nenabled, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking Thunderbird. (CVE-2015-0831)\n\nCarsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Liz Henry,\nByron Campen, Tom Schuster, and Ryan VanderMeulen discovered multiple\nmemory safety issues in Thunderbird. If a user were tricked in to\nopening a specially crafted message with scripting enabled, an\nattacker could potentially exploit these to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Thunderbird. (CVE-2015-0836).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2015-03-05T00:00:00", "modified": "2015-03-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/81644", "reporter": "Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://usn.ubuntu.com/2506-1/"], "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "type": "nessus", "lastseen": "2021-01-20T15:28:23", "edition": 22, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "ubuntu", "idList": ["USN-2506-1", "USN-2505-1", "USN-2505-2"]}, {"type": "centos", "idList": ["CESA-2015:0265", "CESA-2015:0642", "CESA-2015:0266"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1266-1", "SUSE-SU-2015:0412-1", "OPENSUSE-SU-2015:0448-1", "OPENSUSE-SU-2015:0404-1", "SUSE-SU-2015:0446-1", "OPENSUSE-SU-2015:0567-1", "SUSE-SU-2015:0447-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3179-1:A97BC", "DEBIAN:DSA-3174-1:5189D"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-0266", "ELSA-2015-0265", "ELSA-2015-0642"]}, {"type": "redhat", "idList": ["RHSA-2015:0265", "RHSA-2015:0642", "RHSA-2015:0629", "RHSA-2015:0266"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-3174.NASL", "REDHAT-RHSA-2015-0642.NASL", "ORACLELINUX_ELSA-2015-0642.NASL", "CENTOS_RHSA-2015-0266.NASL", "ORACLELINUX_ELSA-2015-0266.NASL", "REDHAT-RHSA-2015-0265.NASL", "REDHAT-RHSA-2015-0266.NASL", "DEBIAN_DSA-3179.NASL", "CENTOS_RHSA-2015-0642.NASL", "SL_20150225_THUNDERBIRD_ON_SL5_X.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310850641", "OPENVAS:1361412562310842114", "OPENVAS:1361412562310123180", "OPENVAS:1361412562310703174", "OPENVAS:1361412562310882125", "OPENVAS:703174", "OPENVAS:1361412562310123179", "OPENVAS:1361412562310882127", "OPENVAS:1361412562310882124", "OPENVAS:703179"]}, {"type": "cve", "idList": ["CVE-2015-0836", "CVE-2015-0831", "CVE-2015-0827", "CVE-2015-0822"]}, {"type": "archlinux", "idList": ["ASA-201502-15", "ASA-201502-14"]}, {"type": "mozilla", "idList": ["MFSA2015-24", "MFSA2015-19", "MFSA2015-16"]}, {"type": "freebsd", "idList": ["99029172-8253-407D-9D8B-2CFEAB9ABF81"]}, {"type": "kaspersky", "idList": ["KLA10464"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14293"]}, {"type": "gentoo", "idList": ["GLSA-201701-15", "GLSA-201504-01"]}], "modified": "2021-01-20T15:28:23", "rev": 2}, "score": {"value": 8.3, "vector": "NONE", "modified": "2021-01-20T15:28:23", "rev": 2}, "vulnersScore": 8.3}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2506-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81644);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-0822\", \"CVE-2015-0827\", \"CVE-2015-0831\", \"CVE-2015-0836\");\n script_xref(name:\"USN\", value:\"2506-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : thunderbird vulnerabilities (USN-2506-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Armin Razmdjou discovered that contents of locally readable files\ncould be made available via manipulation of form autocomplete in some\ncircumstances. If a user were tricked in to opening a specially\ncrafted message with scripting enabled, an attacker could potentially\nexploit this to obtain sensitive information. (CVE-2015-0822)\n\nAbhishek Arya discovered an out-of-bounds read and write when\nrendering SVG content in some circumstances. If a user were tricked in\nto opening a specially crafted message with scripting enabled, an\nattacker could potentially exploit this to obtain sensitive\ninformation. (CVE-2015-0827)\n\nPaul Bandha discovered a use-after-free in IndexedDB. If a user were\ntricked in to opening a specially crafted message with scripting\nenabled, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking Thunderbird. (CVE-2015-0831)\n\nCarsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Liz Henry,\nByron Campen, Tom Schuster, and Ryan VanderMeulen discovered multiple\nmemory safety issues in Thunderbird. If a user were tricked in to\nopening a specially crafted message with scripting enabled, an\nattacker could potentially exploit these to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Thunderbird. (CVE-2015-0836).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2506-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"thunderbird\", pkgver:\"1:31.5.0+build1-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"thunderbird\", pkgver:\"1:31.5.0+build1-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"thunderbird\", pkgver:\"1:31.5.0+build1-0ubuntu0.14.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "naslFamily": "Ubuntu Local Security Checks", "pluginID": "81644", "cpe": ["cpe:/o:canonical:ubuntu_linux:14.10", "p-cpe:/a:canonical:ubuntu_linux:thunderbird", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "scheme": null}

{"ubuntu": [{"lastseen": "2020-07-02T11:32:57", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "description": "Armin Razmdjou discovered that contents of locally readable files could \nbe made available via manipulation of form autocomplete in some \ncircumstances. If a user were tricked in to opening a specially crafted \nmessage with scripting enabled, an attacker could potentially exploit this \nto obtain sensitive information. (CVE-2015-0822)\n\nAbhishek Arya discovered an out-of-bounds read and write when rendering \nSVG content in some circumstances. If a user were tricked in to opening \na specially crafted message with scripting enabled, an attacker could \npotentially exploit this to obtain sensitive information. (CVE-2015-0827)\n\nPaul Bandha discovered a use-after-free in IndexedDB. If a user were \ntricked in to opening a specially crafted message with scripting enabled, \nan attacker could potentially exploit this to cause a denial of service \nvia application crash, or execute arbitrary code with the privileges of \nthe user invoking Thunderbird. (CVE-2015-0831)\n\nCarsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Liz Henry, Byron \nCampen, Tom Schuster, and Ryan VanderMeulen discovered multiple memory \nsafety issues in Thunderbird. If a user were tricked in to opening a \nspecially crafted message with scripting enabled, an attacker could \npotentially exploit these to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nThunderbird. (CVE-2015-0836)", "edition": 5, "modified": "2015-03-03T00:00:00", "published": "2015-03-03T00:00:00", "id": "USN-2506-1", "href": "https://ubuntu.com/security/notices/USN-2506-1", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:33:06", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0824", "CVE-2015-0831", "CVE-2015-0832", "CVE-2015-0825", "CVE-2015-0821", "CVE-2015-0826", "CVE-2015-0819", "CVE-2015-0834", "CVE-2015-0835", "CVE-2015-0823", "CVE-2015-0836", "CVE-2015-0829", "CVE-2015-0822", "CVE-2015-0830", "CVE-2015-0827", "CVE-2015-0820"], "description": "Matthew Noorenberghe discovered that whitelisted Mozilla domains could \nmake UITour API calls from background tabs. If one of these domains were \ncompromised and open in a background tab, an attacker could potentially \nexploit this to conduct clickjacking attacks. (CVE-2015-0819)\n\nJan de Mooij discovered an issue that affects content using the Caja \nCompiler. If web content loads specially crafted code, this could be used \nto bypass sandboxing security measures provided by Caja. (CVE-2015-0820)\n\nArmin Razmdjou discovered that opening hyperlinks with specific mouse \nand key combinations could allow a Chrome privileged URL to be opened \nwithout context restrictions being preserved. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to bypass security restrictions. (CVE-2015-0821)\n\nArmin Razmdjou discovered that contents of locally readable files could \nbe made available via manipulation of form autocomplete in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to obtain sensitive \ninformation. (CVE-2015-0822)\n\nAtte Kettunen discovered a use-after-free in the OpenType Sanitiser (OTS) \nin some circumstances. If a user were tricked in to opening a specially \ncrafted website, an attacker could potentially exploit this to cause a \ndenial of service via application crash. (CVE-2015-0823)\n\nAtte Kettunen discovered a crash when drawing images using Cairo in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice. (CVE-2015-0824)\n\nAtte Kettunen discovered a buffer underflow during playback of MP3 files \nin some circumstances. If a user were tricked in to opening a specially \ncrafted website, an attacker could potentially exploit this to obtain \nsensitive information. (CVE-2015-0825)\n\nAtte Kettunen discovered a buffer overflow during CSS restyling in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2015-0826)\n\nAbhishek Arya discovered an out-of-bounds read and write when rendering \nSVG content in some circumstances. If a user were tricked in to opening \na specially crafted website, an attacker could potentially exploit this \nto obtain sensitive information. (CVE-2015-0827)\n\nA buffer overflow was discovered in libstagefright during video playback \nin some circumstances. If a user were tricked in to opening a specially \ncrafted website, an attacker could potentially exploit this to cause a \ndenial of service via application crash, or execute arbitrary code with \nthe privileges of the user invoking Firefox. (CVE-2015-0829)\n\nDaniele Di Proietto discovered that WebGL could cause a crash in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice. (CVE-2015-0830)\n\nPaul Bandha discovered a use-after-free in IndexedDB. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2015-0831)\n\nMuneaki Nishimura discovered that a period appended to a hostname could \nbypass key pinning and HSTS in some circumstances. A remote attacker could \npotentially exloit this to conduct a Man-in-the-middle (MITM) attack. \n(CVE-2015-0832)\n\nAlexander Kolesnik discovered that Firefox would attempt plaintext \nconnections to servers when handling turns: and stuns: URIs. A remote \nattacker could potentially exploit this by conducting a Man-in-the-middle \n(MITM) attack in order to obtain credentials. (CVE-2015-0834)\n\nCarsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Liz Henry, Byron \nCampen, Tom Schuster, Ryan VanderMeulen, Christian Holler, Jesse Ruderman, \nRandell Jesup, Robin Whittleton, Jon Coppeard, and Nikhil Marathe \ndiscovered multiple memory safety issues in Firefox. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit these to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2015-0835, CVE-2015-0836)", "edition": 5, "modified": "2015-02-25T00:00:00", "published": "2015-02-25T00:00:00", "id": "USN-2505-1", "href": "https://ubuntu.com/security/notices/USN-2505-1", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:34:19", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0824", "CVE-2015-0831", "CVE-2015-0832", "CVE-2015-0825", "CVE-2015-0821", "CVE-2015-0826", "CVE-2015-0819", "CVE-2015-0834", "CVE-2015-0835", "CVE-2015-0823", "CVE-2015-0836", "CVE-2015-0829", "CVE-2015-0822", "CVE-2015-0830", "CVE-2015-0827", "CVE-2015-0820"], "description": "USN-2505-1 fixed vulnerabilities in Firefox. This update removed the \ndeprecated \"-remote\" command-line switch that some older software still \ndepends on. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nMatthew Noorenberghe discovered that whitelisted Mozilla domains could \nmake UITour API calls from background tabs. If one of these domains were \ncompromised and open in a background tab, an attacker could potentially \nexploit this to conduct clickjacking attacks. (CVE-2015-0819)\n\nJan de Mooij discovered an issue that affects content using the Caja \nCompiler. If web content loads specially crafted code, this could be used \nto bypass sandboxing security measures provided by Caja. (CVE-2015-0820)\n\nArmin Razmdjou discovered that opening hyperlinks with specific mouse \nand key combinations could allow a Chrome privileged URL to be opened \nwithout context restrictions being preserved. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to bypass security restrictions. (CVE-2015-0821)\n\nArmin Razmdjou discovered that contents of locally readable files could \nbe made available via manipulation of form autocomplete in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to obtain sensitive \ninformation. (CVE-2015-0822)\n\nAtte Kettunen discovered a use-after-free in the OpenType Sanitiser (OTS) \nin some circumstances. If a user were tricked in to opening a specially \ncrafted website, an attacker could potentially exploit this to cause a \ndenial of service via application crash. (CVE-2015-0823)\n\nAtte Kettunen discovered a crash when drawing images using Cairo in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice. (CVE-2015-0824)\n\nAtte Kettunen discovered a buffer underflow during playback of MP3 files \nin some circumstances. If a user were tricked in to opening a specially \ncrafted website, an attacker could potentially exploit this to obtain \nsensitive information. (CVE-2015-0825)\n\nAtte Kettunen discovered a buffer overflow during CSS restyling in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2015-0826)\n\nAbhishek Arya discovered an out-of-bounds read and write when rendering \nSVG content in some circumstances. If a user were tricked in to opening \na specially crafted website, an attacker could potentially exploit this \nto obtain sensitive information. (CVE-2015-0827)\n\nA buffer overflow was discovered in libstagefright during video playback \nin some circumstances. If a user were tricked in to opening a specially \ncrafted website, an attacker could potentially exploit this to cause a \ndenial of service via application crash, or execute arbitrary code with \nthe privileges of the user invoking Firefox. (CVE-2015-0829)\n\nDaniele Di Proietto discovered that WebGL could cause a crash in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice. (CVE-2015-0830)\n\nPaul Bandha discovered a use-after-free in IndexedDB. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2015-0831)\n\nMuneaki Nishimura discovered that a period appended to a hostname could \nbypass key pinning and HSTS in some circumstances. A remote attacker could \npotentially exloit this to conduct a Man-in-the-middle (MITM) attack. \n(CVE-2015-0832)\n\nAlexander Kolesnik discovered that Firefox would attempt plaintext \nconnections to servers when handling turns: and stuns: URIs. A remote \nattacker could potentially exploit this by conducting a Man-in-the-middle \n(MITM) attack in order to obtain credentials. (CVE-2015-0834)\n\nCarsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Liz Henry, Byron \nCampen, Tom Schuster, Ryan VanderMeulen, Christian Holler, Jesse Ruderman, \nRandell Jesup, Robin Whittleton, Jon Coppeard, and Nikhil Marathe \ndiscovered multiple memory safety issues in Firefox. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit these to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2015-0835, CVE-2015-0836)", "edition": 5, "modified": "2015-03-09T00:00:00", "published": "2015-03-09T00:00:00", "id": "USN-2505-2", "href": "https://ubuntu.com/security/notices/USN-2505-2", "title": "Firefox regression", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:24:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "description": "**CentOS Errata and Security Advisory** CESA-2015:0265\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827)\n\nAn information leak flaw was found in the way Firefox implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of that\nfile. (CVE-2015-0822)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Carsten Book, Christoph Diehl, Gary Kwong, Jan de\nMooij, Liz Henry, Byron Campen, Tom Schuster, Ryan VanderMeulen, Paul\nBandha, Abhishek Arya, and Armin Razmdjou as the original reporters of\nthese issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 31.5.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 31.5.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-February/032984.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-February/032985.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-February/032986.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0265.html", "edition": 3, "modified": "2015-02-25T03:27:11", "published": "2015-02-25T03:04:39", "href": "http://lists.centos.org/pipermail/centos-announce/2015-February/032984.html", "id": "CESA-2015:0265", "title": "firefox, xulrunner security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:28:11", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "description": "**CentOS Errata and Security Advisory** CESA-2015:0266\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827)\n\nAn information leak flaw was found in the way Thunderbird implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of that\nfile. (CVE-2015-0822)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Carsten Book, Christoph Diehl, Gary Kwong, Jan de\nMooij, Liz Henry, Byron Campen, Tom Schuster, Ryan VanderMeulen, Paul\nBandha, Abhishek Arya, and Armin Razmdjou as the original reporters of\nthese issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 31.5.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 31.5.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-February/032987.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-February/032988.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0266.html", "edition": 3, "modified": "2015-02-25T20:15:49", "published": "2015-02-25T20:08:47", "href": "http://lists.centos.org/pipermail/centos-announce/2015-February/032987.html", "id": "CESA-2015:0266", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-30T13:19:47", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "description": "**CentOS Errata and Security Advisory** CESA-2015:0642\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827)\n\nAn information leak flaw was found in the way Thunderbird implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of that\nfile. (CVE-2015-0822)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Carsten Book, Christoph Diehl, Gary Kwong, Jan de\nMooij, Liz Henry, Byron Campen, Tom Schuster, Ryan VanderMeulen, Paul\nBandha, Abhishek Arya, and Armin Razmdjou as the original reporters of\nthese issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 31.5.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 31.5.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/033078.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-March/008057.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0642.html", "edition": 9, "modified": "2015-04-01T03:33:34", "published": "2015-03-19T19:31:21", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-March/008057.html", "id": "CESA-2015:0642", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:31:51", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "description": "MozillaThunderbird was updated to version 31.5.0 to fix four security\n issues.\n\n These security issues were fixed:\n - CVE-2015-0836: Miscellaneous memory safety hazards\n - CVE-2015-0831: Use-after-free in IndexedDB\n - CVE-2015-0827: Out-of-bounds read and write while rendering SVG content\n - CVE-2015-0822: Reading of local files through manipulation of form\n autocomplete\n\n", "edition": 1, "modified": "2015-03-07T11:04:50", "published": "2015-03-07T11:04:50", "id": "OPENSUSE-SU-2015:0448-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html", "type": "suse", "title": "Security update for MozillaThunderbird (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:31:52", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0831", "CVE-2015-0835", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "description": "MozillaFirefox has been updated to version 31.5.0 ESR to fix five security\n issues.\n\n These security issues have been fixed:\n\n * CVE-2015-0836: Multiple unspecified vulnerabilities in the browser\n engine in Mozilla Firefox before 31.5 allowed remote attackers to\n cause a denial of service (memory corruption and application crash)\n or possibly execute arbitrary code via unknown vectors (bnc#917597).\n * CVE-2015-0827: Heap-based buffer overflow in the\n mozilla::gfx::CopyRect function in Mozilla Firefox before 31.5\n allowed remote attackers to obtain sensitive information from\n uninitialized process memory via a malformed SVG graphic\n (bnc#917597).\n * CVE-2015-0835: Multiple unspecified vulnerabilities in the browser\n engine in Mozilla Firefox before 36.0 allowed remote attackers to\n cause a denial of service (memory corruption and application crash)\n or possibly execute arbitrary code via unknown vectors (bnc#917597).\n * CVE-2015-0831: Use-after-free vulnerability in the\n mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in\n Mozilla Firefox before 31.5 allowed remote attackers to execute\n arbitrary code or cause a denial of service (heap memory corruption)\n via crafted content that is improperly handled during IndexedDB\n index creation (bnc#917597).\n * CVE-2015-0822: The Form Autocompletion feature in Mozilla Firefox\n before 31.5 allowed remote attackers to read arbitrary files via\n crafted JavaScript code (bnc#917597).\n\n These non-security issues have been fixed:\n\n * Reverted desktop file name back to MozillaFirefox.desktop\n (bnc#916196, bnc#917100)\n * Obsolete subpackages of firefox-gcc47 from SLE11-SP1/2, that caused\n problems when upgrading to SLE11-SP3 (bnc#917300)\n\n Security Issues:\n\n * CVE-2015-0822\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822</a>>\n * CVE-2015-0827\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827</a>>\n * CVE-2015-0831\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831</a>>\n * CVE-2015-0836\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836</a>>\n\n", "edition": 1, "modified": "2015-03-07T00:04:56", "published": "2015-03-07T00:04:56", "id": "SUSE-SU-2015:0446-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html", "type": "suse", "title": "Security update for Mozilla Firefox (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:22:07", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0831", "CVE-2015-0835", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "description": "MozillaFirefox was updated to version 31.5.0 ESR to fix five security\n issues.\n\n These security issues were fixed:\n - CVE-2015-0836: Multiple unspecified vulnerabilities in the browser\n engine in Mozilla Firefox before 31.5 allowed remote attackers to cause\n a denial of service (memory corruption and application crash) or\n possibly execute arbitrary code via unknown vectors (bnc#917597).\n - CVE-2015-0827: Heap-based buffer overflow in the mozilla::gfx::CopyRect\n function in Mozilla Firefox before 31.5 allowed remote attackers to\n obtain sensitive information from uninitialized process memory via a\n malformed SVG graphic (bnc#917597).\n - CVE-2015-0835: Multiple unspecified vulnerabilities in the browser\n engine in Mozilla Firefox before 36.0 allowed remote attackers to cause\n a denial of service (memory corruption and application crash) or\n possibly execute arbitrary code via unknown vectors (bnc#917597).\n - CVE-2015-0831: Use-after-free vulnerability in the\n mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla\n Firefox before 31.5 allowed remote attackers to execute arbitrary code\n or cause a denial of service (heap memory corruption) via crafted\n content that is improperly handled during IndexedDB index creation\n (bnc#917597).\n - CVE-2015-0822: The Form Autocompletion feature in Mozilla Firefox before\n 31.5 allowed remote attackers to read arbitrary files via crafted\n JavaScript code (bnc#917597).\n\n", "edition": 1, "modified": "2015-03-03T16:04:59", "published": "2015-03-03T16:04:59", "id": "SUSE-SU-2015:0412-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html", "title": "Security update for MozillaFirefox (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:29:26", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0831", "CVE-2015-0835", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "description": "MozillaFirefox has been updated to version 31.5.0 ESR to fix five security\n issues.\n\n These security issues have been fixed:\n\n * CVE-2015-0836: Multiple unspecified vulnerabilities in the browser\n engine in Mozilla Firefox before 31.5 allowed remote attackers to\n cause a denial of service (memory corruption and application crash)\n or possibly execute arbitrary code via unknown vectors (bnc#917597).\n * CVE-2015-0827: Heap-based buffer overflow in the\n mozilla::gfx::CopyRect function in Mozilla Firefox before 31.5\n allowed remote attackers to obtain sensitive information from\n uninitialized process memory via a malformed SVG graphic\n (bnc#917597).\n * CVE-2015-0835: Multiple unspecified vulnerabilities in the browser\n engine in Mozilla Firefox before 36.0 allowed remote attackers to\n cause a denial of service (memory corruption and application crash)\n or possibly execute arbitrary code via unknown vectors (bnc#917597).\n * CVE-2015-0831: Use-after-free vulnerability in the\n mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in\n Mozilla Firefox before 31.5 allowed remote attackers to execute\n arbitrary code or cause a denial of service (heap memory corruption)\n via crafted content that is improperly handled during IndexedDB\n index creation (bnc#917597).\n * CVE-2015-0822: The Form Autocompletion feature in Mozilla Firefox\n before 31.5 allowed remote attackers to read arbitrary files via\n crafted JavaScript code (bnc#917597).\n\n Security Issues:\n\n * CVE-2015-0822\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822</a>>\n * CVE-2015-0827\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827</a>>\n * CVE-2015-0831\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831</a>>\n * CVE-2015-0836\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836</a>>\n\n", "edition": 1, "modified": "2015-03-07T01:05:04", "published": "2015-03-07T01:05:04", "id": "SUSE-SU-2015:0447-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html", "type": "suse", "title": "Security update for Mozilla Firefox (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:28:41", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0831", "CVE-2015-0818", "CVE-2015-0817", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827", "CVE-2015-0833"], "description": "Update to Firefox 31.5.3 (bnc#923534)\n * MFSA 2015-28/CVE-2015-0818 (bmo#1144988) Privilege escalation through\n SVG navigation\n * MFSA 2015-29/CVE-2015-0817 (bmo#1145255) Code execution through\n incorrect JavaScript bounds checking elimination\n\n - update to Firefox 31.5.0esr (bnc#917597)\n * MFSA 2015-11/CVE-2015-0836 Miscellaneous memory safety hazards\n * MFSA 2015-12/CVE-2015-0833 (bmo#945192) Invoking Mozilla updater will\n load locally stored DLL files (Windows only)\n * MFSA 2015-16/CVE-2015-0831 (bmo#1130514) Use-after-free in IndexedDB\n * MFSA 2015-19/CVE-2015-0827 (bmo#1117304) Out-of-bounds read and write\n while rendering SVG content\n * MFSA 2015-24/CVE-2015-0822 (bmo#1110557) Reading of local files\n through manipulation of form autocomplete\n\n", "edition": 1, "modified": "2015-03-22T21:04:42", "published": "2015-03-22T21:04:42", "id": "OPENSUSE-SU-2015:0567-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html", "title": "update to Firefox 31.5.3 (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:49:17", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0824", "CVE-2015-0831", "CVE-2015-0832", "CVE-2015-0825", "CVE-2015-0821", "CVE-2015-0828", "CVE-2015-0826", "CVE-2015-0819", "CVE-2015-0834", "CVE-2015-0835", "CVE-2015-0823", "CVE-2015-0836", "CVE-2015-0829", "CVE-2015-0822", "CVE-2015-0830", "CVE-2015-0827", "CVE-2014-1569", "CVE-2015-0820"], "description": "MozillaFirefox, mozilla-nss were updated to fix 18 security issues.\n\n MozillaFirefox was updated to version 36.0. These security issues were\n fixed:\n - CVE-2015-0835, CVE-2015-0836: Miscellaneous memory safety hazards\n - CVE-2015-0832: Appended period to hostnames can bypass HPKP and HSTS\n protections\n - CVE-2015-0830: Malicious WebGL content crash when writing strings\n - CVE-2015-0834: TLS TURN and STUN connections silently fail to simple TCP\n connections\n - CVE-2015-0831: Use-after-free in IndexedDB\n - CVE-2015-0829: Buffer overflow in libstagefright during MP4 video\n playback\n - CVE-2015-0828: Double-free when using non-default memory allocators with\n a zero-length XHR\n - CVE-2015-0827: Out-of-bounds read and write while rendering SVG content\n - CVE-2015-0826: Buffer overflow during CSS restyling\n - CVE-2015-0825: Buffer underflow during MP3 playback\n - CVE-2015-0824: Crash using DrawTarget in Cairo graphics library\n - CVE-2015-0823: Use-after-free in Developer Console date with OpenType\n Sanitiser\n - CVE-2015-0822: Reading of local files through manipulation of form\n autocomplete\n - CVE-2015-0821: Local files or privileged URLs in pages can be opened\n into new tabs\n - CVE-2015-0819: UI Tour whitelisted sites in background tab can spoof\n foreground tabs\n - CVE-2015-0820: Caja Compiler JavaScript sandbox bypass\n\n mozilla-nss was updated to version 3.17.4 to fix the following issues:\n - CVE-2014-1569: QuickDER decoder length issue (bnc#910647).\n - bmo#1084986: If an SSL/TLS connection fails, because client and server\n don't have any common protocol version enabled, NSS has been changed to\n report error code SSL_ERROR_UNSUPPORTED_VERSION (instead of reporting\n SSL_ERROR_NO_CYPHER_OVERLAP).\n - bmo#1112461: libpkix was fixed to prefer the newest certificate, if\n multiple certificates match.\n - bmo#1094492: fixed a memory corruption issue during failure of keypair\n generation.\n - bmo#1113632: fixed a failure to reload a PKCS#11 module in FIPS mode.\n - bmo#1119983: fixed interoperability of NSS server code with a LibreSSL\n client.\n\n", "edition": 1, "modified": "2015-03-01T11:04:54", "published": "2015-03-01T11:04:54", "id": "OPENSUSE-SU-2015:0404-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:57:23", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1577", "CVE-2015-4000", "CVE-2015-2738", "CVE-2015-0813", "CVE-2015-0831", "CVE-2015-2713", "CVE-2014-1590", "CVE-2015-2737", "CVE-2014-1586", "CVE-2014-1587", "CVE-2014-1567", "CVE-2014-1594", "CVE-2014-1576", "CVE-2015-2728", "CVE-2015-2724", "CVE-2015-2716", "CVE-2011-3079", "CVE-2014-1578", "CVE-2015-2710", "CVE-2015-0816", "CVE-2015-2739", "CVE-2015-2733", "CVE-2015-2721", "CVE-2014-1563", "CVE-2015-2722", "CVE-2014-1581", "CVE-2014-1592", "CVE-2014-1565", "CVE-2015-2734", "CVE-2014-1564", "CVE-2014-1574", "CVE-2015-0815", "CVE-2015-2743", "CVE-2014-8634", "CVE-2015-0807", "CVE-2014-1562", "CVE-2015-0836", "CVE-2014-1553", "CVE-2014-8639", "CVE-2015-2735", "CVE-2015-2708", "CVE-2015-0822", "CVE-2015-0801", "CVE-2015-0827", "CVE-2015-2736", "CVE-2014-8635", "CVE-2014-8638", "CVE-2015-2740", "CVE-2014-1585", "CVE-2014-1593", "CVE-2015-2730", "CVE-2015-0833"], "description": "Combined Mozilla update:\n - Update Firefox to 31.8.0\n - Update Thunderbird to 31.8.0\n - Update mozilla-nspr to 4.10.6\n - Update mozilla-nss to 3.19.2 to fix several security issues.\n\n", "edition": 1, "modified": "2015-07-18T19:07:56", "published": "2015-07-18T19:07:56", "id": "OPENSUSE-SU-2015:1266-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html", "type": "suse", "title": "Mozilla (Firefox/Thunderbird) updates to 31.8.0 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0822", "CVE-2015-0827", "CVE-2015-0831", "CVE-2015-0836"], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827)\n\nAn information leak flaw was found in the way Firefox implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of that\nfile. (CVE-2015-0822)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Carsten Book, Christoph Diehl, Gary Kwong, Jan de\nMooij, Liz Henry, Byron Campen, Tom Schuster, Ryan VanderMeulen, Paul\nBandha, Abhishek Arya, and Armin Razmdjou as the original reporters of\nthese issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 31.5.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 31.5.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.", "modified": "2018-04-12T03:31:32", "published": "2015-03-05T18:49:00", "id": "RHSA-2015:0629", "href": "https://access.redhat.com/errata/RHSA-2015:0629", "type": "redhat", "title": "(RHSA-2015:0629) Critical: firefox security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:47:08", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0822", "CVE-2015-0827", "CVE-2015-0831", "CVE-2015-0836"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827)\n\nAn information leak flaw was found in the way Thunderbird implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of that\nfile. (CVE-2015-0822)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Carsten Book, Christoph Diehl, Gary Kwong, Jan de\nMooij, Liz Henry, Byron Campen, Tom Schuster, Ryan VanderMeulen, Paul\nBandha, Abhishek Arya, and Armin Razmdjou as the original reporters of\nthese issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 31.5.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 31.5.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n", "modified": "2018-06-06T20:24:06", "published": "2015-02-25T05:00:00", "id": "RHSA-2015:0266", "href": "https://access.redhat.com/errata/RHSA-2015:0266", "type": "redhat", "title": "(RHSA-2015:0266) Important: thunderbird security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:20", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0822", "CVE-2015-0827", "CVE-2015-0831", "CVE-2015-0836"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827)\n\nAn information leak flaw was found in the way Thunderbird implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of that\nfile. (CVE-2015-0822)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Carsten Book, Christoph Diehl, Gary Kwong, Jan de\nMooij, Liz Henry, Byron Campen, Tom Schuster, Ryan VanderMeulen, Paul\nBandha, Abhishek Arya, and Armin Razmdjou as the original reporters of\nthese issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 31.5.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 31.5.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n", "modified": "2018-04-12T03:32:54", "published": "2015-03-05T05:00:00", "id": "RHSA-2015:0642", "href": "https://access.redhat.com/errata/RHSA-2015:0642", "type": "redhat", "title": "(RHSA-2015:0642) Important: thunderbird security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:14", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0822", "CVE-2015-0827", "CVE-2015-0831", "CVE-2015-0836"], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827)\n\nAn information leak flaw was found in the way Firefox implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of that\nfile. (CVE-2015-0822)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Carsten Book, Christoph Diehl, Gary Kwong, Jan de\nMooij, Liz Henry, Byron Campen, Tom Schuster, Ryan VanderMeulen, Paul\nBandha, Abhishek Arya, and Armin Razmdjou as the original reporters of\nthese issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 31.5.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 31.5.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "modified": "2018-06-06T20:24:06", "published": "2015-02-24T05:00:00", "id": "RHSA-2015:0265", "href": "https://access.redhat.com/errata/RHSA-2015:0265", "type": "redhat", "title": "(RHSA-2015:0265) Critical: firefox security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2020-10-22T17:02:41", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "description": "[31.5.0-1.0.1.el6_6]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[31.5.0-1]\n- Update to 31.5.0", "edition": 5, "modified": "2015-02-25T00:00:00", "published": "2015-02-25T00:00:00", "id": "ELSA-2015-0266", "href": "http://linux.oracle.com/errata/ELSA-2015-0266.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:12", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "description": "[31.5.0-2]\n- Update to 31.5.0", "edition": 4, "modified": "2015-03-12T00:00:00", "published": "2015-03-12T00:00:00", "id": "ELSA-2015-0642", "href": "http://linux.oracle.com/errata/ELSA-2015-0642.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:46", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "description": "firefox\n[31.5.0-2.0.1.el7_0]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file\n[31.5.0-2]\n- Update to 31.5.0 ESR Build 2\nxulrunner\n[31.5.0-1.0.1-el7_0]\n- Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js\n- Removed XULRUNNER_VERSION from SOURCE21\n[31.5.0-1]\n- Update to 31.5.0 ESR\n[31.4.0-2]\n- Added -std=gnu++0x to libxul library build flags (rhbz#1170226)", "edition": 4, "modified": "2015-02-25T00:00:00", "published": "2015-02-25T00:00:00", "id": "ELSA-2015-0265", "href": "http://linux.oracle.com/errata/ELSA-2015-0265.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:20", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3174-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 25, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceweasel\nCVE ID : CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0836\n\nMultiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors and\nimplementation errors may lead to the execution of arbitrary code or\ninformation disclosure.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 31.5.0esr-1~deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 31.5.0esr-1.\n\nWe recommend that you upgrade your iceweasel packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2015-02-25T18:52:28", "published": "2015-02-25T18:52:28", "id": "DEBIAN:DSA-3174-1:5189D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00059.html", "title": "[SECURITY] [DSA 3174-1] iceweasel security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:23:00", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3179-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 03, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nCVE ID : CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0836\n\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail and news client: Multiple memory safety\nerrors and implementation errors may lead to the execution of arbitrary\ncode or information disclosure.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 31.5.0-1~deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 31.5.0-1.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "modified": "2015-03-03T21:38:13", "published": "2015-03-03T21:38:13", "id": "DEBIAN:DSA-3179-1:A97BC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00063.html", "title": "[SECURITY] [DSA 3179-1] icedove security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-24T12:53:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "description": "Multiple security issues have been\nfound in Icedove, Debian", "modified": "2017-07-07T00:00:00", "published": "2015-03-03T00:00:00", "id": "OPENVAS:703179", "href": "http://plugins.openvas.org/nasl.php?oid=703179", "type": "openvas", "title": "Debian Security Advisory DSA 3179-1 (icedove - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3179.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3179-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703179);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-0822\", \"CVE-2015-0827\", \"CVE-2015-0831\", \"CVE-2015-0836\");\n script_name(\"Debian Security Advisory DSA 3179-1 (icedove - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-03-03 00:00:00 +0100 (Tue, 03 Mar 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3179.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"icedove on Debian Linux\");\n script_tag(name: \"insight\", value: \"Icedove is an unbranded Thunderbird\nmail client suitable for free distribution. It supports different mail accounts\n(POP, IMAP, Gmail), has an integrated learning Spam filter, and offers easy\norganization of mails with tagging and virtual folders. Also, more features can\nbe added by installing extensions.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 31.5.0-1~deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 31.5.0-1.\n\nWe recommend that you upgrade your icedove packages.\");\n script_tag(name: \"summary\", value: \"Multiple security issues have been\nfound in Icedove, Debian's version of the Mozilla Thunderbird mail and news\nclient: Multiple memory safety errors and implementation errors may lead to\nthe execution of arbitrary code or information disclosure.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"31.5.0-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"31.5.0-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"31.5.0-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"31.5.0-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"31.5.0-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:35:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "description": "Oracle Linux Local Security Checks ELSA-2015-0266", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123179", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123179", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-0266", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-0266.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123179\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:00:22 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-0266\");\n script_tag(name:\"insight\", value:\"ELSA-2015-0266 - thunderbird security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-0266\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-0266.html\");\n script_cve_id(\"CVE-2015-0822\", \"CVE-2015-0827\", \"CVE-2015-0831\", \"CVE-2015-0836\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~31.5.0~1.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~31.5.0~1.0.1.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-03-04T00:00:00", "id": "OPENVAS:1361412562310842114", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842114", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-2506-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for thunderbird USN-2506-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842114\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-04 05:44:46 +0100 (Wed, 04 Mar 2015)\");\n script_cve_id(\"CVE-2015-0822\", \"CVE-2015-0827\", \"CVE-2015-0831\", \"CVE-2015-0836\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for thunderbird USN-2506-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Armin Razmdjou discovered that contents of\nlocally readable files could be made available via manipulation of form\nautocomplete in some circumstances. If a user were tricked in to opening a\nspecially crafted message with scripting enabled, an attacker could potentially\nexploit this to obtain sensitive information. (CVE-2015-0822)\n\nAbhishek Arya discovered an out-of-bounds read and write when rendering\nSVG content in some circumstances. If a user were tricked in to opening\na specially crafted message with scripting enabled, an attacker could\npotentially exploit this to obtain sensitive information. (CVE-2015-0827)\n\nPaul Bandha discovered a use-after-free in IndexedDB. If a user were\ntricked in to opening a specially crafted message with scripting enabled,\nan attacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges of\nthe user invoking Thunderbird. (CVE-2015-0831)\n\nCarsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Liz Henry, Byron\nCampen, Tom Schuster, and Ryan VanderMeulen discovered multiple memory\nsafety issues in Thunderbird. If a user were tricked in to opening a\nspecially crafted message with scripting enabled, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nThunderbird. (CVE-2015-0836)\");\n script_tag(name:\"affected\", value:\"thunderbird on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2506-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2506-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:31.5.0+build1-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:31.5.0+build1-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:31.5.0+build1-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "description": "Check the version of firefox", "modified": "2019-03-08T00:00:00", "published": "2015-02-25T00:00:00", "id": "OPENVAS:1361412562310882124", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882124", "type": "openvas", "title": "CentOS Update for firefox CESA-2015:0265 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2015:0265 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882124\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-25 05:42:51 +0100 (Wed, 25 Feb 2015)\");\n script_cve_id(\"CVE-2015-0822\", \"CVE-2015-0827\", \"CVE-2015-0831\", \"CVE-2015-0836\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2015:0265 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827)\n\nAn information leak flaw was found in the way Firefox implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of that\nfile. (CVE-2015-0822)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Carsten Book, Christoph Diehl, Gary Kwong, Jan de\nMooij, Liz Henry, Byron Campen, Tom Schuster, Ryan VanderMeulen, Paul\nBandha, Abhishek Arya, and Armin Razmdjou as the original reporters of\nthese issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 31.5.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 31.5.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:0265\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-February/020947.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.0~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "description": "Check the version of thunderbird", "modified": "2019-03-08T00:00:00", "published": "2015-02-26T00:00:00", "id": "OPENVAS:1361412562310882126", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882126", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2015:0266 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2015:0266 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882126\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-26 05:39:59 +0100 (Thu, 26 Feb 2015)\");\n script_cve_id(\"CVE-2015-0822\", \"CVE-2015-0827\", \"CVE-2015-0831\", \"CVE-2015-0836\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2015:0266 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827)\n\nAn information leak flaw was found in the way Thunderbird implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of that\nfile. (CVE-2015-0822)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Carsten Book, Christoph Diehl, Gary Kwong, Jan de\nMooij, Liz Henry, Byron Campen, Tom Schuster, Ryan VanderMeulen, Paul\nBandha, Abhishek Arya, and Armin Razmdjou as the original reporters of\nthese issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 31.5.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 31.5.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:0266\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-February/020949.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~31.5.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "description": "Check the version of thunderbird", "modified": "2019-03-08T00:00:00", "published": "2015-02-26T00:00:00", "id": "OPENVAS:1361412562310882127", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882127", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2015:0266 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2015:0266 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882127\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-26 05:40:05 +0100 (Thu, 26 Feb 2015)\");\n script_cve_id(\"CVE-2015-0822\", \"CVE-2015-0827\", \"CVE-2015-0831\", \"CVE-2015-0836\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2015:0266 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827)\n\nAn information leak flaw was found in the way Thunderbird implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of that\nfile. (CVE-2015-0822)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Carsten Book, Christoph Diehl, Gary Kwong, Jan de\nMooij, Liz Henry, Byron Campen, Tom Schuster, Ryan VanderMeulen, Paul\nBandha, Abhishek Arya, and Armin Razmdjou as the original reporters of\nthese issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 31.5.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 31.5.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:0266\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-February/020950.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~31.5.0~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "description": "Check the version of firefox", "modified": "2019-03-08T00:00:00", "published": "2015-02-25T00:00:00", "id": "OPENVAS:1361412562310882122", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882122", "type": "openvas", "title": "CentOS Update for firefox CESA-2015:0265 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2015:0265 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882122\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-25 05:42:46 +0100 (Wed, 25 Feb 2015)\");\n script_cve_id(\"CVE-2015-0822\", \"CVE-2015-0827\", \"CVE-2015-0831\", \"CVE-2015-0836\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2015:0265 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827)\n\nAn information leak flaw was found in the way Firefox implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of that\nfile. (CVE-2015-0822)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Carsten Book, Christoph Diehl, Gary Kwong, Jan de\nMooij, Liz Henry, Byron Campen, Tom Schuster, Ryan VanderMeulen, Paul\nBandha, Abhishek Arya, and Armin Razmdjou as the original reporters of\nthese issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 31.5.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 31.5.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:0265\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-February/020946.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "description": "Oracle Linux Local Security Checks ELSA-2015-0642", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123161", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123161", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-0642", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-0642.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123161\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:00:07 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-0642\");\n script_tag(name:\"insight\", value:\"ELSA-2015-0642 - thunderbird security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-0642\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-0642.html\");\n script_cve_id(\"CVE-2015-0822\", \"CVE-2015-0827\", \"CVE-2015-0831\", \"CVE-2015-0836\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~31.5.0~2.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-02-25T00:00:00", "id": "OPENVAS:1361412562310871317", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871317", "type": "openvas", "title": "RedHat Update for firefox RHSA-2015:0265-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2015:0265-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871317\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-25 05:42:20 +0100 (Wed, 25 Feb 2015)\");\n script_cve_id(\"CVE-2015-0822\", \"CVE-2015-0827\", \"CVE-2015-0831\", \"CVE-2015-0836\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for firefox RHSA-2015:0265-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827)\n\nAn information leak flaw was found in the way Firefox implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of that\nfile. (CVE-2015-0822)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Carsten Book, Christoph Diehl, Gary Kwong, Jan de\nMooij, Liz Henry, Byron Campen, Tom Schuster, Ryan VanderMeulen, Paul\nBandha, Abhishek Arya, and Armin Razmdjou as the original reporters of\nthese issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 31.5.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 31.5.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"affected\", value:\"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:0265-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-February/msg00041.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6|5)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.0~2.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~31.5.0~2.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~31.5.0~1.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~31.5.0~1.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.0~1.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~31.5.0~1.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.0~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~31.5.0~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:38:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-03-08T00:00:00", "id": "OPENVAS:1361412562310850641", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850641", "type": "openvas", "title": "openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2015:0448-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850641\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-03-08 05:45:05 +0100 (Sun, 08 Mar 2015)\");\n script_cve_id(\"CVE-2015-0822\", \"CVE-2015-0827\", \"CVE-2015-0831\", \"CVE-2015-0836\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2015:0448-1)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MozillaThunderbird'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MozillaThunderbird was updated to version 31.5.0 to fix four security\n issues.\n\n These security issues were fixed:\n\n - CVE-2015-0836: Miscellaneous memory safety hazards\n\n - CVE-2015-0831: Use-after-free in IndexedDB\n\n - CVE-2015-0827: Out-of-bounds read and write while rendering SVG content\n\n - CVE-2015-0822: Reading of local files through manipulation of form\n autocomplete\");\n\n script_tag(name:\"affected\", value:\"MozillaThunderbird on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"openSUSE-SU\", value:\"2015:0448-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~31.5.0~70.47.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-buildsymbols\", rpm:\"MozillaThunderbird-buildsymbols~31.5.0~70.47.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debuginfo\", rpm:\"MozillaThunderbird-debuginfo~31.5.0~70.47.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debugsource\", rpm:\"MozillaThunderbird-debugsource~31.5.0~70.47.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~31.5.0~70.47.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~31.5.0~70.47.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~31.5.0~70.47.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-17T13:48:40", "description": "Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827)\n\nAn information leak flaw was found in the way Firefox implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of\nthat file. (CVE-2015-0822)\n\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.", "edition": 14, "published": "2015-02-26T00:00:00", "title": "Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20150225)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "modified": "2015-02-26T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:xulrunner-debuginfo", "p-cpe:/a:fermilab:scientific_linux:firefox", "p-cpe:/a:fermilab:scientific_linux:xulrunner-devel", "p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:xulrunner"], "id": "SL_20150225_FIREFOX_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/81540", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81540);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-0822\", \"CVE-2015-0827\", \"CVE-2015-0831\", \"CVE-2015-0836\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20150225)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827)\n\nAn information leak flaw was found in the way Firefox implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of\nthat file. (CVE-2015-0822)\n\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1502&L=scientific-linux-errata&T=0&P=2014\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e7562f68\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"firefox-31.5.0-1.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"firefox-debuginfo-31.5.0-1.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"firefox-31.5.0-1.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"firefox-debuginfo-31.5.0-1.el6_6\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-31.5.0-2.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-debuginfo-31.5.0-2.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"xulrunner-31.5.0-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-31.5.0-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"xulrunner-devel-31.5.0-1.el7_0\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo / xulrunner / xulrunner-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:49:48", "description": "From Red Hat Security Advisory 2015:0266 :\n\nAn updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-0836, CVE-2015-0831,\nCVE-2015-0827)\n\nAn information leak flaw was found in the way Thunderbird implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of\nthat file. (CVE-2015-0822)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Carsten Book, Christoph Diehl, Gary\nKwong, Jan de Mooij, Liz Henry, Byron Campen, Tom Schuster, Ryan\nVanderMeulen, Paul Bandha, Abhishek Arya, and Armin Razmdjou as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 31.5.0. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 31.5.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.", "edition": 17, "published": "2015-02-26T00:00:00", "title": "Oracle Linux 6 : thunderbird (ELSA-2015-0266)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "modified": "2015-02-26T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:thunderbird"], "id": "ORACLELINUX_ELSA-2015-0266.NASL", "href": "https://www.tenable.com/plugins/nessus/81538", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0266 and \n# Oracle Linux Security Advisory ELSA-2015-0266 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81538);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-0822\", \"CVE-2015-0827\", \"CVE-2015-0831\", \"CVE-2015-0836\");\n script_xref(name:\"RHSA\", value:\"2015:0266\");\n\n script_name(english:\"Oracle Linux 6 : thunderbird (ELSA-2015-0266)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2015:0266 :\n\nAn updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-0836, CVE-2015-0831,\nCVE-2015-0827)\n\nAn information leak flaw was found in the way Thunderbird implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of\nthat file. (CVE-2015-0822)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Carsten Book, Christoph Diehl, Gary\nKwong, Jan de Mooij, Liz Henry, Byron Campen, Tom Schuster, Ryan\nVanderMeulen, Paul Bandha, Abhishek Arya, and Armin Razmdjou as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 31.5.0. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 31.5.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-February/004861.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"thunderbird-31.5.0-1.0.1.el6_6\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:30:05", "description": "An updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-0836, CVE-2015-0831,\nCVE-2015-0827)\n\nAn information leak flaw was found in the way Thunderbird implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of\nthat file. (CVE-2015-0822)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Carsten Book, Christoph Diehl, Gary\nKwong, Jan de Mooij, Liz Henry, Byron Campen, Tom Schuster, Ryan\nVanderMeulen, Paul Bandha, Abhishek Arya, and Armin Razmdjou as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 31.5.0. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 31.5.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.", "edition": 20, "published": "2015-03-20T00:00:00", "title": "CentOS 7 : thunderbird (CESA-2015:0642)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "modified": "2015-03-20T00:00:00", "cpe": ["cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:thunderbird"], "id": "CENTOS_RHSA-2015-0642.NASL", "href": "https://www.tenable.com/plugins/nessus/81954", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0642 and \n# CentOS Errata and Security Advisory 2015:0642 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81954);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-0822\", \"CVE-2015-0827\", \"CVE-2015-0831\", \"CVE-2015-0836\");\n script_bugtraq_id(72742, 72746, 72755, 72756);\n script_xref(name:\"RHSA\", value:\"2015:0642\");\n\n script_name(english:\"CentOS 7 : thunderbird (CESA-2015:0642)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-0836, CVE-2015-0831,\nCVE-2015-0827)\n\nAn information leak flaw was found in the way Thunderbird implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of\nthat file. (CVE-2015-0822)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Carsten Book, Christoph Diehl, Gary\nKwong, Jan de Mooij, Liz Henry, Byron Campen, Tom Schuster, Ryan\nVanderMeulen, Paul Bandha, Abhishek Arya, and Armin Razmdjou as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 31.5.0. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 31.5.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-April/021040.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e56e57c8\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-March/001857.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?22f93f55\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0836\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-31.5.0-2.el7.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-31T20:09:18", "description": "An updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-0836, CVE-2015-0831,\nCVE-2015-0827)\n\nAn information leak flaw was found in the way Thunderbird implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of\nthat file. (CVE-2015-0822)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Carsten Book, Christoph Diehl, Gary\nKwong, Jan de Mooij, Liz Henry, Byron Campen, Tom Schuster, Ryan\nVanderMeulen, Paul Bandha, Abhishek Arya, and Armin Razmdjou as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 31.5.0. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 31.5.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.", "edition": 21, "published": "2015-02-26T00:00:00", "title": "RHEL 5 / 6 : thunderbird (RHSA-2015:0266)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "modified": "2015-02-26T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:thunderbird", "cpe:/o:redhat:enterprise_linux:6.6", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2015-0266.NASL", "href": "https://www.tenable.com/plugins/nessus/81539", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0266. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81539);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2015-0822\", \"CVE-2015-0827\", \"CVE-2015-0831\", \"CVE-2015-0836\");\n script_xref(name:\"RHSA\", value:\"2015:0266\");\n\n script_name(english:\"RHEL 5 / 6 : thunderbird (RHSA-2015:0266)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-0836, CVE-2015-0831,\nCVE-2015-0827)\n\nAn information leak flaw was found in the way Thunderbird implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of\nthat file. (CVE-2015-0822)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Carsten Book, Christoph Diehl, Gary\nKwong, Jan de Mooij, Liz Henry, Byron Campen, Tom Schuster, Ryan\nVanderMeulen, Paul Bandha, Abhishek Arya, and Armin Razmdjou as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 31.5.0. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 31.5.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n # https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?333aa168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0266\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0822\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0266\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-31.5.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-31.5.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-debuginfo-31.5.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-31.5.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-31.5.0-1.el6_6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-31.5.0-1.el6_6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-31.5.0-1.el6_6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-debuginfo-31.5.0-1.el6_6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-debuginfo-31.5.0-1.el6_6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-31.5.0-1.el6_6\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:28:19", "description": "MozillaThunderbird was updated to version 31.5.0 to fix four security\nissues.\n\nThese security issues were fixed :\n\n - CVE-2015-0836: Miscellaneous memory safety hazards\n\n - CVE-2015-0831: Use-after-free in IndexedDB\n\n - CVE-2015-0827: Out-of-bounds read and write while\n rendering SVG content\n\n - CVE-2015-0822: Reading of local files through\n manipulation of form autocomplete", "edition": 17, "published": "2015-03-09T00:00:00", "title": "openSUSE Security Update : MozillaThunderbird (openSUSE-2015-206)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "modified": "2015-03-09T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "cpe:/o:novell:opensuse:13.2", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2015-206.NASL", "href": "https://www.tenable.com/plugins/nessus/81693", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-206.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81693);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-0822\", \"CVE-2015-0827\", \"CVE-2015-0831\", \"CVE-2015-0836\");\n\n script_name(english:\"openSUSE Security Update : MozillaThunderbird (openSUSE-2015-206)\");\n script_summary(english:\"Check for the openSUSE-2015-206 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MozillaThunderbird was updated to version 31.5.0 to fix four security\nissues.\n\nThese security issues were fixed :\n\n - CVE-2015-0836: Miscellaneous memory safety hazards\n\n - CVE-2015-0831: Use-after-free in IndexedDB\n\n - CVE-2015-0827: Out-of-bounds read and write while\n rendering SVG content\n\n - CVE-2015-0822: Reading of local files through\n manipulation of form autocomplete\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=917597\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaThunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-31.5.0-70.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-buildsymbols-31.5.0-70.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-debuginfo-31.5.0-70.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-debugsource-31.5.0-70.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-devel-31.5.0-70.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-translations-common-31.5.0-70.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-translations-other-31.5.0-70.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-31.5.0-12.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-buildsymbols-31.5.0-12.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-debuginfo-31.5.0-12.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-debugsource-31.5.0-12.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-devel-31.5.0-12.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-translations-common-31.5.0-12.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-translations-other-31.5.0-12.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird / MozillaThunderbird-buildsymbols / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:48:58", "description": "Multiple security issues have been found in Iceweasel, Debian's\nversion of the Mozilla Firefox web browser: Multiple memory safety\nerrors and implementation errors may lead to the execution of\narbitrary code or information disclosure.", "edition": 16, "published": "2015-02-26T00:00:00", "title": "Debian DSA-3174-1 : iceweasel - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "modified": "2015-02-26T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:iceweasel", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3174.NASL", "href": "https://www.tenable.com/plugins/nessus/81528", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3174. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81528);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-0822\", \"CVE-2015-0827\", \"CVE-2015-0831\", \"CVE-2015-0836\");\n script_bugtraq_id(72742, 72746, 72755, 72756);\n script_xref(name:\"DSA\", value:\"3174\");\n\n script_name(english:\"Debian DSA-3174-1 : iceweasel - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Iceweasel, Debian's\nversion of the Mozilla Firefox web browser: Multiple memory safety\nerrors and implementation errors may lead to the execution of\narbitrary code or information disclosure.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/iceweasel\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3174\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the iceweasel packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 31.5.0esr-1~deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-dbg\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-dev\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ach\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-af\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-all\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-an\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ar\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-as\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ast\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-be\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bg\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-br\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bs\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ca\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-cs\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-csb\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-cy\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-da\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-de\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-el\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-eo\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-et\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-eu\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fa\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ff\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fi\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fr\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gd\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gl\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-he\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hr\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hu\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-id\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-is\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-it\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ja\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-kk\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-km\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-kn\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ko\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ku\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lij\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lt\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lv\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mai\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mk\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ml\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mr\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ms\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nl\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-or\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pl\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-rm\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ro\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ru\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-si\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sk\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sl\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-son\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sq\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sr\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ta\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-te\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-th\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-tr\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-uk\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-vi\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-xh\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zu\", reference:\"31.5.0esr-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:48:40", "description": "Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-0836, CVE-2015-0831,\nCVE-2015-0827)\n\nAn information leak flaw was found in the way Thunderbird implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of\nthat file. (CVE-2015-0822)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.", "edition": 14, "published": "2015-02-26T00:00:00", "title": "Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20150225)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "modified": "2015-02-26T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:thunderbird", "p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150225_THUNDERBIRD_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/81541", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81541);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-0822\", \"CVE-2015-0827\", \"CVE-2015-0831\", \"CVE-2015-0836\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20150225)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2015-0836, CVE-2015-0831,\nCVE-2015-0827)\n\nAn information leak flaw was found in the way Thunderbird implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of\nthat file. (CVE-2015-0822)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1502&L=scientific-linux-errata&T=0&P=1876\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?25679edc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-31.5.0-1.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-debuginfo-31.5.0-1.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-31.5.0-1.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-debuginfo-31.5.0-1.el6_6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:48:59", "description": "Multiple security issues have been found in Icedove, Debian's version\nof the Mozilla Thunderbird mail and news client: Multiple memory\nsafety errors and implementation errors may lead to the execution of\narbitrary code or information disclosure.", "edition": 16, "published": "2015-03-05T00:00:00", "title": "Debian DSA-3179-1 : icedove - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "modified": "2015-03-05T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:icedove"], "id": "DEBIAN_DSA-3179.NASL", "href": "https://www.tenable.com/plugins/nessus/81607", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3179. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81607);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-0822\", \"CVE-2015-0827\", \"CVE-2015-0831\", \"CVE-2015-0836\");\n script_xref(name:\"DSA\", value:\"3179\");\n\n script_name(english:\"Debian DSA-3179-1 : icedove - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Icedove, Debian's version\nof the Mozilla Thunderbird mail and news client: Multiple memory\nsafety errors and implementation errors may lead to the execution of\narbitrary code or information disclosure.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/icedove\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3179\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icedove packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 31.5.0-1~deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"calendar-google-provider\", reference:\"31.5.0-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove\", reference:\"31.5.0-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove-dbg\", reference:\"31.5.0-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove-dev\", reference:\"31.5.0-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceowl-extension\", reference:\"31.5.0-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:30:01", "description": "Updated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5, 6 and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827)\n\nAn information leak flaw was found in the way Firefox implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of\nthat file. (CVE-2015-0822)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Carsten Book, Christoph Diehl, Gary\nKwong, Jan de Mooij, Liz Henry, Byron Campen, Tom Schuster, Ryan\nVanderMeulen, Paul Bandha, Abhishek Arya, and Armin Razmdjou as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 31.5.0 ESR. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 31.5.0 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 28, "published": "2015-02-25T00:00:00", "title": "CentOS 5 / 6 / 7 : firefox (CESA-2015:0265)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "modified": "2015-02-25T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:xulrunner-devel", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:xulrunner", "p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2015-0265.NASL", "href": "https://www.tenable.com/plugins/nessus/81503", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0265 and \n# CentOS Errata and Security Advisory 2015:0265 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81503);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-0822\", \"CVE-2015-0827\", \"CVE-2015-0831\", \"CVE-2015-0836\");\n script_bugtraq_id(72742, 72746, 72755, 72756);\n script_xref(name:\"RHSA\", value:\"2015:0265\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : firefox (CESA-2015:0265)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5, 6 and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827)\n\nAn information leak flaw was found in the way Firefox implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of\nthat file. (CVE-2015-0822)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Carsten Book, Christoph Diehl, Gary\nKwong, Jan de Mooij, Liz Henry, Byron Campen, Tom Schuster, Ryan\nVanderMeulen, Paul Bandha, Abhishek Arya, and Armin Razmdjou as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 31.5.0 ESR. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 31.5.0 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-February/020946.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?907d6ddb\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-February/020947.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2aa67940\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-February/020948.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f4c978c4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0836\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-31.5.0-1.el5.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"firefox-31.5.0-1.el6.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"firefox-31.5.0-2.el7.centos\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"xulrunner-31.5.0-1.el7.centos\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"xulrunner-devel-31.5.0-1.el7.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner / xulrunner-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-31T20:09:18", "description": "Updated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5, 6 and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827)\n\nAn information leak flaw was found in the way Firefox implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of\nthat file. (CVE-2015-0822)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Carsten Book, Christoph Diehl, Gary\nKwong, Jan de Mooij, Liz Henry, Byron Campen, Tom Schuster, Ryan\nVanderMeulen, Paul Bandha, Abhishek Arya, and Armin Razmdjou as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 31.5.0 ESR. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 31.5.0 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 22, "published": "2015-02-25T00:00:00", "title": "RHEL 5 / 6 / 7 : firefox (RHSA-2015:0265)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0831", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "modified": "2015-02-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.7", "p-cpe:/a:redhat:enterprise_linux:xulrunner", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:6.6", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:xulrunner-devel", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2015-0265.NASL", "href": "https://www.tenable.com/plugins/nessus/81506", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0265. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81506);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2015-0822\", \"CVE-2015-0827\", \"CVE-2015-0831\", \"CVE-2015-0836\");\n script_bugtraq_id(72742, 72746, 72755, 72756);\n script_xref(name:\"RHSA\", value:\"2015:0265\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : firefox (RHSA-2015:0265)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5, 6 and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827)\n\nAn information leak flaw was found in the way Firefox implemented\nautocomplete forms. An attacker able to trick a user into specifying a\nlocal file in the form could use this flaw to access the contents of\nthat file. (CVE-2015-0822)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Carsten Book, Christoph Diehl, Gary\nKwong, Jan de Mooij, Liz Henry, Byron Campen, Tom Schuster, Ryan\nVanderMeulen, Paul Bandha, Abhishek Arya, and Armin Razmdjou as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 31.5.0 ESR. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 31.5.0 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b5eaff4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0822\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0265\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-31.5.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-debuginfo-31.5.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-31.5.0-1.el6_6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-debuginfo-31.5.0-1.el6_6\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-31.5.0-2.el7_0\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-debuginfo-31.5.0-2.el7_0\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"xulrunner-31.5.0-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"xulrunner-debuginfo-31.5.0-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"xulrunner-devel-31.5.0-1.el7_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo / xulrunner / xulrunner-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2020-12-09T20:03:00", "description": "The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.", "edition": 5, "cvss3": {}, "published": "2015-02-25T11:59:00", "title": "CVE-2015-0822", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0822"], "modified": "2016-12-24T02:59:00", "cpe": ["cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:17.0.10", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:firefox:34.0.5", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:17.0.6", "cpe:/a:mozilla:firefox:20.0.1", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:firefox:31.0", "cpe:/a:mozilla:firefox:3.5.14", "cpe:/a:mozilla:firefox:3.6.20", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:thunderbird:31.4", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:firefox:18.0", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:firefox:3.5.18", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:17.0.11", "cpe:/a:mozilla:firefox:16.0.2", "cpe:/a:mozilla:firefox:0.4", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:firefox:3.5.19", "cpe:/a:mozilla:firefox:10.0.4", "cpe:/a:mozilla:firefox:0.5", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.12", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:3.6.17", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:firefox:25.0", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:14.0.1", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:firefox:17.0.7", "cpe:/a:mozilla:firefox:3.6.19", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:firefox:10.0.7", "cpe:/a:mozilla:firefox:29.0", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:firefox:24.1.1", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:14.0", "cpe:/a:mozilla:firefox:17.0.5", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:32.0", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:thunderbird:31.1.2", "cpe:/a:mozilla:firefox:1.8", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:firefox:17.0.1", "cpe:/a:mozilla:thunderbird:31.3", "cpe:/a:mozilla:firefox:27.0", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:10.0.5", "cpe:/a:mozilla:firefox:17.0.2", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:firefox:30.0", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:3.6.26", "cpe:/a:mozilla:firefox:23.0", "cpe:/a:mozilla:firefox:3.0.18", "cpe:/a:mozilla:firefox_esr:31.1", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:firefox:20.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:firefox:17.0.9", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:firefox:3.0.19", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:firefox_esr:31.5", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:firefox:3.6.23", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.6.24", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:firefox:3.5.16", "cpe:/a:mozilla:thunderbird:31.2", "cpe:/a:mozilla:firefox:15.0", "cpe:/a:mozilla:firefox:19.0.1", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:firefox:17.0.8", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:firefox:10.0.3", "cpe:/a:mozilla:firefox:0.6", "cpe:/a:mozilla:firefox:13.0", "cpe:/a:mozilla:firefox_esr:31.1.1", "cpe:/a:mozilla:firefox:3.6.22", "cpe:/a:mozilla:firefox:31.1.0", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox_esr:31.3", "cpe:/a:mozilla:firefox:17.0.3", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:35.0.1", "cpe:/a:mozilla:firefox:3.6.28", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:firefox:12.0", "cpe:/a:mozilla:firefox:3.6.16", "cpe:/a:mozilla:firefox:3.6.25", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:firefox:17.0", "cpe:/a:mozilla:firefox:19.0.2", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:firefox:10.0.10", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:firefox:10.0.9", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:29.0.1", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:15.0.1", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:firefox:3.5.17", "cpe:/a:mozilla:firefox:3.6.21", "cpe:/a:mozilla:firefox_esr:31.4", "cpe:/a:mozilla:firefox:28.0", "cpe:/a:mozilla:firefox:18.0.1", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:firefox:18.0.2", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:24.0", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:firefox:0.1", "cpe:/a:mozilla:firefox:27.0.1", "cpe:/a:mozilla:firefox:25.0.1", "cpe:/a:mozilla:firefox:16.0.1", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.6.15", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:10.0.6", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:firefox:24.1", "cpe:/a:mozilla:firefox:16.0", "cpe:/a:mozilla:firefox:17.0.4", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:firefox:22.0", "cpe:/a:mozilla:firefox_esr:31.0", "cpe:/a:mozilla:firefox:3.6.11", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:firefox:23.0.1", "cpe:/a:mozilla:firefox:3.5.15", "cpe:/a:mozilla:firefox:3.6.13", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:firefox:3.6.27", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:firefox:10.0.12", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:firefox:10.0.11", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:0.2", "cpe:/a:mozilla:firefox:33.0", "cpe:/a:mozilla:firefox:26.0", "cpe:/a:mozilla:firefox:0.7", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:firefox:1.4.1", "cpe:/a:mozilla:firefox_esr:31.2", "cpe:/a:mozilla:firefox:13.0.1", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:firefox:0.7.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:firefox:10.0.8", "cpe:/a:mozilla:firefox:19.0", "cpe:/a:mozilla:firefox:0.6.1", "cpe:/a:mozilla:thunderbird:31.0", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:firefox:3.6.14", "cpe:/a:mozilla:firefox:0.3", "cpe:/a:mozilla:firefox:3.6.18", "cpe:/a:mozilla:firefox:21.0"], "id": "CVE-2015-0822", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0822", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:31.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:23.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:31.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:13.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:28.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.23:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:14.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:12.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:31.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:27.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.25:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.26:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:24.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:25.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.28:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:16.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:25.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:35.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:24.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:34.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:32.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.24:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:31.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:29.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:27.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.21:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:18.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:21.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:33.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:31.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.22:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:16.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:13.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:29.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:15.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.27:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:18.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:14.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:24.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:18.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:23.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:22.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:26.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:00", "description": "Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic.", "edition": 5, "cvss3": {}, "published": "2015-02-25T11:59:00", "title": "CVE-2015-0827", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0827"], "modified": "2016-12-24T02:59:00", "cpe": ["cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:17.0.10", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:firefox:34.0.5", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:17.0.6", "cpe:/a:mozilla:firefox:20.0.1", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:firefox:31.0", "cpe:/a:mozilla:firefox:3.5.14", "cpe:/a:mozilla:firefox:3.6.20", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:thunderbird:31.4", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:firefox:18.0", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:firefox:3.5.18", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:17.0.11", "cpe:/a:mozilla:firefox:16.0.2", "cpe:/a:mozilla:firefox:0.4", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:firefox:3.5.19", "cpe:/a:mozilla:firefox:10.0.4", "cpe:/a:mozilla:firefox:0.5", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.12", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:3.6.17", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:firefox:25.0", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:14.0.1", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:firefox:17.0.7", "cpe:/a:mozilla:firefox:3.6.19", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:firefox:10.0.7", "cpe:/a:mozilla:firefox:29.0", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:firefox:24.1.1", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:14.0", "cpe:/a:mozilla:firefox:17.0.5", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:32.0", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:thunderbird:31.1.2", "cpe:/a:mozilla:firefox:1.8", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:firefox:17.0.1", "cpe:/a:mozilla:thunderbird:31.3", "cpe:/a:mozilla:firefox:27.0", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:10.0.5", "cpe:/a:mozilla:firefox:17.0.2", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:firefox:30.0", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:3.6.26", "cpe:/a:mozilla:firefox:23.0", "cpe:/a:mozilla:firefox:3.0.18", "cpe:/a:mozilla:firefox_esr:31.1", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:firefox:20.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:firefox:17.0.9", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:firefox:3.0.19", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:firefox_esr:31.5", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:firefox:3.6.23", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.6.24", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:firefox:3.5.16", "cpe:/a:mozilla:thunderbird:31.2", "cpe:/a:mozilla:firefox:15.0", "cpe:/a:mozilla:firefox:19.0.1", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:firefox:17.0.8", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:firefox:10.0.3", "cpe:/a:mozilla:firefox:0.6", "cpe:/a:mozilla:firefox:13.0", "cpe:/a:mozilla:firefox_esr:31.1.1", "cpe:/a:mozilla:firefox:3.6.22", "cpe:/a:mozilla:firefox:31.1.0", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox_esr:31.3", "cpe:/a:mozilla:firefox:17.0.3", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:35.0.1", "cpe:/a:mozilla:firefox:3.6.28", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:firefox:12.0", "cpe:/a:mozilla:firefox:3.6.16", "cpe:/a:mozilla:firefox:3.6.25", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:firefox:17.0", "cpe:/a:mozilla:firefox:19.0.2", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:firefox:10.0.10", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:firefox:10.0.9", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:29.0.1", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:15.0.1", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:firefox:3.5.17", "cpe:/a:mozilla:firefox:3.6.21", "cpe:/a:mozilla:firefox_esr:31.4", "cpe:/a:mozilla:firefox:28.0", "cpe:/a:mozilla:firefox:18.0.1", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:firefox:18.0.2", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:24.0", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:firefox:0.1", "cpe:/a:mozilla:firefox:27.0.1", "cpe:/a:mozilla:firefox:25.0.1", "cpe:/a:mozilla:firefox:16.0.1", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.6.15", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:10.0.6", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:firefox:24.1", "cpe:/a:mozilla:firefox:16.0", "cpe:/a:mozilla:firefox:17.0.4", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:firefox:22.0", "cpe:/a:mozilla:firefox_esr:31.0", "cpe:/a:mozilla:firefox:3.6.11", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:firefox:23.0.1", "cpe:/a:mozilla:firefox:3.5.15", "cpe:/a:mozilla:firefox:3.6.13", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:firefox:3.6.27", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:firefox:10.0.12", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:firefox:10.0.11", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:0.2", "cpe:/a:mozilla:firefox:33.0", "cpe:/a:mozilla:firefox:26.0", "cpe:/a:mozilla:firefox:0.7", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:firefox:1.4.1", "cpe:/a:mozilla:firefox_esr:31.2", "cpe:/a:mozilla:firefox:13.0.1", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:firefox:0.7.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:firefox:10.0.8", "cpe:/a:mozilla:firefox:19.0", "cpe:/a:mozilla:firefox:0.6.1", "cpe:/a:mozilla:thunderbird:31.0", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:firefox:3.6.14", "cpe:/a:mozilla:firefox:0.3", "cpe:/a:mozilla:firefox:3.6.18", "cpe:/a:mozilla:firefox:21.0"], "id": "CVE-2015-0827", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0827", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:31.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:23.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:31.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:13.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:28.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.23:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:14.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:12.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:31.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:27.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.25:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.26:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:24.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:25.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.28:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:16.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:25.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:35.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:24.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:34.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:32.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.24:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:31.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:29.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:27.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.21:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:18.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:21.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:33.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:31.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.22:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:16.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:13.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:29.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:15.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.27:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:18.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:14.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:24.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:18.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:23.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:22.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:26.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:00", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "edition": 5, "cvss3": {}, "published": "2015-02-25T11:59:00", "title": "CVE-2015-0836", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0836"], "modified": "2016-12-24T02:59:00", "cpe": ["cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:17.0.10", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:firefox:34.0.5", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:17.0.6", "cpe:/a:mozilla:firefox:20.0.1", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:firefox:31.0", "cpe:/a:mozilla:firefox:3.5.14", "cpe:/a:mozilla:firefox:3.6.20", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:thunderbird:31.4", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:firefox:18.0", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:firefox:3.5.18", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:17.0.11", "cpe:/a:mozilla:firefox:16.0.2", "cpe:/a:mozilla:firefox:0.4", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:firefox:3.5.19", "cpe:/a:mozilla:firefox:10.0.4", "cpe:/a:mozilla:firefox:0.5", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.12", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:3.6.17", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:firefox:25.0", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:14.0.1", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:firefox:17.0.7", "cpe:/a:mozilla:firefox:3.6.19", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:firefox:10.0.7", "cpe:/a:mozilla:firefox:29.0", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:firefox:24.1.1", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:14.0", "cpe:/a:mozilla:firefox:17.0.5", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:32.0", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:thunderbird:31.1.2", "cpe:/a:mozilla:firefox:1.8", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:firefox:17.0.1", "cpe:/a:mozilla:thunderbird:31.3", "cpe:/a:mozilla:firefox:27.0", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:10.0.5", "cpe:/a:mozilla:firefox:17.0.2", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:firefox:30.0", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:3.6.26", "cpe:/a:mozilla:firefox:23.0", "cpe:/a:mozilla:firefox:3.0.18", "cpe:/a:mozilla:firefox_esr:31.1", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:firefox:20.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:firefox:17.0.9", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:firefox:3.0.19", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:firefox_esr:31.5", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:firefox:3.6.23", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.6.24", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:firefox:3.5.16", "cpe:/a:mozilla:thunderbird:31.2", "cpe:/a:mozilla:firefox:15.0", "cpe:/a:mozilla:firefox:19.0.1", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:firefox:17.0.8", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:firefox:10.0.3", "cpe:/a:mozilla:firefox:0.6", "cpe:/a:mozilla:firefox:13.0", "cpe:/a:mozilla:firefox_esr:31.1.1", "cpe:/a:mozilla:firefox:3.6.22", "cpe:/a:mozilla:firefox:31.1.0", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox_esr:31.3", "cpe:/a:mozilla:firefox:17.0.3", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:35.0.1", "cpe:/a:mozilla:firefox:3.6.28", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:firefox:12.0", "cpe:/a:mozilla:firefox:3.6.16", "cpe:/a:mozilla:firefox:3.6.25", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:firefox:17.0", "cpe:/a:mozilla:firefox:19.0.2", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:firefox:10.0.10", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:firefox:10.0.9", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:29.0.1", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:15.0.1", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:firefox:3.5.17", "cpe:/a:mozilla:firefox:3.6.21", "cpe:/a:mozilla:firefox_esr:31.4", "cpe:/a:mozilla:firefox:28.0", "cpe:/a:mozilla:firefox:18.0.1", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:firefox:18.0.2", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:24.0", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:firefox:0.1", "cpe:/a:mozilla:firefox:27.0.1", "cpe:/a:mozilla:firefox:25.0.1", "cpe:/a:mozilla:firefox:16.0.1", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.6.15", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:10.0.6", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:firefox:24.1", "cpe:/a:mozilla:firefox:16.0", "cpe:/a:mozilla:firefox:17.0.4", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:firefox:22.0", "cpe:/a:mozilla:firefox_esr:31.0", "cpe:/a:mozilla:firefox:3.6.11", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:firefox:23.0.1", "cpe:/a:mozilla:firefox:3.5.15", "cpe:/a:mozilla:firefox:3.6.13", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:firefox:3.6.27", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:firefox:10.0.12", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:firefox:10.0.11", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:0.2", "cpe:/a:mozilla:firefox:33.0", "cpe:/a:mozilla:firefox:26.0", "cpe:/a:mozilla:firefox:0.7", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:firefox:1.4.1", "cpe:/a:mozilla:firefox_esr:31.2", "cpe:/a:mozilla:firefox:13.0.1", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:firefox:0.7.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:firefox:10.0.8", "cpe:/a:mozilla:firefox:19.0", "cpe:/a:mozilla:firefox:0.6.1", "cpe:/a:mozilla:thunderbird:31.0", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:firefox:3.6.14", "cpe:/a:mozilla:firefox:0.3", "cpe:/a:mozilla:firefox:3.6.18", "cpe:/a:mozilla:firefox:21.0"], "id": "CVE-2015-0836", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0836", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:31.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:23.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:31.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:13.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:28.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.23:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:14.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:12.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:31.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:27.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.25:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.26:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:24.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:25.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.28:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:16.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:25.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:35.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:24.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:34.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:32.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.24:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:31.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:29.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:27.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.21:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:18.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:21.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:33.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:31.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.22:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:16.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:13.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:29.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:15.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.27:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:18.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:14.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:24.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:18.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:23.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:22.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:26.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:00", "description": "Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation.\n<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "edition": 5, "cvss3": {}, "published": "2015-02-25T11:59:00", "title": "CVE-2015-0831", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0831"], "modified": "2019-04-22T17:48:00", "cpe": ["cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:17.0.10", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:firefox:34.0.5", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:17.0.6", "cpe:/a:mozilla:firefox:20.0.1", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:firefox:31.0", "cpe:/a:mozilla:firefox:3.5.14", "cpe:/a:mozilla:firefox:3.6.20", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:thunderbird:31.4", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:firefox:18.0", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:firefox:3.5.18", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:17.0.11", "cpe:/a:mozilla:firefox:16.0.2", "cpe:/a:mozilla:firefox:0.4", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:firefox:3.5.19", "cpe:/a:mozilla:firefox:10.0.4", "cpe:/a:mozilla:firefox:0.5", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/o:redhat:enterprise_linux:5", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.12", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:3.6.17", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:firefox:25.0", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:14.0.1", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:firefox:17.0.7", "cpe:/a:mozilla:firefox:3.6.19", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:firefox:10.0.7", "cpe:/a:mozilla:firefox:29.0", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:firefox:24.1.1", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:14.0", "cpe:/a:mozilla:firefox:17.0.5", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:32.0", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:thunderbird:31.1.2", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/a:mozilla:firefox:1.8", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:firefox:17.0.1", "cpe:/a:mozilla:thunderbird:31.3", "cpe:/a:mozilla:firefox:27.0", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:10.0.5", "cpe:/a:mozilla:firefox:17.0.2", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:firefox:30.0", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:3.6.26", "cpe:/a:mozilla:firefox:23.0", "cpe:/a:mozilla:firefox:3.0.18", "cpe:/a:mozilla:firefox_esr:31.1", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:firefox:20.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:firefox:17.0.9", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:firefox:3.0.19", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:firefox_esr:31.5", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:firefox:3.6.23", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:firefox:3.6.24", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:firefox:3.5.16", "cpe:/a:mozilla:thunderbird:31.2", "cpe:/a:mozilla:firefox:15.0", "cpe:/a:mozilla:firefox:19.0.1", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:firefox:17.0.8", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:firefox:10.0.3", "cpe:/a:mozilla:firefox:0.6", "cpe:/a:mozilla:firefox:13.0", "cpe:/a:mozilla:firefox_esr:31.1.1", "cpe:/a:mozilla:firefox:3.6.22", "cpe:/a:mozilla:firefox:31.1.0", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox_esr:31.3", "cpe:/a:mozilla:firefox:17.0.3", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:35.0.1", "cpe:/a:mozilla:firefox:3.6.28", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:firefox:12.0", "cpe:/a:mozilla:firefox:3.6.16", "cpe:/a:mozilla:firefox:3.6.25", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:firefox:17.0", "cpe:/a:mozilla:firefox:19.0.2", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:firefox:10.0.10", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:firefox:10.0.9", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:29.0.1", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:15.0.1", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:firefox:3.5.17", "cpe:/a:mozilla:firefox:3.6.21", "cpe:/a:mozilla:firefox_esr:31.4", "cpe:/a:mozilla:firefox:28.0", "cpe:/a:mozilla:firefox:18.0.1", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:firefox:18.0.2", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:24.0", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:firefox:0.1", "cpe:/a:mozilla:firefox:27.0.1", "cpe:/a:mozilla:firefox:25.0.1", "cpe:/a:mozilla:firefox:16.0.1", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.6.15", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:10.0.6", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:firefox:24.1", "cpe:/a:mozilla:firefox:16.0", "cpe:/a:mozilla:firefox:17.0.4", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:firefox:22.0", "cpe:/a:mozilla:firefox_esr:31.0", "cpe:/a:mozilla:firefox:3.6.11", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:firefox:23.0.1", "cpe:/a:mozilla:firefox:3.5.15", "cpe:/a:mozilla:firefox:3.6.13", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:firefox:3.6.27", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:firefox:10.0.12", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:firefox:10.0.11", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:0.2", "cpe:/a:mozilla:firefox:33.0", "cpe:/a:mozilla:firefox:26.0", "cpe:/a:mozilla:firefox:0.7", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:firefox:1.4.1", "cpe:/a:mozilla:firefox_esr:31.2", "cpe:/a:mozilla:firefox:13.0.1", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:firefox:0.7.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:firefox:10.0.8", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/a:mozilla:firefox:19.0", "cpe:/a:mozilla:firefox:0.6.1", "cpe:/a:mozilla:thunderbird:31.0", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:firefox:3.6.14", "cpe:/a:mozilla:firefox:0.3", "cpe:/a:mozilla:firefox:3.6.18", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/a:mozilla:firefox:21.0"], "id": "CVE-2015-0831", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0831", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:31.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:23.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:31.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:13.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:28.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.23:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:14.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:12.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:31.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:27.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.25:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.26:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:24.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:25.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.28:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:16.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:25.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:35.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:24.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:34.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:32.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.24:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:31.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:29.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:27.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.21:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:18.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:21.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:33.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:31.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.22:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:16.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:13.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:29.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:15.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.27:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:18.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:14.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.14:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:24.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:18.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:23.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:22.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:26.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*"]}], "archlinux": [{"lastseen": "2016-09-02T18:44:39", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0831", "CVE-2015-0835", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827"], "description": "- CVE-2015-0822 (information leak):\n\nSecurity researcher Armin Razmdjou reported that a user readable file in\na known local path could be uploaded to a malicious site. This was done\nby manipulating the autocomplete feature in a form and user interaction\nwith it. While the local file is not visibly uploaded through the form,\nits contents are made available through the Document Object Model (DOM)\nto script content on the attacking page, leading to information disclosure.\n\n- CVE-2015-0827 (out-of-bounds read and write, possibly leading to\nremote code execution)\n\nSecurity researcher Abhishek Arya (Inferno) of the Google Chrome\nSecurity Team used the Address Sanitizer tool to report an out-of-bounds\nread and an out-of-bounds write when rendering an improperly formatted\nSVG graphic. This could potentially allow the attacker to read\nuninitialized memory.\n\n- CVE-2015-0831 (use-after-free, possibily leading to remote code execution)\n\nSecurity researcher Paul Bandha used the used the Address Sanitizer tool\nto discover a use-after-free vulnerability when running specific web\ncontent with IndexedDB to create an index. This leads to a potentially\nexploitable crash.\n\n- CVE-2015-0835, CVE-2015-0836 (remote code execution):\n\nMozilla developers and community identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough\neffort at least some of these could be exploited to run arbitrary code.", "modified": "2015-02-25T00:00:00", "published": "2015-02-25T00:00:00", "id": "ASA-201502-15", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html", "type": "archlinux", "title": "thunderbird: multiple issues", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:38", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0824", "CVE-2015-0831", "CVE-2015-0832", "CVE-2015-0825", "CVE-2015-0821", "CVE-2015-0826", "CVE-2015-0819", "CVE-2015-0834", "CVE-2015-0835", "CVE-2015-0823", "CVE-2015-0836", "CVE-2015-0829", "CVE-2015-0822", "CVE-2015-0830", "CVE-2015-0827"], "description": "- CVE-2015-0819 (tab spoofing):\n\nMozilla developer Matthew Noorenberghe reported that whitelisted Mozilla\ndomains could make UITour API calls while the UI Tour pages for Firefox\nare present in background tabs. If one of these Mozilla domains was\ncompromised and open in another tab, an attacker could then use that tab\nto engage in spoofing and clickjacking in any foreground tab.\n\n- CVE-2015-0821:\n\nSecurity researcher Armin Razmdjou reported that opening hyperlinks on a\npage with the mouse and specific keyboard key combinations could allow a\nChrome privileged URL to be opened without context restrictions being\npreserved. This could also allow for the opening of local files or\nresources from a known location to be opened with local privileges,\nbypassing security protections.\n\n- CVE-2015-0822 (information leak):\n\nSecurity researcher Armin Razmdjou reported that a user readable file in\na known local path could be uploaded to a malicious site. This was done\nby manipulating the autocomplete feature in a form and user interaction\nwith it. While the local file is not visibly uploaded through the form,\nits contents are made available through the Document Object Model (DOM)\nto script content on the attacking page, leading to information disclosure.\n\n- CVE-2015-0823 (use-after-free):\n\nUsing the Address Sanitizer tool, security researcher Atte Kettunen\nfound a problem with OpenType Sanitiser (OTS) that resulted in a\nuse-after-free while expanding macros in some circumstances. This\nuse-after-free was only used for information displayed in the developer\nconsole and was not exploitable.\n\n- CVE-2015-0824 (denial of service):\n\nSecurity researcher Atte Kettunen used the Address Sanitizer tool to\ndiscover a crash while drawing images through the Cairo graphics library\nwhile using the DrawTarget function. This can result in a segmentation\nfault due to zero-ing out of memory outside the bounds of the image.\n\n- CVE-2015-0825 (information leak):\n\nSecurity researcher Atte Kettunen used the Address Sanitizer tool to\ndiscover a buffer underflow during audio playback of a badly formatted\nMP3 audio files. Through memory allocation manipulation it may be\npossible to incorporate parts of Firefox memory into an MP3 stream\naccessible to scripts on the page.\n\n- CVE-2015-0826 (out-of-bounds read possibly leading to remote code\nexecution):\n\nSecurity researcher Atte Kettunen used the Address Sanitizer tool to\ndiscover an out-of-bounds read during the application of restyling and\nreflowing changes of web content using CSS. This results in a\npotentially exploitable crash.\n\n- CVE-2015-0827 (out-of-bounds read and write, possibly leading to\nremote code execution)\n\nSecurity researcher Abhishek Arya (Inferno) of the Google Chrome\nSecurity Team used the Address Sanitizer tool to report an out-of-bounds\nread and an out-of-bounds write when rendering an improperly formatted\nSVG graphic. This could potentially allow the attacker to read\nuninitialized memory.\n\n- CVE-2015-0829 (buffer overflow possibily leading to remote code execution)\n\nSecurity researcher Pantrombka reported a buffer overflow in the\nlibstagefright library during video playback when certain invalid MP4\nvideo files led to the allocation of a buffer that was too small for the\ncontent. This led to a potentially exploitable crash.\n\n- CVE-2015-0830 (denial of service)\n\nSecurity researcher Daniele Di Proietto discovered that when WebGL\ncontent crafted in a specific manner wrote strings, it would cause a\ncrash when this content was run.\n\n- CVE-2015-0831 (use-after-free, possibily leading to remote code execution)\n\nSecurity researcher Paul Bandha used the used the Address Sanitizer tool\nto discover a use-after-free vulnerability when running specific web\ncontent with IndexedDB to create an index. This leads to a potentially\nexploitable crash.\n\n- CVE-2015-0832 (HPKP and HSTS bypass):\n\nSecurity researcher Muneaki Nishimura reported that when certificate\npinning is set to "strict" mode, a period ('.') appended to a hostname\nin the address of a site allowed the bypass key pinning (HPKP) and HTTP\nStrict Transport Security (HSTS). Sites with a period appended were\ntreated as having a different origin than sites without the period. If\nan attacker had a security certificate for a domain with the added\nperiod, this would allow for a Man-in-the-middle (MITM) attack on users.\n\n- CVE-2015-0834 (information leak):\n\nSecurity researcher Alexander Kolesnik reported while the Mozilla\nplatform does not yet support TLS connections to TURN and STUN servers,\nthe WebRTC implementation would accept turns: and stuns: URIs and then\nattempt plaintext connections to the servers when these were used. This\ncan lead to disclosure of credentials through a Man-in-the-middle (MITM)\nattack as the connection is not encrypted.\n\n- CVE-2015-0835, CVE-2015-0836 (remote code execution):\n\nMozilla developers and community identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough\neffort at least some of these could be exploited to run arbitrary code.", "modified": "2015-02-25T00:00:00", "published": "2015-02-25T00:00:00", "id": "ASA-201502-14", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html", "type": "archlinux", "title": "firefox: multiple issues", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "mozilla": [{"lastseen": "2016-09-05T13:37:49", "bulletinFamily": "software", "cvelist": ["CVE-2015-0827"], "description": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to report an out-of-bounds\nread and an out-of-bounds write when rendering an improperly formatted SVG\ngraphic. This could potentially allow the attacker to read uninitialized memory.\n\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "edition": 1, "modified": "2015-02-24T00:00:00", "published": "2015-02-24T00:00:00", "id": "MFSA2015-19", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2015-19/", "type": "mozilla", "title": "Out-of-bounds read and write while rendering SVG content", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-05T13:37:36", "bulletinFamily": "software", "cvelist": ["CVE-2015-0822"], "edition": 1, "description": "Security researcher Armin Razmdjou reported that a user\nreadable file in a known local path could be uploaded to a malicious site. This\nwas done by manipulating the autocomplete feature in a form and user interaction\nwith it. While the local file is not visibly uploaded through the form, its\ncontents are made available through the Document Object Model (DOM) to script\ncontent on the attacking page, leading to information disclosure.\n\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "modified": "2015-02-24T00:00:00", "published": "2015-02-24T00:00:00", "id": "MFSA2015-24", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2015-24/", "type": "mozilla", "title": "Reading of local files through manipulation of form autocomplete", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-05T13:37:41", "bulletinFamily": "software", "cvelist": ["CVE-2015-0831"], "edition": 1, "description": "Security researcher Paul Bandha used the used the Address\nSanitizer tool to discover a use-after-free vulnerability when running specific\nweb content with IndexedDB to create an index. This leads to a\npotentially exploitable crash.\n\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "modified": "2015-02-24T00:00:00", "published": "2015-02-24T00:00:00", "id": "MFSA2015-16", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2015-16/", "type": "mozilla", "title": "Use-after-free in IndexedDB", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "kaspersky": [{"lastseen": "2020-09-02T11:56:03", "bulletinFamily": "info", "cvelist": ["CVE-2015-0824", "CVE-2015-0831", "CVE-2015-0832", "CVE-2015-0825", "CVE-2015-0821", "CVE-2015-0828", "CVE-2015-0826", "CVE-2015-0819", "CVE-2015-0834", "CVE-2015-0835", "CVE-2015-0823", "CVE-2015-0836", "CVE-2015-0829", "CVE-2015-0822", "CVE-2015-0830", "CVE-2015-0827", "CVE-2015-0820", "CVE-2015-0833"], "description": "### *Detect date*:\n02/24/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla products. Malicious users can exploit these vulnerabilities to cause denial of service, gain privilleges, obtain sensitiv information, execute arbitrary code, spoof user interface or read local files.\n\n### *Affected products*:\nMozilla Firefox versions earlier than 36 \nMozilla Firefox ESR versions earlier than 31.5 \nMozilla Thunderbird versions earlier than 31.5\n\n### *Solution*:\nUpdate to latest version!\n\n### *Original advisories*:\n[MFSA 2015-11 \u2014 2015-27](<https://www.mozilla.org/en-US/security/advisories/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2015-0823](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0823>)7.5Critical \n[CVE-2015-0828](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0828>)6.8High \n[CVE-2015-0834](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0834>)4.3Warning \n[CVE-2015-0835](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0835>)7.5Critical \n[CVE-2015-0836](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836>)7.5Critical \n[CVE-2015-0825](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0825>)4.3Warning \n[CVE-2015-0831](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831>)6.8High \n[CVE-2015-0830](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0830>)5.0Critical \n[CVE-2015-0824](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0824>)5.0Critical \n[CVE-2015-0827](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827>)4.3Warning \n[CVE-2015-0829](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0829>)6.8High \n[CVE-2015-0822](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822>)4.3Warning \n[CVE-2015-0833](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0833>)6.9High \n[CVE-2015-0826](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0826>)6.8High \n[CVE-2015-0820](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0820>)2.6Warning \n[CVE-2015-0832](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0832>)5.0Critical \n[CVE-2015-0821](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0821>)6.8High \n[CVE-2015-0819](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0819>)4.3Warning", "edition": 41, "modified": "2020-05-22T00:00:00", "published": "2015-02-24T00:00:00", "id": "KLA10464", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10464", "title": "\r KLA10464Multiple vulnerabilities in Mozilla products ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:19", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0824", "CVE-2015-0831", "CVE-2015-0832", "CVE-2015-0825", "CVE-2015-0821", "CVE-2015-0828", "CVE-2015-0826", "CVE-2015-0819", "CVE-2015-0834", "CVE-2015-0835", "CVE-2015-0823", "CVE-2015-0836", "CVE-2015-0829", "CVE-2015-0822", "CVE-2015-0830", "CVE-2015-0827", "CVE-2015-0820", "CVE-2015-0833"], "description": "\nThe Mozilla Project reports:\n\nMFSA-2015-11 Miscellaneous memory safety hazards (rv:36.0\n\t / rv:31.5)\nMFSA-2015-12 Invoking Mozilla updater will load locally\n\t stored DLL files\nMFSA-2015-13 Appended period to hostnames can bypass HPKP\n\t and HSTS protections\nMFSA-2015-14 Malicious WebGL content crash when writing\n\t strings\nMFSA-2015-15 TLS TURN and STUN connections silently fail\n\t to simple TCP connections\nMFSA-2015-16 Use-after-free in IndexedDB\nMFSA-2015-17 Buffer overflow in libstagefright during MP4\n\t video playback\nMFSA-2015-18 Double-free when using non-default memory\n\t allocators with a zero-length XHR\nMFSA-2015-19 Out-of-bounds read and write while rendering\n\t SVG content\nMFSA-2015-20 Buffer overflow during CSS restyling\nMFSA-2015-21 Buffer underflow during MP3 playback\nMFSA-2015-22 Crash using DrawTarget in Cairo graphics\n\t library\nMFSA-2015-23 Use-after-free in Developer Console date\n\t with OpenType Sanitiser\nMFSA-2015-24 Reading of local files through manipulation\n\t of form autocomplete\nMFSA-2015-25 Local files or privileged URLs in pages can\n\t be opened into new tabs\nMFSA-2015-26 UI Tour whitelisted sites in background tab\n\t can spoof foreground tabs\nMFSA-2015-27 Caja Compiler JavaScript sandbox bypass\n\n", "edition": 4, "modified": "2015-02-24T00:00:00", "published": "2015-02-24T00:00:00", "id": "99029172-8253-407D-9D8B-2CFEAB9ABF81", "href": "https://vuxml.freebsd.org/freebsd/99029172-8253-407d-9d8b-2cfeab9abf81.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:59", "bulletinFamily": "software", "cvelist": ["CVE-2015-0824", "CVE-2015-0831", "CVE-2015-0832", "CVE-2015-0825", "CVE-2015-0821", "CVE-2015-0828", "CVE-2015-0826", "CVE-2015-0819", "CVE-2015-0834", "CVE-2015-0818", "CVE-2015-0835", "CVE-2015-0817", "CVE-2015-0823", "CVE-2015-0836", "CVE-2015-0829", "CVE-2015-0822", "CVE-2015-0830", "CVE-2015-0827", "CVE-2015-0820", "CVE-2015-0833"], "description": "Restrictions bypass, information spoofing, information leakage, buffer overflows, memory corruptions, DoS, code execution.", "edition": 1, "modified": "2015-03-22T00:00:00", "published": "2015-03-22T00:00:00", "id": "SECURITYVULNS:VULN:14293", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14293", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2017-01-03T14:14:21", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0824", "CVE-2016-9893", "CVE-2015-0831", "CVE-2016-5266", "CVE-2016-5290", "CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5252", "CVE-2015-0832", "CVE-2016-5281", "CVE-2016-2816", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-5297", "CVE-2016-2827", "CVE-2015-0825", "CVE-2015-0821", "CVE-2016-2817", "CVE-2016-5250", "CVE-2016-2805", "CVE-2015-0828", "CVE-2016-5259", "CVE-2016-5274", "CVE-2016-9904", "CVE-2016-5261", "CVE-2016-5267", "CVE-2016-9064", "CVE-2016-5254", "CVE-2016-5284", "CVE-2016-2814", "CVE-2015-0826", "CVE-2016-5296", "CVE-2016-9899", "CVE-2016-5265", "CVE-2016-9079", "CVE-2016-5270", "CVE-2016-9898", "CVE-2014-8642", "CVE-2014-8637", "CVE-2016-5264", "CVE-2014-8636", "CVE-2016-2813", "CVE-2016-9902", "CVE-2015-0819", "CVE-2016-5291", "CVE-2016-5294", "CVE-2016-5283", "CVE-2016-9074", "CVE-2016-5277", "CVE-2015-0834", "CVE-2016-2804", "CVE-2016-2809", "CVE-2016-9897", "CVE-2016-2808", "CVE-2016-2811", "CVE-2016-9066", "CVE-2014-8641", "CVE-2015-0835", "CVE-2016-9905", "CVE-2016-5258", "CVE-2016-9895", "CVE-2016-2810", "CVE-2016-9900", "CVE-2016-5293", "CVE-2016-5260", "CVE-2016-2839", "CVE-2016-5263", "CVE-2016-5268", "CVE-2016-5257", "CVE-2016-2838", "CVE-2016-2835", "CVE-2016-2836", "CVE-2016-9901", "CVE-2016-2807", "CVE-2016-5272", "CVE-2014-8634", "CVE-2015-0823", "CVE-2016-5251", "CVE-2016-2806", "CVE-2016-5273", "CVE-2016-2837", "CVE-2015-0836", "CVE-2016-5276", "CVE-2016-2812", "CVE-2014-8639", "CVE-2015-0829", "CVE-2016-5262", "CVE-2015-0822", "CVE-2016-5253", "CVE-2015-0830", "CVE-2015-0827", "CVE-2014-8640", "CVE-2016-5279", "CVE-2014-8635", "CVE-2014-8638", "CVE-2016-5255", "CVE-2016-5275", "CVE-2016-2830", "CVE-2016-5282", "CVE-2015-0820", "CVE-2016-2820", "CVE-2015-0833"], "edition": 1, "description": "### Background\n\nMozilla Firefox is a cross-platform web browser from Mozilla. The Mozilla Thunderbird mail client is a redesign of the Mozilla Mail component. The goal is to produce a cross-platform stand-alone mail application using XUL (XML User Interface Language). SeaMonkey is a free and open-source Internet suite. It is the continuation of the former Mozilla Application Suite, based on the same source code. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox, SeaMonkey, and Thunderbird. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition via multiple vectors. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-45.6.0\"\n \n\nAll Firefox-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-45.6.0\"\n \n\nAll Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-45.6.0\"\n \n\nAll Thunderbird-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-45.6.0\"\n \n\nAll SeaMonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.38\"\n \n\nAll SeaMonkey-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.38\"", "modified": "2017-01-03T00:00:00", "published": "2017-01-03T00:00:00", "href": "https://security.gentoo.org/glsa/201701-15", "id": "GLSA-201701-15", "type": "gentoo", "title": "Mozilla Firefox, SeaMonkey, Thunderbird: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:40", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0824", "CVE-2014-1505", "CVE-2014-1536", "CVE-2014-1577", "CVE-2014-1513", "CVE-2013-5601", "CVE-2013-5612", "CVE-2015-0831", "CVE-2013-5595", "CVE-2014-1530", "CVE-2014-1590", "CVE-2014-1586", "CVE-2014-1583", "CVE-2015-0832", "CVE-2013-5616", "CVE-2013-5607", "CVE-2014-1510", "CVE-2014-1566", "CVE-2013-5598", "CVE-2013-5613", "CVE-2014-1522", "CVE-2014-1587", "CVE-2014-1567", "CVE-2014-1481", "CVE-2014-1539", "CVE-2014-1487", "CVE-2015-0825", "CVE-2014-1594", "CVE-2014-1538", "CVE-2013-5609", "CVE-2015-0821", "CVE-2014-1525", "CVE-2013-5619", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1559", "CVE-2014-1537", "CVE-2014-1582", "CVE-2014-1523", "CVE-2014-1576", "CVE-2014-8631", "CVE-2013-5615", "CVE-2014-1529", "CVE-2015-0828", "CVE-2013-5597", "CVE-2014-1543", "CVE-2014-1486", "CVE-2013-5590", "CVE-2013-5605", "CVE-2013-5610", "CVE-2014-1532", "CVE-2013-6671", "CVE-2014-1548", "CVE-2014-1584", "CVE-2014-1588", "CVE-2015-0826", "CVE-2014-1531", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1542", "CVE-2014-1477", "CVE-2014-1578", "CVE-2013-1741", "CVE-2014-1540", "CVE-2014-1534", "CVE-2014-8642", "CVE-2014-1482", "CVE-2014-8637", "CVE-2014-1479", "CVE-2014-1504", "CVE-2014-8636", "CVE-2014-1580", "CVE-2014-1511", "CVE-2015-0819", "CVE-2014-1520", "CVE-2015-0834", "CVE-2014-1545", "CVE-2013-5592", "CVE-2014-1492", "CVE-2014-1556", "CVE-2013-5606", "CVE-2015-0818", "CVE-2014-1563", "CVE-2014-1524", "CVE-2014-8632", "CVE-2014-1512", "CVE-2014-1581", "CVE-2013-5604", "CVE-2014-1514", "CVE-2014-1592", "CVE-2014-8641", "CVE-2014-1490", "CVE-2015-0835", "CVE-2014-1498", "CVE-2014-1589", "CVE-2014-1565", "CVE-2014-1568", "CVE-2014-1555", "CVE-2014-1564", "CVE-2014-1574", "CVE-2014-1558", "CVE-2014-1551", "CVE-2014-1519", "CVE-2014-1547", "CVE-2014-1480", "CVE-2014-5369", "CVE-2014-1500", "CVE-2014-1497", "CVE-2013-5596", "CVE-2014-1478", "CVE-2014-1485", "CVE-2015-0817", "CVE-2014-1493", "CVE-2014-1544", "CVE-2014-8634", "CVE-2013-2566", "CVE-2015-0823", "CVE-2013-5603", "CVE-2013-6673", "CVE-2014-1562", "CVE-2015-0836", "CVE-2014-1541", "CVE-2014-1488", "CVE-2014-1552", "CVE-2013-5599", "CVE-2014-1553", "CVE-2014-8639", "CVE-2015-0829", "CVE-2014-1549", "CVE-2013-5591", "CVE-2013-5602", "CVE-2015-0822", "CVE-2014-1496", "CVE-2014-1554", "CVE-2015-0830", "CVE-2015-0827", "CVE-2014-8640", "CVE-2014-1557", "CVE-2014-1526", "CVE-2013-5593", "CVE-2014-1550", "CVE-2014-1533", "CVE-2014-1491", "CVE-2013-6672", "CVE-2013-5614", "CVE-2014-1575", "CVE-2014-8635", "CVE-2014-8638", "CVE-2014-1560", "CVE-2014-1585", "CVE-2014-1483", "CVE-2014-1489", "CVE-2014-1591", "CVE-2014-1593", "CVE-2015-0820", "CVE-2013-5600", "CVE-2014-1499", "CVE-2014-1518", "CVE-2014-1561", "CVE-2015-0833", "CVE-2013-5618"], "edition": 1, "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-31.5.3\"\n \n\nAll firefox-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-31.5.3\"\n \n\nAll thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-31.5.0\"\n \n\nAll thunderbird-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-31.5.0\"\n \n\nAll seamonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.33.1\"\n \n\nAll seamonkey-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.33.1\"\n \n\nAll nspr users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nspr-4.10.6\"", "modified": "2015-04-08T00:00:00", "published": "2015-04-07T00:00:00", "id": "GLSA-201504-01", "href": "https://security.gentoo.org/glsa/201504-01", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}