{"openvas": [{"lastseen": "2017-07-24T12:57:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-0652", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1313", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1310", "CVE-2009-1303"], "description": "The remote host is missing an update to firefox\nannounced via advisory MDVSA-2009:111.", "modified": "2017-07-06T00:00:00", "published": "2009-06-05T00:00:00", "id": "OPENVAS:64134", "href": "http://plugins.openvas.org/nasl.php?oid=64134", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:111 (firefox)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_111.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:111 (firefox)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security vulnerabilities have been discovered in previous\nversions, and corrected in the latest Mozilla Firefox 3.x, version\n3.0.10. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305,\nCVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308,\nCVE-2009-1309, CVE-2009-1310, CVE-2009-1311, CVE-2009-1312,\nCVE-2009-1313)\n\nThis update provides the latest Mozilla Firefox 3.x to correct\nthese issues.\n\nAdditionally, some packages which require so, have been rebuilt and\nare being provided as updates.\n\nAffected: 2009.0, 2009.1\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:111\nhttp://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.10\";\ntag_summary = \"The remote host is missing an update to firefox\nannounced via advisory MDVSA-2009:111.\";\n\n \n\nif(description)\n{\n script_id(64134);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1304\", \"CVE-2009-1305\", \"CVE-2009-0652\", \"CVE-2009-1306\", \"CVE-2009-1307\", \"CVE-2009-1308\", \"CVE-2009-1309\", \"CVE-2009-1310\", \"CVE-2009-1311\", \"CVE-2009-1312\", \"CVE-2009-1313\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:111 (firefox)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"beagle\", rpm:\"beagle~0.3.8~13.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-crawl-system\", rpm:\"beagle-crawl-system~0.3.8~13.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-doc\", rpm:\"beagle-doc~0.3.8~13.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-epiphany\", rpm:\"beagle-epiphany~0.3.8~13.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-evolution\", rpm:\"beagle-evolution~0.3.8~13.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-gui\", rpm:\"beagle-gui~0.3.8~13.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-gui-qt\", rpm:\"beagle-gui-qt~0.3.8~13.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-libs\", rpm:\"beagle-libs~0.3.8~13.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.21~3.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"devhelp-plugins\", rpm:\"devhelp-plugins~0.21~3.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.24.0.1~3.8mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.24.0.1~3.8mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-beagle\", rpm:\"firefox-ext-beagle~0.3.8~13.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-mozvoikko\", rpm:\"firefox-ext-mozvoikko~0.9.5~4.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-theme-kde4ff\", rpm:\"firefox-theme-kde4ff~0.14~4.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.19.1~20.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.19.1~20.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.19.1~20.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.19.1~20.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.19.1~20.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.19.1~20.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.19.1~20.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdevhelp-1_0\", rpm:\"libdevhelp-1_0~0.21~3.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libdevhelp-1-devel\", rpm:\"libdevhelp-1-devel~0.21~3.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner1.9\", rpm:\"libxulrunner1.9~1.9.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-unstable-devel\", rpm:\"libxulrunner-unstable-devel~1.9.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-blogrovr\", rpm:\"mozilla-firefox-ext-blogrovr~1.1.779~5.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-foxmarks\", rpm:\"mozilla-firefox-ext-foxmarks~2.1.0.12~2.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-firefox-ext-scribefire\", rpm:\"mozilla-firefox-ext-scribefire~2.3.1~2.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-beagle\", rpm:\"mozilla-thunderbird-beagle~0.3.8~13.10mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.24.0~3.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64devhelp-1_0\", rpm:\"lib64devhelp-1_0~0.21~3.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64devhelp-1-devel\", rpm:\"lib64devhelp-1-devel~0.21~3.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner1.9\", rpm:\"lib64xulrunner1.9~1.9.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-unstable-devel\", rpm:\"lib64xulrunner-unstable-devel~1.9.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle\", rpm:\"beagle~0.3.9~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-crawl-system\", rpm:\"beagle-crawl-system~0.3.9~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-doc\", rpm:\"beagle-doc~0.3.9~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-epiphany\", rpm:\"beagle-epiphany~0.3.9~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-evolution\", rpm:\"beagle-evolution~0.3.9~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-gui\", rpm:\"beagle-gui~0.3.9~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-gui-qt\", rpm:\"beagle-gui-qt~0.3.9~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"beagle-libs\", rpm:\"beagle-libs~0.3.9~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.26.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.26.1~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-beagle\", rpm:\"firefox-ext-beagle~0.3.9~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-blogrovr\", rpm:\"firefox-ext-blogrovr~1.1.798~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-foxmarks\", rpm:\"firefox-ext-foxmarks~2.7.2~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-mozvoikko\", rpm:\"firefox-ext-mozvoikko~0.9.6~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-r-kiosk\", rpm:\"firefox-ext-r-kiosk~0.7.2~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ext-scribefire\", rpm:\"firefox-ext-scribefire~3.2.3~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ka\", rpm:\"firefox-ka~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mn\", rpm:\"firefox-mn~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-oc\", rpm:\"firefox-oc~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-theme-kde4ff\", rpm:\"firefox-theme-kde4ff~0.14~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.25.3~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.25.3~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.25.3~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.25.3~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.25.3~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.25.3~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.25.3~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"google-gadgets-common\", rpm:\"google-gadgets-common~0.10.5~8.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"google-gadgets-gtk\", rpm:\"google-gadgets-gtk~0.10.5~8.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"google-gadgets-qt\", rpm:\"google-gadgets-qt~0.10.5~8.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"google-gadgets-xul\", rpm:\"google-gadgets-xul~0.10.5~8.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libggadget1.0_0\", rpm:\"libggadget1.0_0~0.10.5~8.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libggadget-gtk1.0_0\", rpm:\"libggadget-gtk1.0_0~0.10.5~8.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libggadget-qt1.0_0\", rpm:\"libggadget-qt1.0_0~0.10.5~8.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgoogle-gadgets-devel\", rpm:\"libgoogle-gadgets-devel~0.10.5~8.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopensc2\", rpm:\"libopensc2~0.11.7~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopensc-devel\", rpm:\"libopensc-devel~0.11.7~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner1.9\", rpm:\"libxulrunner1.9~1.9.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxulrunner-unstable-devel\", rpm:\"libxulrunner-unstable-devel~1.9.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-plugin-opensc\", rpm:\"mozilla-plugin-opensc~0.11.7~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-beagle\", rpm:\"mozilla-thunderbird-beagle~0.3.9~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opensc\", rpm:\"opensc~0.11.7~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xpcom\", rpm:\"python-xpcom~1.9.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.26.0~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ggadget1.0_0\", rpm:\"lib64ggadget1.0_0~0.10.5~8.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ggadget-gtk1.0_0\", rpm:\"lib64ggadget-gtk1.0_0~0.10.5~8.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ggadget-qt1.0_0\", rpm:\"lib64ggadget-qt1.0_0~0.10.5~8.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64google-gadgets-devel\", rpm:\"lib64google-gadgets-devel~0.10.5~8.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64opensc2\", rpm:\"lib64opensc2~0.11.7~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64opensc-devel\", rpm:\"lib64opensc-devel~0.11.7~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner1.9\", rpm:\"lib64xulrunner1.9~1.9.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xulrunner-unstable-devel\", rpm:\"lib64xulrunner-unstable-devel~1.9.0.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-0652", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1313", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1310", "CVE-2009-1303"], "description": "The remote host is missing an update to firefox\nannounced via advisory MDVSA-2009:111-1.", "modified": "2017-07-06T00:00:00", "published": "2009-05-20T00:00:00", "id": "OPENVAS:63983", "href": "http://plugins.openvas.org/nasl.php?oid=63983", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:111-1 (firefox)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_111_1.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:111-1 (firefox)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security vulnerabilities have been discovered in previous\nversions, and corrected in the latest Mozilla Firefox 3.x, version\n3.0.10. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305,\nCVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308,\nCVE-2009-1309, CVE-2009-1310, CVE-2009-1311, CVE-2009-1312,\nCVE-2009-1313)\n\nThis update provides the latest Mozilla Firefox 3.x to correct\nthese issues.\n\nAdditionally, some packages which require so, have been rebuilt and\nare being provided as updates.\n\nUpdate:\n\nThe recent Mozilla Firefox update missed the Firefox language packs\nfor Mandriva Linux 2009. This update provides them, fixing the issue.\n\nAffected: 2009.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:111-1\nhttp://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.10\";\ntag_summary = \"The remote host is missing an update to firefox\nannounced via advisory MDVSA-2009:111-1.\";\n\n \n\nif(description)\n{\n script_id(63983);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_cve_id(\"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1304\", \"CVE-2009-1305\", \"CVE-2009-0652\", \"CVE-2009-1306\", \"CVE-2009-1307\", \"CVE-2009-1308\", \"CVE-2009-1309\", \"CVE-2009-1310\", \"CVE-2009-1311\", \"CVE-2009-1312\", \"CVE-2009-1313\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:111-1 (firefox)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ka\", rpm:\"firefox-ka~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mn\", rpm:\"firefox-mn~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-oc\", rpm:\"firefox-oc~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-0652", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1313", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1310", "CVE-2009-1303"], "description": "The remote host is missing an update to firefox\nannounced via advisory MDVSA-2009:111-1.", "modified": "2018-04-06T00:00:00", "published": "2009-05-20T00:00:00", "id": "OPENVAS:136141256231063983", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063983", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:111-1 (firefox)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_111_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:111-1 (firefox)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security vulnerabilities have been discovered in previous\nversions, and corrected in the latest Mozilla Firefox 3.x, version\n3.0.10. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305,\nCVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308,\nCVE-2009-1309, CVE-2009-1310, CVE-2009-1311, CVE-2009-1312,\nCVE-2009-1313)\n\nThis update provides the latest Mozilla Firefox 3.x to correct\nthese issues.\n\nAdditionally, some packages which require so, have been rebuilt and\nare being provided as updates.\n\nUpdate:\n\nThe recent Mozilla Firefox update missed the Firefox language packs\nfor Mandriva Linux 2009. This update provides them, fixing the issue.\n\nAffected: 2009.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:111-1\nhttp://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.10\";\ntag_summary = \"The remote host is missing an update to firefox\nannounced via advisory MDVSA-2009:111-1.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63983\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_cve_id(\"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1304\", \"CVE-2009-1305\", \"CVE-2009-0652\", \"CVE-2009-1306\", \"CVE-2009-1307\", \"CVE-2009-1308\", \"CVE-2009-1309\", \"CVE-2009-1310\", \"CVE-2009-1311\", \"CVE-2009-1312\", \"CVE-2009-1313\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:111-1 (firefox)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ka\", rpm:\"firefox-ka~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ku\", rpm:\"firefox-ku~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mn\", rpm:\"firefox-mn~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-oc\", rpm:\"firefox-oc~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sr\", rpm:\"firefox-sr~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.0.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-0652", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1310", "CVE-2009-1303"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0436.\n\nMozilla Firefox is an open source Web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305)\n\nSeveral flaws were found in the way malformed web content was processed. A\nweb page containing malicious content could execute arbitrary JavaScript in\nthe context of the site, possibly presenting misleading data to a user, or\nstealing sensitive information such as login credentials. (CVE-2009-0652,\nCVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310,\nCVE-2009-1312)\n\nA flaw was found in the way Firefox saved certain web pages to a local\nfile. If a user saved the inner frame of a web page containing POST data,\nthe POST data could be revealed to the inner frame, possibly surrendering\nsensitive information such as login credentials. (CVE-2009-1311)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.0.9. You can find a link to the Mozilla advisories\nin the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.0.9, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.", "modified": "2017-07-12T00:00:00", "published": "2009-04-28T00:00:00", "id": "OPENVAS:63866", "href": "http://plugins.openvas.org/nasl.php?oid=63866", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0436", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0436.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0436 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0436.\n\nMozilla Firefox is an open source Web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305)\n\nSeveral flaws were found in the way malformed web content was processed. A\nweb page containing malicious content could execute arbitrary JavaScript in\nthe context of the site, possibly presenting misleading data to a user, or\nstealing sensitive information such as login credentials. (CVE-2009-0652,\nCVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310,\nCVE-2009-1312)\n\nA flaw was found in the way Firefox saved certain web pages to a local\nfile. If a user saved the inner frame of a web page containing POST data,\nthe POST data could be revealed to the inner frame, possibly surrendering\nsensitive information such as login credentials. (CVE-2009-1311)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.0.9. You can find a link to the Mozilla advisories\nin the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.0.9, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63866);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-28 20:40:12 +0200 (Tue, 28 Apr 2009)\");\n script_cve_id(\"CVE-2009-0652\", \"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1304\", \"CVE-2009-1305\", \"CVE-2009-1306\", \"CVE-2009-1307\", \"CVE-2009-1308\", \"CVE-2009-1309\", \"CVE-2009-1310\", \"CVE-2009-1311\", \"CVE-2009-1312\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:0436\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0436.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.9\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.9~1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.0.9~1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.9~1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.0.9~1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.9~1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~1.9.0.9~1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.0.9~1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner-devel-unstable\", rpm:\"xulrunner-devel-unstable~1.9.0.9~1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-0652", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1310", "CVE-2009-1303"], "description": "The remote host is missing updates to firefox announced in\nadvisory CESA-2009:0436.", "modified": "2018-04-06T00:00:00", "published": "2009-04-28T00:00:00", "id": "OPENVAS:136141256231063904", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063904", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0436 (firefox)", "sourceData": "#CESA-2009:0436 63904 4\n# $Id: ovcesa2009_0436.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0436 (firefox)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0436\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0436\nhttps://rhn.redhat.com/errata/RHSA-2009-0436.html\";\ntag_summary = \"The remote host is missing updates to firefox announced in\nadvisory CESA-2009:0436.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63904\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-28 20:40:12 +0200 (Tue, 28 Apr 2009)\");\n script_cve_id(\"CVE-2009-0652\", \"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1304\", \"CVE-2009-1305\", \"CVE-2009-1306\", \"CVE-2009-1307\", \"CVE-2009-1308\", \"CVE-2009-1309\", \"CVE-2009-1310\", \"CVE-2009-1311\", \"CVE-2009-1312\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:0436 (firefox)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.9~1.el5.centos\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.0.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xulrunner-devel-unstable\", rpm:\"xulrunner-devel-unstable~1.9.0.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.9~1.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-0652", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1310", "CVE-2009-1303"], "description": "The remote host is missing an update to firefox\nannounced via advisory FEDORA-2009-3875.", "modified": "2018-04-06T00:00:00", "published": "2009-04-28T00:00:00", "id": "OPENVAS:136141256231063882", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063882", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-3875 (firefox)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_3875.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-3875 (firefox)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nhttp://www.mozilla.org/security/known-\nvulnerabilities/firefox30.html#firefox3.0.9\nChangeLog:\n\n* Tue Apr 21 2009 Christopher Aillon - 3.0.9-1\n- Update to 3.0.9\n* Fri Mar 27 2009 Christopher Aillon - 3.0.8-1\n- Update to 3.0.8\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update firefox' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3875\";\ntag_summary = \"The remote host is missing an update to firefox\nannounced via advisory FEDORA-2009-3875.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63882\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-28 20:40:12 +0200 (Tue, 28 Apr 2009)\");\n script_cve_id(\"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1304\", \"CVE-2009-1305\", \"CVE-2009-0652\", \"CVE-2009-1306\", \"CVE-2009-1307\", \"CVE-2009-1308\", \"CVE-2009-1309\", \"CVE-2009-1310\", \"CVE-2009-1311\", \"CVE-2009-1312\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 9 FEDORA-2009-3875 (firefox)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496252\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496253\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496255\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496256\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=486704\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496262\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496263\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496266\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496267\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496270\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496271\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496274\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.9~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.0.9~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-0652", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1310", "CVE-2009-1303"], "description": "The remote host is missing an update to firefox\nannounced via advisory FEDORA-2009-3875.", "modified": "2017-07-10T00:00:00", "published": "2009-04-28T00:00:00", "id": "OPENVAS:63882", "href": "http://plugins.openvas.org/nasl.php?oid=63882", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-3875 (firefox)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_3875.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-3875 (firefox)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nhttp://www.mozilla.org/security/known-\nvulnerabilities/firefox30.html#firefox3.0.9\nChangeLog:\n\n* Tue Apr 21 2009 Christopher Aillon - 3.0.9-1\n- Update to 3.0.9\n* Fri Mar 27 2009 Christopher Aillon - 3.0.8-1\n- Update to 3.0.8\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update firefox' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3875\";\ntag_summary = \"The remote host is missing an update to firefox\nannounced via advisory FEDORA-2009-3875.\";\n\n\n\nif(description)\n{\n script_id(63882);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-28 20:40:12 +0200 (Tue, 28 Apr 2009)\");\n script_cve_id(\"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1304\", \"CVE-2009-1305\", \"CVE-2009-0652\", \"CVE-2009-1306\", \"CVE-2009-1307\", \"CVE-2009-1308\", \"CVE-2009-1309\", \"CVE-2009-1310\", \"CVE-2009-1311\", \"CVE-2009-1312\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 9 FEDORA-2009-3875 (firefox)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496252\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496253\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496255\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496256\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=486704\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496262\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496263\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496266\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496267\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496270\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496271\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496274\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.9~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.0.9~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-0652", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1310", "CVE-2009-1303"], "description": "Check for the Version of firefox", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880667", "href": "http://plugins.openvas.org/nasl.php?oid=880667", "type": "openvas", "title": "CentOS Update for firefox CESA-2009:0436 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2009:0436 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code as the user running Firefox.\n (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305)\n \n Several flaws were found in the way malformed web content was processed. A\n web page containing malicious content could execute arbitrary JavaScript in\n the context of the site, possibly presenting misleading data to a user, or\n stealing sensitive information such as login credentials. (CVE-2009-0652,\n CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310,\n CVE-2009-1312)\n \n A flaw was found in the way Firefox saved certain web pages to a local\n file. If a user saved the inner frame of a web page containing POST data,\n the POST data could be revealed to the inner frame, possibly surrendering\n sensitive information such as login credentials. (CVE-2009-1311)\n \n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 3.0.9. You can find a link to the Mozilla advisories\n in the References section of this errata.\n \n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 3.0.9, which corrects these issues. After installing the\n update, Firefox must be restarted for the changes to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"firefox on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-April/015824.html\");\n script_id(880667);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:0436\");\n script_cve_id(\"CVE-2009-0652\", \"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1304\",\n \"CVE-2009-1305\", \"CVE-2009-1306\", \"CVE-2009-1307\", \"CVE-2009-1308\",\n \"CVE-2009-1309\", \"CVE-2009-1310\", \"CVE-2009-1311\", \"CVE-2009-1312\");\n script_name(\"CentOS Update for firefox CESA-2009:0436 centos5 i386\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.9~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.9~1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.0.9~1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel-unstable\", rpm:\"xulrunner-devel-unstable~1.9.0.9~1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-0652", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1310", "CVE-2009-1303"], "description": "The remote host is missing an update to epiphany\nannounced via advisory FEDORA-2009-3893.", "modified": "2018-04-06T00:00:00", "published": "2009-04-28T00:00:00", "id": "OPENVAS:136141256231063883", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063883", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-3893 (epiphany)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_3893.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-3893 (epiphany)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nhttp://www.mozilla.org/security/known-\nvulnerabilities/firefox30.html#firefox3.0.9\nChangeLog:\n\n* Tue Apr 21 2009 Christopher Aillon - 2.24.3-5\n- Rebuild against newer gecko\n* Fri Mar 27 2009 Christopher Aillon - 2.24.3-4\n- Rebuild against newer gecko\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update epiphany' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3893\";\ntag_summary = \"The remote host is missing an update to epiphany\nannounced via advisory FEDORA-2009-3893.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63883\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-28 20:40:12 +0200 (Tue, 28 Apr 2009)\");\n script_cve_id(\"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1304\", \"CVE-2009-1305\", \"CVE-2009-0652\", \"CVE-2009-1306\", \"CVE-2009-1307\", \"CVE-2009-1308\", \"CVE-2009-1309\", \"CVE-2009-1310\", \"CVE-2009-1311\", \"CVE-2009-1312\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-3893 (epiphany)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496252\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496253\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496255\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496256\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=486704\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496262\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496263\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496266\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496267\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496270\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496271\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496274\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.24.3~5.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.24.3~5.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"epiphany-debuginfo\", rpm:\"epiphany-debuginfo~2.24.3~5.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-0652", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1310", "CVE-2009-1303"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880947", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880947", "type": "openvas", "title": "CentOS Update for firefox CESA-2009:0436 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2009:0436 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-April/015833.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880947\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2009:0436\");\n script_cve_id(\"CVE-2009-0652\", \"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1304\",\n \"CVE-2009-1305\", \"CVE-2009-1306\", \"CVE-2009-1307\", \"CVE-2009-1308\",\n \"CVE-2009-1309\", \"CVE-2009-1310\", \"CVE-2009-1311\", \"CVE-2009-1312\");\n script_name(\"CentOS Update for firefox CESA-2009:0436 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 4\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source Web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code as the user running Firefox.\n (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305)\n\n Several flaws were found in the way malformed web content was processed. A\n web page containing malicious content could execute arbitrary JavaScript in\n the context of the site, possibly presenting misleading data to a user, or\n stealing sensitive information such as login credentials. (CVE-2009-0652,\n CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310,\n CVE-2009-1312)\n\n A flaw was found in the way Firefox saved certain web pages to a local\n file. If a user saved the inner frame of a web page containing POST data,\n the POST data could be revealed to the inner frame, possibly surrendering\n sensitive information such as login credentials. (CVE-2009-1311)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 3.0.9. You can find a link to the Mozilla advisories\n in the References section of this errata.\n\n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 3.0.9, which corrects these issues. After installing the\n update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.9~1.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-07T11:52:07", "description": "Security vulnerabilities have been discovered in previous versions,\nand corrected in the latest Mozilla Firefox 3.x, version 3.0.10.\n(CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305,\nCVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308,\nCVE-2009-1309, CVE-2009-1310, CVE-2009-1311, CVE-2009-1312,\nCVE-2009-1313)\n\nThis update provides the latest Mozilla Firefox 3.x to correct these\nissues.\n\nAdditionally, some packages which require so, have been rebuilt and\nare being provided as updates.\n\nUpdate :\n\nThe recent Mozilla Firefox update missed the Firefox language packs\nfor Mandriva Linux 2009. This update provides them, fixing the issue.", "edition": 28, "published": "2009-05-13T00:00:00", "title": "Mandriva Linux Security Advisory : firefox (MDVSA-2009:111-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-0652", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1313", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1310", "CVE-2009-1303"], "modified": "2009-05-13T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:firefox-mn", "p-cpe:/a:mandriva:linux:firefox-zh_CN", "p-cpe:/a:mandriva:linux:firefox-sv_SE", "p-cpe:/a:mandriva:linux:firefox-sk", "p-cpe:/a:mandriva:linux:firefox-eu", "p-cpe:/a:mandriva:linux:firefox-oc", "p-cpe:/a:mandriva:linux:firefox-de", "p-cpe:/a:mandriva:linux:firefox-id", "p-cpe:/a:mandriva:linux:firefox-sl", "p-cpe:/a:mandriva:linux:firefox-es_ES", "p-cpe:/a:mandriva:linux:firefox-el", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:firefox-gl", "p-cpe:/a:mandriva:linux:firefox-fi", "p-cpe:/a:mandriva:linux:firefox-be", "p-cpe:/a:mandriva:linux:firefox-af", "p-cpe:/a:mandriva:linux:firefox-ja", "p-cpe:/a:mandriva:linux:firefox-ku", "p-cpe:/a:mandriva:linux:firefox-is", "p-cpe:/a:mandriva:linux:firefox-lv", "p-cpe:/a:mandriva:linux:firefox-pa_IN", "p-cpe:/a:mandriva:linux:firefox-tr", "p-cpe:/a:mandriva:linux:firefox-ga_IE", "p-cpe:/a:mandriva:linux:firefox-nl", "p-cpe:/a:mandriva:linux:firefox-lt", "p-cpe:/a:mandriva:linux:firefox-ro", "p-cpe:/a:mandriva:linux:firefox-it", "p-cpe:/a:mandriva:linux:firefox-fy", "p-cpe:/a:mandriva:linux:firefox-es_AR", "p-cpe:/a:mandriva:linux:firefox-bn", "p-cpe:/a:mandriva:linux:firefox-sq", "p-cpe:/a:mandriva:linux:firefox-ka", "p-cpe:/a:mandriva:linux:firefox-ru", "p-cpe:/a:mandriva:linux:firefox-fr", "p-cpe:/a:mandriva:linux:firefox-zh_TW", "p-cpe:/a:mandriva:linux:firefox-te", "p-cpe:/a:mandriva:linux:firefox-eo", "p-cpe:/a:mandriva:linux:firefox-mk", "p-cpe:/a:mandriva:linux:firefox-ca", "p-cpe:/a:mandriva:linux:firefox-bg", "p-cpe:/a:mandriva:linux:firefox-et", "p-cpe:/a:mandriva:linux:firefox-si", "p-cpe:/a:mandriva:linux:firefox-pt_PT", "p-cpe:/a:mandriva:linux:firefox-cy", "p-cpe:/a:mandriva:linux:firefox-ko", "p-cpe:/a:mandriva:linux:firefox-nb_NO", "p-cpe:/a:mandriva:linux:firefox-uk", "p-cpe:/a:mandriva:linux:firefox-kn", "p-cpe:/a:mandriva:linux:firefox-ar", "p-cpe:/a:mandriva:linux:firefox-nn_NO", "p-cpe:/a:mandriva:linux:firefox-pt_BR", "p-cpe:/a:mandriva:linux:firefox-da", "p-cpe:/a:mandriva:linux:firefox-hu", "p-cpe:/a:mandriva:linux:firefox-sr", "p-cpe:/a:mandriva:linux:firefox-pl", "p-cpe:/a:mandriva:linux:firefox-gu_IN", "p-cpe:/a:mandriva:linux:firefox-cs", "p-cpe:/a:mandriva:linux:firefox-hi", "p-cpe:/a:mandriva:linux:firefox-th", "p-cpe:/a:mandriva:linux:firefox-en_GB", "p-cpe:/a:mandriva:linux:firefox-mr", "p-cpe:/a:mandriva:linux:firefox-he"], "id": "MANDRIVA_MDVSA-2009-111.NASL", "href": "https://www.tenable.com/plugins/nessus/38853", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:111. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38853);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-0652\", \"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1304\", \"CVE-2009-1305\", \"CVE-2009-1306\", \"CVE-2009-1307\", \"CVE-2009-1308\", \"CVE-2009-1309\", \"CVE-2009-1310\", \"CVE-2009-1311\", \"CVE-2009-1312\", \"CVE-2009-1313\");\n script_bugtraq_id(34743);\n script_xref(name:\"MDVSA\", value:\"2009:111-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : firefox (MDVSA-2009:111-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security vulnerabilities have been discovered in previous versions,\nand corrected in the latest Mozilla Firefox 3.x, version 3.0.10.\n(CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305,\nCVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308,\nCVE-2009-1309, CVE-2009-1310, CVE-2009-1311, CVE-2009-1312,\nCVE-2009-1313)\n\nThis update provides the latest Mozilla Firefox 3.x to correct these\nissues.\n\nAdditionally, some packages which require so, have been rebuilt and\nare being provided as updates.\n\nUpdate :\n\nThe recent Mozilla Firefox update missed the Firefox language packs\nfor Mandriva Linux 2009. This update provides them, fixing the issue.\"\n );\n # https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/#firefox3.0.10\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7bda8da0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 20, 79, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-en_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_AR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ga_IE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-gu_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nb_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nn_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-oc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pa_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pt_PT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sv_SE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-af-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ar-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-be-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-bg-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-bn-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ca-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-cs-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-cy-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-da-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-de-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-el-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-en_GB-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-eo-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-es_AR-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-es_ES-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-et-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-eu-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-fi-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-fr-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-fy-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ga_IE-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-gl-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-gu_IN-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-he-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-hi-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-hu-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-id-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-is-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-it-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ja-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ka-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-kn-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ko-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ku-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-lt-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-lv-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-mk-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-mn-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-mr-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-nb_NO-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-nl-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-nn_NO-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-oc-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-pa_IN-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-pl-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-pt_BR-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-pt_PT-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ro-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ru-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-si-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-sk-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-sl-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-sq-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-sr-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-sv_SE-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-te-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-th-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-tr-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-uk-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-zh_CN-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-zh_TW-3.0.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:09:15", "description": "Firefox version upgrade to 3.0.9 to fix various security bugs.\n(CVE-2009-1302 / CVE-2009-1303 / CVE-2009-1304 / CVE-2009-1305 /\nCVE-2009-1306 / CVE-2009-1307 / CVE-2009-1308 / CVE-2009-1309 /\nCVE-2009-1310 / CVE-2009-1311 / CVE-2009-1312 / CVE-2009-0652)", "edition": 25, "published": "2009-09-24T00:00:00", "title": "SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 835)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-0652", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1310", "CVE-2009-1303"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox"], "id": "SUSE_11_MOZILLAFIREFOX-090427.NASL", "href": "https://www.tenable.com/plugins/nessus/41354", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41354);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0652\", \"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1304\", \"CVE-2009-1305\", \"CVE-2009-1307\", \"CVE-2009-1308\", \"CVE-2009-1309\", \"CVE-2009-1311\", \"CVE-2009-1312\");\n\n script_name(english:\"SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 835)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Firefox version upgrade to 3.0.9 to fix various security bugs.\n(CVE-2009-1302 / CVE-2009-1303 / CVE-2009-1304 / CVE-2009-1305 /\nCVE-2009-1306 / CVE-2009-1307 / CVE-2009-1308 / CVE-2009-1309 /\nCVE-2009-1310 / CVE-2009-1311 / CVE-2009-1312 / CVE-2009-0652)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=495473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0652.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1302.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1303.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1304.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1305.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1307.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1308.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1309.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1311.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1312.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 835.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 20, 79, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"MozillaFirefox-3.0.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"MozillaFirefox-translations-3.0.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"MozillaFirefox-3.0.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-3.0.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"MozillaFirefox-3.0.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"MozillaFirefox-translations-3.0.9-0.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:25:36", "description": "Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305)\n\nSeveral flaws were found in the way malformed web content was\nprocessed. A web page containing malicious content could execute\narbitrary JavaScript in the context of the site, possibly presenting\nmisleading data to a user, or stealing sensitive information such as\nlogin credentials. (CVE-2009-0652, CVE-2009-1306, CVE-2009-1307,\nCVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1312)\n\nA flaw was found in the way Firefox saved certain web pages to a local\nfile. If a user saved the inner frame of a web page containing POST\ndata, the POST data could be revealed to the inner frame, possibly\nsurrendering sensitive information such as login credentials.\n(CVE-2009-1311)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.0.9. You can find a link to the\nMozilla advisories in the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.0.9, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 27, "published": "2010-01-06T00:00:00", "title": "CentOS 4 / 5 : firefox (CESA-2009:0436)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-0652", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1310", "CVE-2009-1303"], "modified": "2010-01-06T00:00:00", "cpe": ["p-cpe:/a:centos:centos:xulrunner-devel", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:xulrunner-devel-unstable", "p-cpe:/a:centos:centos:xulrunner", "p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2009-0436.NASL", "href": "https://www.tenable.com/plugins/nessus/43743", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0436 and \n# CentOS Errata and Security Advisory 2009:0436 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43743);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-0652\", \"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1304\", \"CVE-2009-1305\", \"CVE-2009-1306\", \"CVE-2009-1307\", \"CVE-2009-1308\", \"CVE-2009-1309\", \"CVE-2009-1310\", \"CVE-2009-1311\", \"CVE-2009-1312\");\n script_xref(name:\"RHSA\", value:\"2009:0436\");\n\n script_name(english:\"CentOS 4 / 5 : firefox (CESA-2009:0436)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305)\n\nSeveral flaws were found in the way malformed web content was\nprocessed. A web page containing malicious content could execute\narbitrary JavaScript in the context of the site, possibly presenting\nmisleading data to a user, or stealing sensitive information such as\nlogin credentials. (CVE-2009-0652, CVE-2009-1306, CVE-2009-1307,\nCVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1312)\n\nA flaw was found in the way Firefox saved certain web pages to a local\nfile. If a user saved the inner frame of a web page containing POST\ndata, the POST data could be revealed to the inner frame, possibly\nsurrendering sensitive information such as login credentials.\n(CVE-2009-1311)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.0.9. You can find a link to the\nMozilla advisories in the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.0.9, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015824.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?22afbd9f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015825.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?be42728a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015833.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6867de30\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015834.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6a21a8a6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 20, 79, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner-devel-unstable\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"firefox-3.0.9-1.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"firefox-3.0.9-1.el4.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-3.0.9-1.el5.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-1.9.0.9-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-devel-1.9.0.9-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-devel-unstable-1.9.0.9-1.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner / xulrunner-devel / xulrunner-devel-unstable\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:44:12", "description": "Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305)\n\nSeveral flaws were found in the way malformed web content was\nprocessed. A web page containing malicious content could execute\narbitrary JavaScript in the context of the site, possibly presenting\nmisleading data to a user, or stealing sensitive information such as\nlogin credentials. (CVE-2009-0652, CVE-2009-1306, CVE-2009-1307,\nCVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1312)\n\nA flaw was found in the way Firefox saved certain web pages to a local\nfile. If a user saved the inner frame of a web page containing POST\ndata, the POST data could be revealed to the inner frame, possibly\nsurrendering sensitive information such as login credentials.\n(CVE-2009-1311)\n\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.", "edition": 26, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-0652", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1310", "CVE-2009-1303"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090421_FIREFOX_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60572", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60572);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0652\", \"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1304\", \"CVE-2009-1305\", \"CVE-2009-1306\", \"CVE-2009-1307\", \"CVE-2009-1308\", \"CVE-2009-1309\", \"CVE-2009-1310\", \"CVE-2009-1311\", \"CVE-2009-1312\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305)\n\nSeveral flaws were found in the way malformed web content was\nprocessed. A web page containing malicious content could execute\narbitrary JavaScript in the context of the site, possibly presenting\nmisleading data to a user, or stealing sensitive information such as\nlogin credentials. (CVE-2009-0652, CVE-2009-1306, CVE-2009-1307,\nCVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1312)\n\nA flaw was found in the way Firefox saved certain web pages to a local\nfile. If a user saved the inner frame of a web page containing POST\ndata, the POST data could be revealed to the inner frame, possibly\nsurrendering sensitive information such as login credentials.\n(CVE-2009-1311)\n\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0904&L=scientific-linux-errata&T=0&P=2856\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c5a655e5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 20, 79, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"firefox-3.0.9-1.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"firefox-3.0.9-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-1.9.0.9-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-devel-1.9.0.9-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-devel-unstable-1.9.0.9-1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:44:32", "description": "Several flaws were discovered in the browser engine. If a user were\ntricked into viewing a malicious website, a remote attacker could\ncause a denial of service or possibly execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2009-1302,\nCVE-2009-1303, CVE-2009-1304, CVE-2009-1305)\n\nIt was discovered that Firefox displayed certain Unicode characters\nwhich could be visually confused with punctuation in valid web\naddresses in the location bar. An attacker could exploit this to spoof\nthe location bar, such as in a phishing attack. (CVE-2009-0652)\n\nSeveral flaws were discovered in the way Firefox processed malformed\nURI schemes. If a user were tricked into viewing a malicious website,\na remote attacker could execute arbitrary JavaScript or steal private\ndata. (CVE-2009-1306, CVE-2009-1307, CVE-2009-1309, CVE-2009-1310,\nCVE-2009-1312)\n\nCefn Hoile discovered Firefox did not adequately protect against\nembedded third-party stylesheets. An attacker could exploit this to\nperform script injection attacks using XBL bindings. (CVE-2009-1308)\n\nPaolo Amadini discovered that Firefox would submit POST data when\nreloading an inner frame of a web page. If a user were tricked into\nviewing a malicious website, a remote attacker could steal private\ndata. (CVE-2009-1311).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2009-04-23T00:00:00", "title": "Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-764-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-0652", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1310", "CVE-2009-1303"], "modified": "2009-04-23T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:abrowser", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dev", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-venkman", "p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-libthai", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-venkman", "p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dev", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk", "p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0-branding", "p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dev", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0", "p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-branding", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-venkman", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9"], "id": "UBUNTU_USN-764-1.NASL", "href": "https://www.tenable.com/plugins/nessus/36228", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-764-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36228);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-0652\", \"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1304\", \"CVE-2009-1305\", \"CVE-2009-1306\", \"CVE-2009-1307\", \"CVE-2009-1308\", \"CVE-2009-1309\", \"CVE-2009-1310\", \"CVE-2009-1311\", \"CVE-2009-1312\");\n script_xref(name:\"USN\", value:\"764-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-764-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were discovered in the browser engine. If a user were\ntricked into viewing a malicious website, a remote attacker could\ncause a denial of service or possibly execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2009-1302,\nCVE-2009-1303, CVE-2009-1304, CVE-2009-1305)\n\nIt was discovered that Firefox displayed certain Unicode characters\nwhich could be visually confused with punctuation in valid web\naddresses in the location bar. An attacker could exploit this to spoof\nthe location bar, such as in a phishing attack. (CVE-2009-0652)\n\nSeveral flaws were discovered in the way Firefox processed malformed\nURI schemes. If a user were tricked into viewing a malicious website,\na remote attacker could execute arbitrary JavaScript or steal private\ndata. (CVE-2009-1306, CVE-2009-1307, CVE-2009-1309, CVE-2009-1310,\nCVE-2009-1312)\n\nCefn Hoile discovered Firefox did not adequately protect against\nembedded third-party stylesheets. An attacker could exploit this to\nperform script injection attacks using XBL bindings. (CVE-2009-1308)\n\nPaolo Amadini discovered that Firefox would submit POST data when\nreloading an inner frame of a web page. If a user were tricked into\nviewing a malicious website, a remote attacker could steal private\ndata. (CVE-2009-1311).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/764-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 20, 79, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-libthai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2021 Canonical, Inc. / NASL script (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|8\\.10|9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 8.10 / 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0-dev\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0-dom-inspector\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0-gnome-support\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0-venkman\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-dev\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-dom-inspector\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-gnome-support\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso-dev\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso-dom-inspector\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso-gnome-support\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-libthai\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk-dev\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk-dom-inspector\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk-gnome-support\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk-venkman\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9\", pkgver:\"1.9.0.9+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9-dev\", pkgver:\"1.9.0.9+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9-dom-inspector\", pkgver:\"1.9.0.9+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9-gnome-support\", pkgver:\"1.9.0.9+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9-venkman\", pkgver:\"1.9.0.9+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"abrowser\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"abrowser-3.0-branding\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-3.0\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-3.0-branding\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-3.0-dev\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-3.0-dom-inspector\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-3.0-gnome-support\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-3.0-venkman\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-dev\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-dom-inspector\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-gnome-support\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-granparadiso\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-granparadiso-dev\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-granparadiso-dom-inspector\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-granparadiso-gnome-support\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-libthai\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-trunk\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-trunk-dev\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-trunk-dom-inspector\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-trunk-gnome-support\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-trunk-venkman\", pkgver:\"3.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"xulrunner-1.9\", pkgver:\"1.9.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"xulrunner-1.9-dev\", pkgver:\"1.9.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"xulrunner-1.9-dom-inspector\", pkgver:\"1.9.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"xulrunner-1.9-gnome-support\", pkgver:\"1.9.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"xulrunner-1.9-venkman\", pkgver:\"1.9.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"xulrunner-dev\", pkgver:\"1.9.0.9+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"abrowser\", pkgver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"abrowser-3.0-branding\", pkgver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox\", pkgver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0\", pkgver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0-branding\", pkgver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0-dev\", pkgver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0-dom-inspector\", pkgver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0-gnome-support\", pkgver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0-venkman\", pkgver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-dev\", pkgver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-dom-inspector\", pkgver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-gnome-support\", pkgver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-granparadiso\", pkgver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-granparadiso-dev\", pkgver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-granparadiso-dom-inspector\", pkgver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-granparadiso-gnome-support\", pkgver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-libthai\", pkgver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-trunk\", pkgver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-trunk-dev\", pkgver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-trunk-dom-inspector\", pkgver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-trunk-gnome-support\", pkgver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-trunk-venkman\", pkgver:\"3.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9\", pkgver:\"1.9.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9-dev\", pkgver:\"1.9.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9-dom-inspector\", pkgver:\"1.9.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9-gnome-support\", pkgver:\"1.9.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9-venkman\", pkgver:\"1.9.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-dev\", pkgver:\"1.9.0.9+nobinonly-0ubuntu0.9.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"abrowser / abrowser-3.0-branding / firefox / firefox-3.0 / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:49:12", "description": "The installed version of Firefox is earlier than 3.0.9. Such versions\nare potentially affected by the following security issues :\n\n - Multiple remote memory corruption vulnerabilities exist\n that can be exploited to execute arbitrary code in the\n context of the user running the affected application.\n (MFSA 2009-14)\n\n - A flaw may exist where Unicode box drawing characters\n are allowed in Internationalized Domain Names where they\n could be visually confused with punctuation used in\n valid web addresses. An attacker can leverage this to\n launch a phishing-type scam against a victim. \n (MFSA 2009-15)\n\n - A vulnerability exists when the 'jar:' scheme is used to\n wrap a URI which serves the content with\n 'Content-Disposition: attachment'. An attacker can\n leverage this to subvert sites that use this mechanism\n to mitigate content injection attacks. (MFSA 2009-16)\n \n - When an Adobe Flash file is loaded via the\n 'view-source:' scheme, the Flash plugin misinterprets\n the origin of the content as localhost. An attacker can\n leverage this to launch cross-site request forgery\n attacks. It is also possible to exploit this to place\n cookie-like objects on victim's computers.\n (MFSA 2009-17)\n\n - A vulnerability exists that allows attackers to inject\n arbitrary scripts into sites via XBL bindings. This\n vulnerability requires the attacker to have the ability\n to embed third-party stylesheets into the site. \n (MFSA 2009-18)\n\n - Multiple remote code execution vulnerabilities exist\n caused by the creation of documents whose URI does not\n match the document's principle using XMLHttpRequest, as\n well as a flaw in the 'XPCNativeWrapper.ToString'\n '__proto__' coming from the wrong scope. (MFSA 2009-19)\n\n - A malicious MozSearch plugin could be created using a\n javascript: URI in the SearchForm value. An attacker can\n leverage this in order to inject code into arbitrary\n sites. (MFSA 2009-20)\n\n - An information disclosure vulnerability exists when\n saving the inner frame of a web page as a file when the\n outer page has POST data associated with it. \n (MFSA 2009-21)\n\n - A cross-site scripting vulnerability exists when\n handling a Refresh header containing a javascript: URI.\n (MFSA 2009-22)", "edition": 29, "published": "2009-04-22T00:00:00", "title": "Firefox < 3.0.9 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-0652", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1310", "CVE-2009-1303"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_309.NASL", "href": "https://www.tenable.com/plugins/nessus/36215", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36215);\n script_version(\"1.20\");\n\n script_cve_id(\n \"CVE-2009-0652\", \n \"CVE-2009-1302\", \n \"CVE-2009-1303\", \n \"CVE-2009-1304\", \n \"CVE-2009-1305\",\n \"CVE-2009-1306\", \n \"CVE-2009-1307\", \n \"CVE-2009-1308\", \n \"CVE-2009-1309\", \n \"CVE-2009-1310\",\n \"CVE-2009-1311\", \n \"CVE-2009-1312\"\n );\n script_bugtraq_id(33837, 34656);\n\n script_name(english:\"Firefox < 3.0.9 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox is earlier than 3.0.9. Such versions\nare potentially affected by the following security issues :\n\n - Multiple remote memory corruption vulnerabilities exist\n that can be exploited to execute arbitrary code in the\n context of the user running the affected application.\n (MFSA 2009-14)\n\n - A flaw may exist where Unicode box drawing characters\n are allowed in Internationalized Domain Names where they\n could be visually confused with punctuation used in\n valid web addresses. An attacker can leverage this to\n launch a phishing-type scam against a victim. \n (MFSA 2009-15)\n\n - A vulnerability exists when the 'jar:' scheme is used to\n wrap a URI which serves the content with\n 'Content-Disposition: attachment'. An attacker can\n leverage this to subvert sites that use this mechanism\n to mitigate content injection attacks. (MFSA 2009-16)\n \n - When an Adobe Flash file is loaded via the\n 'view-source:' scheme, the Flash plugin misinterprets\n the origin of the content as localhost. An attacker can\n leverage this to launch cross-site request forgery\n attacks. It is also possible to exploit this to place\n cookie-like objects on victim's computers.\n (MFSA 2009-17)\n\n - A vulnerability exists that allows attackers to inject\n arbitrary scripts into sites via XBL bindings. This\n vulnerability requires the attacker to have the ability\n to embed third-party stylesheets into the site. \n (MFSA 2009-18)\n\n - Multiple remote code execution vulnerabilities exist\n caused by the creation of documents whose URI does not\n match the document's principle using XMLHttpRequest, as\n well as a flaw in the 'XPCNativeWrapper.ToString'\n '__proto__' coming from the wrong scope. (MFSA 2009-19)\n\n - A malicious MozSearch plugin could be created using a\n javascript: URI in the SearchForm value. An attacker can\n leverage this in order to inject code into arbitrary\n sites. (MFSA 2009-20)\n\n - An information disclosure vulnerability exists when\n saving the inner frame of a web page as a file when the\n outer page has POST data associated with it. \n (MFSA 2009-21)\n\n - A cross-site scripting vulnerability exists when\n handling a Refresh header containing a javascript: URI.\n (MFSA 2009-22)\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-14/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-15/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-16/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-17/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-18/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-19/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-20/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-21/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-22/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Firefox 3.0.9 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 20, 79, 200, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2009/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2009/04/21\");\n script_cvs_date(\"Date: 2018/07/17 12:00:07\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\nscript_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n exit(0);\n}\n\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\"); \n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'3.0.9', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:07:15", "description": "http://www.mozilla.org/security/known-\nvulnerabilities/firefox30.html#firefox3.0.9\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2009-04-23T00:00:00", "title": "Fedora 9 : Miro-2.0.3-3.fc9 / blam-1.8.5-8.fc9.1 / chmsee-1.0.1-11.fc9 / devhelp-0.19.1-11.fc9 / etc (2009-3875)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-0652", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1310", "CVE-2009-1303"], "modified": "2009-04-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:google-gadgets", "p-cpe:/a:fedoraproject:fedora:xulrunner", "p-cpe:/a:fedoraproject:fedora:firefox", "p-cpe:/a:fedoraproject:fedora:epiphany", "p-cpe:/a:fedoraproject:fedora:chmsee", "p-cpe:/a:fedoraproject:fedora:totem", "p-cpe:/a:fedoraproject:fedora:ruby-gnome2", "p-cpe:/a:fedoraproject:fedora:evolution-rss", "cpe:/o:fedoraproject:fedora:9", "p-cpe:/a:fedoraproject:fedora:mugshot", "p-cpe:/a:fedoraproject:fedora:kazehakase", "p-cpe:/a:fedoraproject:fedora:gnome-python2-extras", "p-cpe:/a:fedoraproject:fedora:epiphany-extensions", "p-cpe:/a:fedoraproject:fedora:blam", "p-cpe:/a:fedoraproject:fedora:gnome-web-photo", "p-cpe:/a:fedoraproject:fedora:galeon", "p-cpe:/a:fedoraproject:fedora:devhelp", "p-cpe:/a:fedoraproject:fedora:Miro", "p-cpe:/a:fedoraproject:fedora:mozvoikko", "p-cpe:/a:fedoraproject:fedora:gtkmozembedmm", "p-cpe:/a:fedoraproject:fedora:yelp"], "id": "FEDORA_2009-3875.NASL", "href": "https://www.tenable.com/plugins/nessus/37309", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-3875.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37309);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-0652\", \"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1304\", \"CVE-2009-1305\", \"CVE-2009-1306\", \"CVE-2009-1307\", \"CVE-2009-1308\", \"CVE-2009-1309\", \"CVE-2009-1310\", \"CVE-2009-1311\", \"CVE-2009-1312\");\n script_xref(name:\"FEDORA\", value:\"2009-3875\");\n\n script_name(english:\"Fedora 9 : Miro-2.0.3-3.fc9 / blam-1.8.5-8.fc9.1 / chmsee-1.0.1-11.fc9 / devhelp-0.19.1-11.fc9 / etc (2009-3875)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://www.mozilla.org/security/known-\nvulnerabilities/firefox30.html#firefox3.0.9\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.mozilla.org/security/known-\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/known-\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=486704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496262\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496266\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496274\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022628.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9aa2b83d\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022629.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6aaaa992\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022630.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?57ba0cab\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022631.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c452f848\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022632.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ed2bc550\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022633.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?de5ae17b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022634.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9160c89c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022635.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5a5e1487\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022636.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c51bc107\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022637.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5294cc4d\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022638.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?76e1bd03\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022639.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?746611a6\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022640.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ce5dd47a\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022641.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?59a05df6\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022642.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ee681e20\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022643.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1979407f\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022644.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?30f035ab\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022645.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?20bd9531\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022646.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f2e57fc3\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022647.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?95acaffc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 20, 79, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:Miro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:blam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chmsee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:evolution-rss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-web-photo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:google-gadgets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gtkmozembedmm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kazehakase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mugshot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-gnome2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:totem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"Miro-2.0.3-3.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"blam-1.8.5-8.fc9.1\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"chmsee-1.0.1-11.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"devhelp-0.19.1-11.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"epiphany-2.22.2-10.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"epiphany-extensions-2.22.1-10.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"evolution-rss-0.1.0-10.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"firefox-3.0.9-1.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"galeon-2.0.7-9.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"gnome-python2-extras-2.19.1-26.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"gnome-web-photo-0.3-20.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"google-gadgets-0.10.5-5.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"gtkmozembedmm-1.4.2.cvs20060817-28.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"kazehakase-0.5.6-4.fc9.1\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"mozvoikko-0.9.5-9.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"mugshot-1.2.2-8.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"ruby-gnome2-0.17.0-8.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"totem-2.23.2-14.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"xulrunner-1.9.0.9-1.fc9\")) flag++;\nif (rpm_check(release:\"FC9\", reference:\"yelp-2.22.1-11.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Miro / blam / chmsee / devhelp / epiphany / epiphany-extensions / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:06:37", "description": "Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305)\n\nSeveral flaws were found in the way malformed web content was\nprocessed. A web page containing malicious content could execute\narbitrary JavaScript in the context of the site, possibly presenting\nmisleading data to a user, or stealing sensitive information such as\nlogin credentials. (CVE-2009-0652, CVE-2009-1306, CVE-2009-1307,\nCVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1312)\n\nA flaw was found in the way Firefox saved certain web pages to a local\nfile. If a user saved the inner frame of a web page containing POST\ndata, the POST data could be revealed to the inner frame, possibly\nsurrendering sensitive information such as login credentials.\n(CVE-2009-1311)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.0.9. You can find a link to the\nMozilla advisories in the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.0.9, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 28, "published": "2009-04-22T00:00:00", "title": "RHEL 4 / 5 : firefox (RHSA-2009:0436)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-0652", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1310", "CVE-2009-1303"], "modified": "2009-04-22T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:xulrunner-devel-unstable", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3", "p-cpe:/a:redhat:enterprise_linux:xulrunner", "p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:xulrunner-devel", "cpe:/o:redhat:enterprise_linux:4.7"], "id": "REDHAT-RHSA-2009-0436.NASL", "href": "https://www.tenable.com/plugins/nessus/36213", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0436. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36213);\n script_version(\"1.33\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0652\", \"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1304\", \"CVE-2009-1305\", \"CVE-2009-1306\", \"CVE-2009-1307\", \"CVE-2009-1308\", \"CVE-2009-1309\", \"CVE-2009-1310\", \"CVE-2009-1311\", \"CVE-2009-1312\");\n script_xref(name:\"RHSA\", value:\"2009:0436\");\n\n script_name(english:\"RHEL 4 / 5 : firefox (RHSA-2009:0436)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305)\n\nSeveral flaws were found in the way malformed web content was\nprocessed. A web page containing malicious content could execute\narbitrary JavaScript in the context of the site, possibly presenting\nmisleading data to a user, or stealing sensitive information such as\nlogin credentials. (CVE-2009-0652, CVE-2009-1306, CVE-2009-1307,\nCVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1312)\n\nA flaw was found in the way Firefox saved certain web pages to a local\nfile. If a user saved the inner frame of a web page containing POST\ndata, the POST data could be revealed to the inner frame, possibly\nsurrendering sensitive information such as login credentials.\n(CVE-2009-1311)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.0.9. You can find a link to the\nMozilla advisories in the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.0.9, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1312\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d7d74da4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0436\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 20, 79, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel-unstable\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0436\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"firefox-3.0.9-1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-3.0.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-1.9.0.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-devel-1.9.0.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xulrunner-devel-unstable-1.9.0.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xulrunner-devel-unstable-1.9.0.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xulrunner-devel-unstable-1.9.0.9-1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner / xulrunner-devel / xulrunner-devel-unstable\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:16", "description": "http://www.mozilla.org/security/known-\nvulnerabilities/firefox30.html#firefox3.0.9\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2009-04-27T00:00:00", "title": "Fedora 10 : Miro-2.0.3-3.fc10 / blam-1.8.5-9.fc10 / devhelp-0.22-7.fc10 / epiphany-2.24.3-5.fc10 / etc (2009-3893)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-0652", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1310", "CVE-2009-1303"], "modified": "2009-04-27T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:google-gadgets", "p-cpe:/a:fedoraproject:fedora:xulrunner", "p-cpe:/a:fedoraproject:fedora:pcmanx-gtk2", "p-cpe:/a:fedoraproject:fedora:firefox", "p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed", "p-cpe:/a:fedoraproject:fedora:epiphany", "p-cpe:/a:fedoraproject:fedora:gecko-sharp2", "p-cpe:/a:fedoraproject:fedora:ruby-gnome2", "p-cpe:/a:fedoraproject:fedora:mugshot", "p-cpe:/a:fedoraproject:fedora:kazehakase", "p-cpe:/a:fedoraproject:fedora:gnome-python2-extras", "p-cpe:/a:fedoraproject:fedora:epiphany-extensions", "p-cpe:/a:fedoraproject:fedora:blam", "p-cpe:/a:fedoraproject:fedora:gnome-web-photo", "p-cpe:/a:fedoraproject:fedora:galeon", "p-cpe:/a:fedoraproject:fedora:devhelp", "p-cpe:/a:fedoraproject:fedora:Miro", "p-cpe:/a:fedoraproject:fedora:mozvoikko", "p-cpe:/a:fedoraproject:fedora:yelp"], "id": "FEDORA_2009-3893.NASL", "href": "https://www.tenable.com/plugins/nessus/38160", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-3893.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38160);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-0652\", \"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1304\", \"CVE-2009-1305\", \"CVE-2009-1306\", \"CVE-2009-1307\", \"CVE-2009-1308\", \"CVE-2009-1309\", \"CVE-2009-1310\", \"CVE-2009-1311\", \"CVE-2009-1312\");\n script_xref(name:\"FEDORA\", value:\"2009-3893\");\n\n script_name(english:\"Fedora 10 : Miro-2.0.3-3.fc10 / blam-1.8.5-9.fc10 / devhelp-0.22-7.fc10 / epiphany-2.24.3-5.fc10 / etc (2009-3893)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://www.mozilla.org/security/known-\nvulnerabilities/firefox30.html#firefox3.0.9\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.mozilla.org/security/known-\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/known-\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=486704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496262\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496266\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496274\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022669.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dccb9213\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022670.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1da9ac9b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022671.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?51fe0944\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022672.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f985006\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022673.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a89ae252\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022674.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e2adbb8c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022675.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ac33e9d8\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022676.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?678d1f11\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022677.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7843c11a\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022678.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a62512b4\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022679.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ec92897c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022680.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?03464481\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022681.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?44c2b183\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022682.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d4d6567f\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022683.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?731f7011\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022684.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?32adc53e\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022685.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4fb13176\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022686.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?897d9064\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022687.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1989b08b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 20, 79, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:Miro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:blam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gecko-sharp2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-web-photo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:google-gadgets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kazehakase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mugshot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pcmanx-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-gnome2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"Miro-2.0.3-3.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"blam-1.8.5-9.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"devhelp-0.22-7.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"epiphany-2.24.3-5.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"epiphany-extensions-2.24.0-7.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"firefox-3.0.9-1.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"galeon-2.0.7-9.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"gecko-sharp2-0.13-7.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"gnome-python2-extras-2.19.1-29.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"gnome-web-photo-0.3-17.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"google-gadgets-0.10.5-5.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"kazehakase-0.5.6-4.fc10.1\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"mozvoikko-0.9.5-9.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"mugshot-1.2.2-8.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"pcmanx-gtk2-0.3.8-8.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"perl-Gtk2-MozEmbed-0.08-5.fc10.2\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"ruby-gnome2-0.18.1-5.fc10.1\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"xulrunner-1.9.0.9-1.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"yelp-2.24.0-8.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Miro / blam / devhelp / epiphany / epiphany-extensions / firefox / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:44:26", "description": "From Red Hat Security Advisory 2009:0436 :\n\nUpdated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305)\n\nSeveral flaws were found in the way malformed web content was\nprocessed. A web page containing malicious content could execute\narbitrary JavaScript in the context of the site, possibly presenting\nmisleading data to a user, or stealing sensitive information such as\nlogin credentials. (CVE-2009-0652, CVE-2009-1306, CVE-2009-1307,\nCVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1312)\n\nA flaw was found in the way Firefox saved certain web pages to a local\nfile. If a user saved the inner frame of a web page containing POST\ndata, the POST data could be revealed to the inner frame, possibly\nsurrendering sensitive information such as login credentials.\n(CVE-2009-1311)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.0.9. You can find a link to the\nMozilla advisories in the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.0.9, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 / 5 : firefox (ELSA-2009-0436)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-0652", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1310", "CVE-2009-1303"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:xulrunner", "p-cpe:/a:oracle:linux:firefox", "p-cpe:/a:oracle:linux:xulrunner-devel-unstable", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:xulrunner-devel"], "id": "ORACLELINUX_ELSA-2009-0436.NASL", "href": "https://www.tenable.com/plugins/nessus/67847", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:0436 and \n# Oracle Linux Security Advisory ELSA-2009-0436 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67847);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0652\", \"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1304\", \"CVE-2009-1305\", \"CVE-2009-1306\", \"CVE-2009-1307\", \"CVE-2009-1308\", \"CVE-2009-1309\", \"CVE-2009-1310\", \"CVE-2009-1311\", \"CVE-2009-1312\");\n script_xref(name:\"RHSA\", value:\"2009:0436\");\n\n script_name(english:\"Oracle Linux 4 / 5 : firefox (ELSA-2009-0436)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:0436 :\n\nUpdated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305)\n\nSeveral flaws were found in the way malformed web content was\nprocessed. A web page containing malicious content could execute\narbitrary JavaScript in the context of the site, possibly presenting\nmisleading data to a user, or stealing sensitive information such as\nlogin credentials. (CVE-2009-0652, CVE-2009-1306, CVE-2009-1307,\nCVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1312)\n\nA flaw was found in the way Firefox saved certain web pages to a local\nfile. If a user saved the inner frame of a web page containing POST\ndata, the POST data could be revealed to the inner frame, possibly\nsurrendering sensitive information such as login credentials.\n(CVE-2009-1311)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.0.9. You can find a link to the\nMozilla advisories in the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.0.9, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-April/000981.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-April/000983.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 20, 79, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner-devel-unstable\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"firefox-3.0.9-1.0.1.el4\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"firefox-3.0.9-1.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-1.9.0.9-1.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-devel-1.9.0.9-1.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-devel-unstable-1.9.0.9-1.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner / xulrunner-devel / xulrunner-devel-unstable\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:32", "bulletinFamily": "software", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-0652", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1313", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1310", "CVE-2009-1303"], "description": "Memory corruption, same policy origin violation, crossite scripting.", "edition": 1, "modified": "2009-04-28T00:00:00", "published": "2009-04-28T00:00:00", "id": "SECURITYVULNS:VULN:9869", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9869", "title": "Mozilla Firefox / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-08T23:42:07", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-0652", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1310", "CVE-2009-1303"], "description": "Several flaws were discovered in the browser engine. If a user were tricked \ninto viewing a malicious website, a remote attacker could cause a denial of \nservice or possibly execute arbitrary code with the privileges of the user \ninvoking the program. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, \nCVE-2009-1305)\n\nIt was discovered that Firefox displayed certain Unicode characters which \ncould be visually confused with punctuation in valid web addresses in the \nlocation bar. An attacker could exploit this to spoof the location bar, \nsuch as in a phishing attack. (CVE-2009-0652)\n\nSeveral flaws were discovered in the way Firefox processed malformed URI \nschemes. If a user were tricked into viewing a malicious website, a remote \nattacker could execute arbitrary JavaScript or steal private data. \n(CVE-2009-1306, CVE-2009-1307, CVE-2009-1309, CVE-2009-1310, CVE-2009-1312)\n\nCefn Hoile discovered Firefox did not adequately protect against embedded \nthird-party stylesheets. An attacker could exploit this to perform script \ninjection attacks using XBL bindings. (CVE-2009-1308)\n\nPaolo Amadini discovered that Firefox would submit POST data when reloading \nan inner frame of a web page. If a user were tricked into viewing a \nmalicious website, a remote attacker could steal private data. \n(CVE-2009-1311)", "edition": 5, "modified": "2009-04-23T00:00:00", "published": "2009-04-23T00:00:00", "id": "USN-764-1", "href": "https://ubuntu.com/security/notices/USN-764-1", "title": "Firefox and Xulrunner vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:47:11", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0652", "CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305", "CVE-2009-1306", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309", "CVE-2009-1310", "CVE-2009-1311", "CVE-2009-1312"], "description": "Mozilla Firefox is an open source Web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305)\n\nSeveral flaws were found in the way malformed web content was processed. A\nweb page containing malicious content could execute arbitrary JavaScript in\nthe context of the site, possibly presenting misleading data to a user, or\nstealing sensitive information such as login credentials. (CVE-2009-0652,\nCVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310,\nCVE-2009-1312)\n\nA flaw was found in the way Firefox saved certain web pages to a local\nfile. If a user saved the inner frame of a web page containing POST data,\nthe POST data could be revealed to the inner frame, possibly surrendering\nsensitive information such as login credentials. (CVE-2009-1311)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.0.9. You can find a link to the Mozilla advisories\nin the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.0.9, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.", "modified": "2017-09-08T11:48:52", "published": "2009-04-21T04:00:00", "id": "RHSA-2009:0436", "href": "https://access.redhat.com/errata/RHSA-2009:0436", "type": "redhat", "title": "(RHSA-2009:0436) Critical: firefox security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:05", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-0652", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1310", "CVE-2009-1303"], "description": "firefox:\n[3.0.9-1.0.1.el5]\n- Update firstrun and homepage URLs\n- Added firefox-oracle-default-prefs.js/firefox-oracle-default-bookmarks.html\n and removed the corresponding Red Hat ones\n- Added patch oracle-firefox-branding.patch\n[3.0.9-1]\n- Update to Firefox 3.0.9\n- Gnome crash dialog disabled (#493455) \nxulrunner:\n[1.9.0.9-1.0.1.el5]\n- Added xulrunner-oracle-default-prefs.js and removed the corresponding\n RedHat one\n[1.9.0.9-1]\n- Update to 1.9.0.9 ", "edition": 4, "modified": "2009-04-22T00:00:00", "published": "2009-04-22T00:00:00", "id": "ELSA-2009-0436", "href": "http://linux.oracle.com/errata/ELSA-2009-0436.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0652", "CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305", "CVE-2009-1306", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309", "CVE-2009-1310", "CVE-2009-1311", "CVE-2009-1312"], "description": "Yelp is the Gnome 2 help/documentation browser. It is designed to help you browse all the documentation on your system in one central tool. ", "modified": "2009-04-24T19:52:12", "published": "2009-04-24T19:52:12", "id": "FEDORA:39FF110F899", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: yelp-2.24.0-8.fc10", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0652", "CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305", "CVE-2009-1306", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309", "CVE-2009-1310", "CVE-2009-1311", "CVE-2009-1312"], "description": "An API document browser for GNOME 2. ", "modified": "2009-04-24T19:52:12", "published": "2009-04-24T19:52:12", "id": "FEDORA:F2F4C10F88C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: devhelp-0.22-7.fc10", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0652", "CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305", "CVE-2009-1306", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309", "CVE-2009-1310", "CVE-2009-1311", "CVE-2009-1312"], "description": "XULRunner provides the XUL Runtime environment for Gecko applications. ", "modified": "2009-04-22T20:27:04", "published": "2009-04-22T20:27:04", "id": "FEDORA:74C0110F878", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: xulrunner-1.9.0.9-1.fc9", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0652", "CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305", "CVE-2009-1306", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309", "CVE-2009-1310", "CVE-2009-1311", "CVE-2009-1312"], "description": "An API document browser for GNOME 2. ", "modified": "2009-04-22T20:27:04", "published": "2009-04-22T20:27:04", "id": "FEDORA:B641F10F88B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: devhelp-0.19.1-11.fc9", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0652", "CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305", "CVE-2009-1306", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309", "CVE-2009-1310", "CVE-2009-1311", "CVE-2009-1312"], "description": "This module allows you to use the Mozilla embedding widget from Perl. ", "modified": "2009-04-24T19:52:12", "published": "2009-04-24T19:52:12", "id": "FEDORA:2CA0810F896", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: perl-Gtk2-MozEmbed-0.08-5.fc10.2", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0652", "CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305", "CVE-2009-1306", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309", "CVE-2009-1310", "CVE-2009-1311", "CVE-2009-1312"], "description": "Miro is a free application that turns your computer into an internet TV video player. This release is still a beta version, which means that there are some bugs, but we're moving quickly to fix them and will be releasing bug fixes on a regular basis. ", "modified": "2009-04-24T19:52:12", "published": "2009-04-24T19:52:12", "id": "FEDORA:13DA910F893", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: Miro-2.0.3-3.fc10", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0652", "CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305", "CVE-2009-1306", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309", "CVE-2009-1310", "CVE-2009-1311", "CVE-2009-1312"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. ", "modified": "2009-04-24T19:52:12", "published": "2009-04-24T19:52:12", "id": "FEDORA:CDF0D10F886", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: firefox-3.0.9-1.fc10", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0652", "CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305", "CVE-2009-1306", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309", "CVE-2009-1310", "CVE-2009-1311", "CVE-2009-1312"], "description": "This is an evolution plugin which enables evolution to read rss feeds. ", "modified": "2009-04-22T20:27:04", "published": "2009-04-22T20:27:04", "id": "FEDORA:BCF4110F88C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: evolution-rss-0.1.0-10.fc9", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0652", "CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305", "CVE-2009-1306", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309", "CVE-2009-1310", "CVE-2009-1311", "CVE-2009-1312"], "description": "Epiphany is a simple GNOME web browser based on the Mozilla rendering engine. ", "modified": "2009-04-24T19:52:12", "published": "2009-04-24T19:52:12", "id": "FEDORA:EC9D110F88B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: epiphany-2.24.3-5.fc10", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0652", "CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305", "CVE-2009-1306", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309", "CVE-2009-1310", "CVE-2009-1311", "CVE-2009-1312"], "description": "Epiphany Extensions is a collection of extensions for Epiphany, the GNOME web browser. ", "modified": "2009-04-22T20:27:04", "published": "2009-04-22T20:27:04", "id": "FEDORA:9CC8A10F885", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: epiphany-extensions-2.22.1-10.fc9", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-07-17T03:30:47", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-0652", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1310", "CVE-2009-1303"], "description": "**CentOS Errata and Security Advisory** CESA-2009:0436\n\n\nMozilla Firefox is an open source Web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305)\n\nSeveral flaws were found in the way malformed web content was processed. A\nweb page containing malicious content could execute arbitrary JavaScript in\nthe context of the site, possibly presenting misleading data to a user, or\nstealing sensitive information such as login credentials. (CVE-2009-0652,\nCVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310,\nCVE-2009-1312)\n\nA flaw was found in the way Firefox saved certain web pages to a local\nfile. If a user saved the inner frame of a web page containing POST data,\nthe POST data could be revealed to the inner frame, possibly surrendering\nsensitive information such as login credentials. (CVE-2009-1311)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.0.9. You can find a link to the Mozilla advisories\nin the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.0.9, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/027862.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/027863.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/027871.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/027872.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\nxulrunner-devel-unstable\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-0436.html", "edition": 5, "modified": "2009-04-28T22:08:32", "published": "2009-04-23T11:19:15", "href": "http://lists.centos.org/pipermail/centos-announce/2009-April/027862.html", "id": "CESA-2009:0436", "title": "firefox, xulrunner security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:15", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1310", "CVE-2009-1303"], "description": "\nMozilla Foundation reports:\n\nMFSA 2009-22: Firefox allows Refresh header to redirect to\n\t javascript: URIs\nMFSA 2009-21: POST data sent to wrong site when saving web page\n\t with embedded frame\nMFSA 2009-20: Malicious search plugins can inject code into\n\t arbitrary sites\nMFSA 2009-19: Same-origin violations in XMLHttpRequest and\n\t XPCNativeWrapper.toString\nMFSA 2009-18: XSS hazard using third-party stylesheets and XBL\n\t bindings\nMFSA 2009-17: Same-origin violations when Adobe Flash loaded via\n\t view-source: scheme\nMFSA 2009-16: jar: scheme ignores the content-disposition: header\n\t on the inner URI\nMFSA 2009-15: URL spoofing with box drawing character\nMFSA 2009-14 Crashes with evidence of memory corruption\n\t (rv:1.9.0.9)\n\n", "edition": 4, "modified": "2009-12-12T00:00:00", "published": "2009-04-21T00:00:00", "id": "3B18E237-2F15-11DE-9672-0030843D3802", "href": "https://vuxml.freebsd.org/freebsd/3b18e237-2f15-11de-9672-0030843d3802.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:21:39", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1305", "CVE-2009-1312", "CVE-2009-1304", "CVE-2009-1311", "CVE-2009-0652", "CVE-2009-1309", "CVE-2009-1308", "CVE-2009-1306", "CVE-2009-1302", "CVE-2009-1307", "CVE-2009-1303"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1797-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMay 09, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : xulrunner\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2009-0652 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1311\n\nSeveral remote vulnerabilities have been discovered in Xulrunner, a \nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2009-0652\n\n Moxie Marlinspike discovered that Unicode box drawing characters inside of\n internationalised domain names could be used for phishing attacks.\n\nCVE-2009-1302\n\n Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman\n and Gary Kwong reported crashes in the in the layout engine, which might\n allow the execution of arbitrary code.\n\nCVE-2009-1303\n\n Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman\n and Gary Kwong reported crashes in the in the layout engine, which might\n allow the execution of arbitrary code.\n\nCVE-2009-1304\n\n Igor Bukanov and Bob Clary discovered crashes in the Javascript engine,\n which might allow the execution of arbitrary code.\n\nCVE-2009-1305\n\n Igor Bukanov and Bob Clary discovered crashes in the Javascript engine,\n which might allow the execution of arbitrary code.\n\nCVE-2009-1306\n\n Daniel Veditz discovered that the Content-Disposition: header is ignored\n within the jar: URI scheme.\n\nCVE-2009-1307\n\n Gregory Fleischer discovered that the same-origin policy for Flash files\n is inproperly enforced for files loaded through the view-source scheme,\n which may result in bypass of cross-domain policy restrictions.\n\nCVE-2009-1308\n\n Cefn Hoile discovered that sites, which allow the embedding of third-party\n stylesheets are vulnerable to cross-site scripting attacks through XBL\n bindings.\n\nCVE-2009-1309\n\n "moz_bug_r_a4" discovered bypasses of the same-origin policy in the\n XMLHttpRequest Javascript API and the XPCNativeWrapper.\n\nCVE-2009-1311\n\n Paolo Amadini discovered that incorrect handling of POST data when\n saving a web site with an embedded frame may lead to information disclosure.\n\nCVE-2009-1312\n\n It was discovered that Iceweasel allows Refresh: headers to redirect\n to Javascript URIs, resulting in cross-site scripting.\n\nFor the stable distribution (lenny), these problems have been fixed\nin version 1.9.0.9-0lenny2.\n\nAs indicated in the Etch release notes, security support for the\nMozilla products in the oldstable distribution needed to be stopped\nbefore the end of the regular Etch security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a still\nsupported browser.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.0.9-1.\n\nWe recommend that you upgrade your xulrunner packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.9-0lenny2.diff.gz\n Size/MD5 checksum: 117026 d09669d48cd57ec9457f027e1cbb6513\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.9.orig.tar.gz\n Size/MD5 checksum: 43676083 2d15d3f226cf0fc7210eb112cdbd2869\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.9-0lenny2.dsc\n Size/MD5 checksum: 1785 4dfb97c89b31cc0395fe3e07ace099ad\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.9-0lenny2_all.deb\n Size/MD5 checksum: 1483776 a42bf756251f9e3e206ede146db8f956\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.9-0lenny2_alpha.deb\n Size/MD5 checksum: 111514 f9b3e0f98e2d20a0b809d21f8cf972e8\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.9-0lenny2_alpha.deb\n Size/MD5 checksum: 51060838 f7811d5fce5d7a9d9543be65a03cec4b\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.9-0lenny2_alpha.deb\n Size/MD5 checksum: 220742 2c1ed1e0ca8e9ca72875c69455559b26\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.9-0lenny2_alpha.deb\n Size/MD5 checksum: 9481232 2a10dd4c6875e7c8271fef8ba99dcedb\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.9-0lenny2_alpha.deb\n Size/MD5 checksum: 428902 03eeed45c2d4ed5197af04aa56a0e7c3\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.9-0lenny2_alpha.deb\n Size/MD5 checksum: 3648686 e8dcddf93a00cde658b9098048d77261\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.9-0lenny2_alpha.deb\n Size/MD5 checksum: 163408 fea42d292bf78fe08f73d98b2d9e178a\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.9-0lenny2_alpha.deb\n Size/MD5 checksum: 933068 ee853413c63b6fe073c58e2701bc00ab\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.9-0lenny2_alpha.deb\n Size/MD5 checksum: 71174 53af8db13e823906067c8385b32b2dcc\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.9-0lenny2_amd64.deb\n Size/MD5 checksum: 7727524 36d598c003dcb0b8e4c17f360b0681a3\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.9-0lenny2_amd64.deb\n Size/MD5 checksum: 887532 cccbd9c7cf928cdbf524349874143a70\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.9-0lenny2_amd64.deb\n Size/MD5 checksum: 151242 0075b6dc5736b7ffb43161a20cd569e9\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.9-0lenny2_amd64.deb\n Size/MD5 checksum: 371988 bb3c915099c05bc4ea9f0e9c0f5dcf4c\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.9-0lenny2_amd64.deb\n Size/MD5 checksum: 68952 92c0e7c9a369e29c2eaa10c508e9ef00\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.9-0lenny2_amd64.deb\n Size/MD5 checksum: 50280932 6b6a63494c6f7411a8e98331ae952fb6\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.9-0lenny2_amd64.deb\n Size/MD5 checksum: 100880 ab27a51c6ad46ead60760e90519f4e5c\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.9-0lenny2_amd64.deb\n Size/MD5 checksum: 3583500 7cf24c1188cb886612a2c26915467f60\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.9-0lenny2_amd64.deb\n Size/MD5 checksum: 220552 638e195878722d207df6f63d22dc0190\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.9-0lenny2_arm.deb\n Size/MD5 checksum: 67188 87bc838f4f3670f9351c24fc1a0bee83\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.9-0lenny2_arm.deb\n Size/MD5 checksum: 49237086 71c4d1c873dfdcea156ac2ff17fb7bdd\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.9-0lenny2_arm.deb\n Size/MD5 checksum: 3578816 4e2ff63e582037fec48658747f99ba0a\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.9-0lenny2_arm.deb\n Size/MD5 checksum: 141146 48e1e4f7e842de538505c558d32626ce\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.9-0lenny2_arm.deb\n Size/MD5 checksum: 348552 6e33e224e6495782a2770c9e2517c785\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.9-0lenny2_arm.deb\n Size/MD5 checksum: 814400 6d91a49ce94c64d1d168c6b78a6b41a4\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.9-0lenny2_arm.deb\n Size/MD5 checksum: 83412 62e4f3c8140c7dd842c08b3cae2d90be\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.9-0lenny2_arm.deb\n Size/MD5 checksum: 6790870 429d3a80ad4929f50f932bc2a9f55d70\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.9-0lenny2_arm.deb\n Size/MD5 checksum: 222650 88d47b4b6bfa2fff6fbb52f444d55910\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.9-0lenny2_armel.deb\n Size/MD5 checksum: 140878 62b5c5aff1efdd654e4fdb336241df71\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.9-0lenny2_armel.deb\n Size/MD5 checksum: 3576452 b1f3f4274747850f65ff6c6bc0321a5a\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.9-0lenny2_armel.deb\n Size/MD5 checksum: 83860 74c170216a259ceb9c65f15654d9f1bf\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.9-0lenny2_armel.deb\n Size/MD5 checksum: 68854 ebabe0aff31cbf050f5539dd65841d84\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.9-0lenny2_armel.deb\n Size/MD5 checksum: 350300 ecf4a8c2404b099f24f04b6b9da4d29a\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.9-0lenny2_armel.deb\n Size/MD5 checksum: 6941614 70f8d7debcdadac8f7344d483102966c\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.9-0lenny2_armel.deb\n Size/MD5 checksum: 222324 838ad274ad9c4d1ae4520d20337ef5f5\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.9-0lenny2_armel.deb\n Size/MD5 checksum: 50076310 ab97521543110a0fbc5f2ef5fa24a1ba\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.9-0lenny2_armel.deb\n Size/MD5 checksum: 818918 67f9d2de565405f736be414f22883a3d\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.9-0lenny2_hppa.deb\n Size/MD5 checksum: 408960 b804388039608c12f3839cf661f66198\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.9-0lenny2_hppa.deb\n Size/MD5 checksum: 221864 dc011e19e0e51ca360814e2ccac45ff5\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.9-0lenny2_hppa.deb\n Size/MD5 checksum: 51165016 dc62b362f3a484e63dfd4c4e0a3abd8f\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.9-0lenny2_hppa.deb\n Size/MD5 checksum: 105354 e56c6f430f6bf0c440d32d9d77f521ec\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.9-0lenny2_hppa.deb\n Size/MD5 checksum: 70442 a93054b9893c8560744735056faa0782\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.9-0lenny2_hppa.deb\n Size/MD5 checksum: 158222 763d8678b7b0847d5892ecd91aa1aed2\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.9-0lenny2_hppa.deb\n Size/MD5 checksum: 3618860 9f74be813e8e955fc0e17ddf2ba956ed\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.9-0lenny2_hppa.deb\n Size/MD5 checksum: 9497008 f4b428777416a985792a4205fe2c4559\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.9-0lenny2_hppa.deb\n Size/MD5 checksum: 895604 a40bd99de09688c3cebc1afb8f9b0ed3\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.9-0lenny2_i386.deb\n Size/MD5 checksum: 67304 a365211be353564113d2dd7674902022\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.9-0lenny2_i386.deb\n Size/MD5 checksum: 49446708 55375bd2f9c55fad85bdf642ba148b8b\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.9-0lenny2_i386.deb\n Size/MD5 checksum: 222280 a30bec3e1243fbcc85e10b50c70b0eec\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.9-0lenny2_i386.deb\n Size/MD5 checksum: 849508 051f75cda756e30664ce1b90d884def5\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.9-0lenny2_i386.deb\n Size/MD5 checksum: 3562302 1534d9cba1162456023d4bef69b786e0\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.9-0lenny2_i386.deb\n Size/MD5 checksum: 140878 5520c260080eb9c08bbd1708d36eaecd\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.9-0lenny2_i386.deb\n Size/MD5 checksum: 6590836 c632ce21a2a5fd4257283ff7cf32bef4\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.9-0lenny2_i386.deb\n Size/MD5 checksum: 78612 353db3ef38a240bb039c550c33616610\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.9-0lenny2_i386.deb\n Size/MD5 checksum: 348080 1f8dd3a001b62aabbce52ded83717f77\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.9-0lenny2_ia64.deb\n Size/MD5 checksum: 538866 a0fc35488ffb492956c1b2602f3332fa\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.9-0lenny2_ia64.deb\n Size/MD5 checksum: 179534 c70d0f8e437de971416dd66af25ecffd\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.9-0lenny2_ia64.deb\n Size/MD5 checksum: 222276 45cc6e76a2aae05706272ab4f0b2b9ef\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.9-0lenny2_ia64.deb\n Size/MD5 checksum: 75556 e70c1001ce1cba88bcd2970e271af0ff\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.9-0lenny2_ia64.deb\n Size/MD5 checksum: 121026 828e0e511c559d05c40c88171bd03aff\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.9-0lenny2_ia64.deb\n Size/MD5 checksum: 11282130 23f4515cf3fb9ea5af74da10235236ee\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.9-0lenny2_ia64.deb\n Size/MD5 checksum: 49618524 635a2adbe4c8c0723e2f3e598c172872\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.9-0lenny2_ia64.deb\n Size/MD5 checksum: 3393098 3348f2fda7f048257b66b9b1934c955b\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.9-0lenny2_ia64.deb\n Size/MD5 checksum: 809114 78ae7bcb24e0b8710336fb170d82e90e\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.9-0lenny2_mips.deb\n Size/MD5 checksum: 144800 6b1d8b5d6844b88a87c6f0d64fd3a5cc\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.9-0lenny2_mips.deb\n Size/MD5 checksum: 222288 42ff24ac5979ebccbfeeec2409a18efd\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.9-0lenny2_mips.deb\n Size/MD5 checksum: 51798468 200dcac5fb819d0093740d8b528c20a5\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.9-0lenny2_mips.deb\n Size/MD5 checksum: 914892 24a8f94d6576adfaf8219489667e9349\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.9-0lenny2_mips.deb\n Size/MD5 checksum: 377492 3da9e13727df30690dab740c3a11a4f1\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.9-0lenny2_mips.deb\n Size/MD5 checksum: 96578 72d433b5b9755ead0e9519140b7e4c17\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.9-0lenny2_mips.deb\n Size/MD5 checksum: 7635294 eab0a84b74f7a707722e6b593fa7fe45\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.9-0lenny2_mips.deb\n Size/MD5 checksum: 3303462 e35a5582f64f0b03baaf34344766286d\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.9-0lenny2_mips.deb\n Size/MD5 checksum: 69138 c0a61b85fd08547ef785f1ab664fc272\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.9-0lenny2_mipsel.deb\n Size/MD5 checksum: 222290 5d4e1c8a7defd4812f1cdc90c3376b79\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.9-0lenny2_mipsel.deb\n Size/MD5 checksum: 7366384 daadd45a701ee1372b13d04c479e8945\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.9-0lenny2_mipsel.deb\n Size/MD5 checksum: 896196 bb30cfb8930a0f56f007779a114d8cce\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.9-0lenny2_mipsel.deb\n Size/MD5 checksum: 144512 d9b0d61807107a8d6b6b9cd88ac78f2d\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.9-0lenny2_mipsel.deb\n Size/MD5 checksum: 96276 fdbf9354e6a7f13ffbdc15631425bedc\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.9-0lenny2_mipsel.deb\n Size/MD5 checksum: 49922418 08204077c0e28e67e8126b0a08bb5cfa\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.9-0lenny2_mipsel.deb\n Size/MD5 checksum: 3304646 31bdebd6c18527ac71407f9ffab254b9\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.9-0lenny2_mipsel.deb\n Size/MD5 checksum: 375296 2cff3b541b78c45eac1374b486f3185a\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.9-0lenny2_mipsel.deb\n Size/MD5 checksum: 69060 d8b85f76f874fcfba60dbdf88dfa1ba9\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.9-0lenny2_powerpc.deb\n Size/MD5 checksum: 885826 cd7a75d90beeedc19ed56cab418f9229\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.9-0lenny2_powerpc.deb\n Size/MD5 checksum: 359694 1a4bd1074a8d9e02af3d3e4ca6b6e184\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.9-0lenny2_powerpc.deb\n Size/MD5 checksum: 3576628 487af4934c26c9607f2c973211f9e893\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.9-0lenny2_powerpc.deb\n Size/MD5 checksum: 7282378 37d983a3b8ac149e3425f196a0a76cee\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.9-0lenny2_powerpc.deb\n Size/MD5 checksum: 222610 ed41ecc9d50a8e8cdb97f07c02d40635\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.9-0lenny2_powerpc.deb\n Size/MD5 checksum: 72514 cc2a157ba460b58ecb6d4bb1645463b0\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.9-0lenny2_powerpc.deb\n Size/MD5 checksum: 94214 4d9018798582ddf501e7e96fbb1cb52f\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.9-0lenny2_powerpc.deb\n Size/MD5 checksum: 51342054 ff91b365569570f23bdc050ef1b10aab\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.9-0lenny2_powerpc.deb\n Size/MD5 checksum: 152434 5de3549eb40701dcf4280395a9d46ef6\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.9-0lenny2_s390.deb\n Size/MD5 checksum: 222272 7520554f059b97d8107a70b9cb4c7d23\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.9-0lenny2_s390.deb\n Size/MD5 checksum: 3302468 4c4f9963496b1e03307c049d4d0c8d71\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.9-0lenny2_s390.deb\n Size/MD5 checksum: 8375790 f83467abcb35b7f21e36ae4dccfd2894\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.9-0lenny2_s390.deb\n Size/MD5 checksum: 404194 939a4ac485c2889a8d8cefc01b099c3c\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.9-0lenny2_s390.deb\n Size/MD5 checksum: 155590 ec7601e7165fb077dc49ad5106ccbbe8\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.9-0lenny2_s390.deb\n Size/MD5 checksum: 105062 d39129d6b2734ac40116873346998598\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.9-0lenny2_s390.deb\n Size/MD5 checksum: 51124872 12297ecc689f3b5271c83e741ec88f0b\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.9-0lenny2_s390.deb\n Size/MD5 checksum: 906520 aae8f82cb27c09cb33ed382c38c369fc\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.9-0lenny2_s390.deb\n Size/MD5 checksum: 72060 1d46777a0678c4e3e5d8fd2643109325\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.9-0lenny2_sparc.deb\n Size/MD5 checksum: 83282 3acccfab973fea6f2b78d9943c771b97\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.9-0lenny2_sparc.deb\n Size/MD5 checksum: 819016 51ece19aac73ae8ca1f6bd17334267ba\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.9-0lenny2_sparc.deb\n Size/MD5 checksum: 143104 c80a213a549b2720b5aa257c590487dd\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.9-0lenny2_sparc.deb\n Size/MD5 checksum: 49311996 719762824e3ea8e87311872457dbe714\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.9-0lenny2_sparc.deb\n Size/MD5 checksum: 3573006 993e514fcf0bbea88f945b12ced5677c\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.9-0lenny2_sparc.deb\n Size/MD5 checksum: 69290 2f1e603498b14c1ff42a7b7dad8896b7\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.9-0lenny2_sparc.deb\n Size/MD5 checksum: 7160766 f33069ea4089317a616f12fbe1a4bbd0\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.9-0lenny2_sparc.deb\n Size/MD5 checksum: 222422 225e2f431d1ca2358737199b383b065d\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.9-0lenny2_sparc.deb\n Size/MD5 checksum: 347584 5cfa8a467e38c4fdfbaa941da15ef737\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2009-05-09T13:00:52", "published": "2009-05-09T13:00:52", "id": "DEBIAN:DSA-1797-1:07D8B", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00108.html", "title": "[SECURITY] [DSA 1797-1] New xulrunner packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
