ID OPENVAS:136141256231066623 Type openvas Reporter Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com Modified 2018-04-06T00:00:00
Description
The remote host is missing updates to seamonkey announced in
advisory CESA-2009:1673.
#CESA-2009:1673 66623 2
# $Id: ovcesa2009_1673.nasl 9350 2018-04-06 07:03:33Z cfischer $
# Description: Auto-generated from advisory CESA-2009:1673 (seamonkey)
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "For details on the issues addressed in this update,
please visit the referenced security advisories.";
tag_solution = "Update the appropriate packages on your system.
http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1673
http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1673
https://rhn.redhat.com/errata/RHSA-2009-1673.html";
tag_summary = "The remote host is missing updates to seamonkey announced in
advisory CESA-2009:1673.";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.66623");
script_version("$Revision: 9350 $");
script_tag(name:"last_modification", value:"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $");
script_tag(name:"creation_date", value:"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)");
script_cve_id("CVE-2009-3979", "CVE-2009-3983", "CVE-2009-3984");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_name("CentOS Security Advisory CESA-2009:1673 (seamonkey)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-rpm.inc");
res = "";
report = "";
if ((res = isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~1.0.9~51.el4.centos", rls:"CentOS4")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"seamonkey-chat", rpm:"seamonkey-chat~1.0.9~51.el4.centos", rls:"CentOS4")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"seamonkey-devel", rpm:"seamonkey-devel~1.0.9~51.el4.centos", rls:"CentOS4")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"seamonkey-dom-inspector", rpm:"seamonkey-dom-inspector~1.0.9~51.el4.centos", rls:"CentOS4")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"seamonkey-js-debugger", rpm:"seamonkey-js-debugger~1.0.9~51.el4.centos", rls:"CentOS4")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"seamonkey-mail", rpm:"seamonkey-mail~1.0.9~51.el4.centos", rls:"CentOS4")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:136141256231066623", "type": "openvas", "bulletinFamily": "scanner", "title": "CentOS Security Advisory CESA-2009:1673 (seamonkey)", "description": "The remote host is missing updates to seamonkey announced in\nadvisory CESA-2009:1673.", "published": "2009-12-30T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066623", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3983"], "lastseen": "2018-04-06T11:37:16", "viewCount": 1, "enchantments": {"score": {"value": 8.6, "vector": "NONE", "modified": "2018-04-06T11:37:16", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3984", "CVE-2009-3979", "CVE-2009-3983"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231066536", "OPENVAS:1361412562310122407", "OPENVAS:840361", "OPENVAS:66536", "OPENVAS:136141256231066594", "OPENVAS:1361412562310880773", "OPENVAS:880773", "OPENVAS:66623", "OPENVAS:66605", "OPENVAS:136141256231066537"]}, {"type": "nessus", "idList": ["UBUNTU_USN-873-1.NASL", "CENTOS_RHSA-2009-1674.NASL", "SUSE_MOZILLA-XULRUNNER190-6734.NASL", "DEBIAN_DSA-1956.NASL", "REDHAT-RHSA-2009-1674.NASL", "SUSE_11_1_MOZILLAFIREFOX-091221.NASL", "SUSE_MOZILLA-XULRUNNER190-6736.NASL", "SUSE_11_MOZILLA-XULRUNNER190-091217.NASL", "SL_20091215_SEAMONKEY_ON_SL3_X.NASL", "UBUNTU_USN-877-1.NASL"]}, {"type": "redhat", "idList": ["RHSA-2009:1673", "RHSA-2009:1674"]}, {"type": "centos", "idList": ["CESA-2009:1673", "CESA-2009:1674"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1674", "ELSA-2009-1673"]}, {"type": "ubuntu", "idList": ["USN-877-1", "USN-873-1", "USN-878-1", "USN-874-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1956-1:B3844"]}, {"type": "seebug", "idList": ["SSV:15106"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22960", "SECURITYVULNS:DOC:22959", "SECURITYVULNS:VULN:10481"]}, {"type": "freebsd", "idList": ["01C57D20-EA26-11DE-BD39-00248C9B4BE7"]}, {"type": "suse", "idList": ["SUSE-SA:2009:063"]}], "modified": "2018-04-06T11:37:16", "rev": 2}, "vulnersScore": 8.6}, "pluginID": "136141256231066623", "sourceData": "#CESA-2009:1673 66623 2\n# $Id: ovcesa2009_1673.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1673 (seamonkey)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1673\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1673\nhttps://rhn.redhat.com/errata/RHSA-2009-1673.html\";\ntag_summary = \"The remote host is missing updates to seamonkey announced in\nadvisory CESA-2009:1673.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66623\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-3979\", \"CVE-2009-3983\", \"CVE-2009-3984\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1673 (seamonkey)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~51.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~51.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~51.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~51.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~51.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~51.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "CentOS Local Security Checks"}
{"cve": [{"lastseen": "2020-12-09T19:31:23", "description": "Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body.", "edition": 5, "cvss3": {}, "published": "2009-12-17T17:30:00", "title": "CVE-2009-3984", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3984"], "modified": "2017-09-19T01:29:00", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:seamonkey:1.0.99", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:0.4", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:firefox:2.0_.10", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:0.5", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:2.0.0.21", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:firefox:2.0_.4", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:firefox:1.8", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:2.0_.6", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:firefox:0.6", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:firefox:2.0_8", "cpe:/a:mozilla:firefox:2.0_.7", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:2.0_.1", "cpe:/a:mozilla:seamonkey:2.0a1pre", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:firefox:0.1", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:seamonkey:2.0a1", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:firefox:0.2", "cpe:/a:mozilla:firefox:0.7", "cpe:/a:mozilla:firefox:1.4.1", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:0.7.1", "cpe:/a:mozilla:firefox:2.0_.9", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:*", "cpe:/a:mozilla:firefox:2.0_.5", "cpe:/a:mozilla:firefox:0.6.1", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:firefox:0.3", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2009-3984", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3984", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.99:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0_.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0_.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0_.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0_.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0_.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0a1:*:pre:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0_.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0_8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0_.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0a1pre:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:31:23", "description": "Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.", "edition": 5, "cvss3": {}, "published": "2009-12-17T17:30:00", "title": "CVE-2009-3983", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3983"], "modified": "2017-09-19T01:29:00", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:seamonkey:1.0.99", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:0.4", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:firefox:2.0_.10", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:0.5", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:2.0.0.21", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:firefox:2.0_.4", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:firefox:1.8", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:2.0_.6", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:firefox:0.6", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:firefox:2.0_8", "cpe:/a:mozilla:firefox:2.0_.7", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:2.0_.1", "cpe:/a:mozilla:seamonkey:2.0a1pre", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:firefox:0.1", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:seamonkey:2.0a1", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:firefox:0.2", "cpe:/a:mozilla:firefox:0.7", "cpe:/a:mozilla:firefox:1.4.1", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:0.7.1", "cpe:/a:mozilla:firefox:2.0_.9", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:*", "cpe:/a:mozilla:firefox:2.0_.5", "cpe:/a:mozilla:firefox:0.6.1", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:firefox:0.3", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2009-3983", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3983", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.99:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0_.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0_.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0_.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0_.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0_.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0a1:*:pre:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0_.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0_8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0_.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0a1pre:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:31:23", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "edition": 5, "cvss3": {}, "published": "2009-12-17T17:30:00", "title": "CVE-2009-3979", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3979"], "modified": "2017-09-19T01:29:00", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:seamonkey:1.0.99", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:0.4", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:firefox:2.0_.10", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:0.5", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:2.0.0.21", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:firefox:2.0_.4", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:firefox:1.8", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:2.0_.6", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:firefox:0.6", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:firefox:2.0_8", "cpe:/a:mozilla:firefox:2.0_.7", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:2.0_.1", "cpe:/a:mozilla:seamonkey:2.0a1pre", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:firefox:0.1", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:seamonkey:2.0a1", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:firefox:0.2", "cpe:/a:mozilla:firefox:0.7", "cpe:/a:mozilla:firefox:1.4.1", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:0.7.1", "cpe:/a:mozilla:firefox:2.0_.9", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:firefox:2.0_.5", "cpe:/a:mozilla:firefox:0.6.1", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:firefox:0.3", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2009-3979", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3979", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.99:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0_.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0_.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0_.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0_.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0_.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0a1:*:pre:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0_.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0_8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0_.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0a1pre:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-25T10:56:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3983"], "description": "The remote host is missing updates to seamonkey announced in\nadvisory CESA-2009:1673.", "modified": "2017-07-10T00:00:00", "published": "2009-12-30T00:00:00", "id": "OPENVAS:66623", "href": "http://plugins.openvas.org/nasl.php?oid=66623", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1673 (seamonkey)", "sourceData": "#CESA-2009:1673 66623 2\n# $Id: ovcesa2009_1673.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1673 (seamonkey)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1673\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1673\nhttps://rhn.redhat.com/errata/RHSA-2009-1673.html\";\ntag_summary = \"The remote host is missing updates to seamonkey announced in\nadvisory CESA-2009:1673.\";\n\n\n\nif(description)\n{\n script_id(66623);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-3979\", \"CVE-2009-3983\", \"CVE-2009-3984\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1673 (seamonkey)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~51.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~51.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~51.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~51.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~51.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~51.el4.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3983"], "description": "Check for the Version of seamonkey", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880773", "href": "http://plugins.openvas.org/nasl.php?oid=880773", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2009:1673 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2009:1673 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, email and newsgroup client, IRC\n chat client, and HTML editor.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n SeaMonkey. (CVE-2009-3979)\n \n A flaw was found in the SeaMonkey NT Lan Manager (NTLM) authentication\n protocol implementation. If an attacker could trick a local user that has\n NTLM credentials into visiting a specially-crafted web page, they could\n send arbitrary requests, authenticated with the user's NTLM credentials, to\n other applications on the user's system. (CVE-2009-3983)\n \n A flaw was found in the way SeaMonkey displayed the SSL location bar\n indicator. An attacker could create an unencrypted web page that appears\n to be encrypted, possibly tricking the user into believing they are\n visiting a secure page. (CVE-2009-3984)\n \n All SeaMonkey users should upgrade to these updated packages, which correct\n these issues. After installing the update, SeaMonkey must be restarted for\n the changes to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"seamonkey on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-December/016395.html\");\n script_id(880773);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1673\");\n script_cve_id(\"CVE-2009-3979\", \"CVE-2009-3983\", \"CVE-2009-3984\");\n script_name(\"CentOS Update for seamonkey CESA-2009:1673 centos4 i386\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~51.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~51.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~51.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~51.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~51.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~51.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3983"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1673.\n\nSeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3979)\n\nA flaw was found in the SeaMonkey NT Lan Manager (NTLM) authentication\nprotocol implementation. If an attacker could trick a local user that has\nNTLM credentials into visiting a specially-crafted web page, they could\nsend arbitrary requests, authenticated with the user's NTLM credentials, to\nother applications on the user's system. (CVE-2009-3983)\n\nA flaw was found in the way SeaMonkey displayed the SSL location bar\nindicator. An attacker could create an unencrypted web page that appears\nto be encrypted, possibly tricking the user into believing they are\nvisiting a secure page. (CVE-2009-3984)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.", "modified": "2018-04-06T00:00:00", "published": "2009-12-30T00:00:00", "id": "OPENVAS:136141256231066536", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066536", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1673", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1673.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1673 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1673.\n\nSeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3979)\n\nA flaw was found in the SeaMonkey NT Lan Manager (NTLM) authentication\nprotocol implementation. If an attacker could trick a local user that has\nNTLM credentials into visiting a specially-crafted web page, they could\nsend arbitrary requests, authenticated with the user's NTLM credentials, to\nother applications on the user's system. (CVE-2009-3983)\n\nA flaw was found in the way SeaMonkey displayed the SSL location bar\nindicator. An attacker could create an unencrypted web page that appears\nto be encrypted, possibly tricking the user into believing they are\nvisiting a secure page. (CVE-2009-3984)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66536\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-3979\", \"CVE-2009-3983\", \"CVE-2009-3984\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1673\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1673.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.48.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.48.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~0.48.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.48.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.48.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.48.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.48.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.48.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.48.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.48.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.48.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~51.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~51.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~51.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~51.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~51.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~51.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~51.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3983"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1673.\n\nSeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3979)\n\nA flaw was found in the SeaMonkey NT Lan Manager (NTLM) authentication\nprotocol implementation. If an attacker could trick a local user that has\nNTLM credentials into visiting a specially-crafted web page, they could\nsend arbitrary requests, authenticated with the user's NTLM credentials, to\nother applications on the user's system. (CVE-2009-3983)\n\nA flaw was found in the way SeaMonkey displayed the SSL location bar\nindicator. An attacker could create an unencrypted web page that appears\nto be encrypted, possibly tricking the user into believing they are\nvisiting a secure page. (CVE-2009-3984)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.", "modified": "2017-07-12T00:00:00", "published": "2009-12-30T00:00:00", "id": "OPENVAS:66536", "href": "http://plugins.openvas.org/nasl.php?oid=66536", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1673", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1673.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1673 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1673.\n\nSeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3979)\n\nA flaw was found in the SeaMonkey NT Lan Manager (NTLM) authentication\nprotocol implementation. If an attacker could trick a local user that has\nNTLM credentials into visiting a specially-crafted web page, they could\nsend arbitrary requests, authenticated with the user's NTLM credentials, to\nother applications on the user's system. (CVE-2009-3983)\n\nA flaw was found in the way SeaMonkey displayed the SSL location bar\nindicator. An attacker could create an unencrypted web page that appears\nto be encrypted, possibly tricking the user into believing they are\nvisiting a secure page. (CVE-2009-3984)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(66536);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-3979\", \"CVE-2009-3983\", \"CVE-2009-3984\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1673\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1673.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.48.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.48.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~0.48.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.48.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.48.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.48.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.48.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.48.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.48.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.48.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.48.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~51.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~51.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~51.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~51.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~51.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~51.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~51.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3983"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880773", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880773", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2009:1673 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2009:1673 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-December/016395.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880773\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1673\");\n script_cve_id(\"CVE-2009-3979\", \"CVE-2009-3983\", \"CVE-2009-3984\");\n script_name(\"CentOS Update for seamonkey CESA-2009:1673 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'seamonkey'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"seamonkey on CentOS 4\");\n script_tag(name:\"insight\", value:\"SeaMonkey is an open source Web browser, email and newsgroup client, IRC\n chat client, and HTML editor.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n SeaMonkey. (CVE-2009-3979)\n\n A flaw was found in the SeaMonkey NT Lan Manager (NTLM) authentication\n protocol implementation. If an attacker could trick a local user that has\n NTLM credentials into visiting a specially-crafted web page, they could\n send arbitrary requests, authenticated with the user's NTLM credentials, to\n other applications on the user's system. (CVE-2009-3983)\n\n A flaw was found in the way SeaMonkey displayed the SSL location bar\n indicator. An attacker could create an unencrypted web page that appears\n to be encrypted, possibly tricking the user into believing they are\n visiting a secure page. (CVE-2009-3984)\n\n All SeaMonkey users should upgrade to these updated packages, which correct\n these issues. After installing the update, SeaMonkey must be restarted for\n the changes to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~51.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~51.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~51.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~51.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~51.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~51.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3981", "CVE-2009-3986", "CVE-2009-3983", "CVE-2009-3985"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880843", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880843", "type": "openvas", "title": "CentOS Update for firefox CESA-2009:1674 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2009:1674 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-December/016391.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880843\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1674\");\n script_cve_id(\"CVE-2009-3979\", \"CVE-2009-3981\", \"CVE-2009-3983\", \"CVE-2009-3984\", \"CVE-2009-3985\", \"CVE-2009-3986\");\n script_name(\"CentOS Update for firefox CESA-2009:1674 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 5\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source Web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986)\n\n A flaw was found in the Firefox NT Lan Manager (NTLM) authentication\n protocol implementation. If an attacker could trick a local user that has\n NTLM credentials into visiting a specially-crafted web page, they could\n send arbitrary requests, authenticated with the user's NTLM credentials, to\n other applications on the user's system. (CVE-2009-3983)\n\n A flaw was found in the way Firefox displayed the SSL location bar\n indicator. An attacker could create an unencrypted web page that appears to\n be encrypted, possibly tricking the user into believing they are visiting a\n secure page. (CVE-2009-3984)\n\n A flaw was found in the way Firefox displayed blank pages after a user\n navigates to an invalid address. If a user visits an attacker-controlled\n web page that results in a blank page, the attacker could inject content\n into that blank page, possibly tricking the user into believing they are\n viewing a legitimate page. (CVE-2009-3985)\n\n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 3.0.16. You can find a link to the Mozilla\n advisories in the References section of this errata.\n\n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 3.0.16, which corrects these issues. After installing the\n update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.16~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.0.16~2.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~1.9.0.16~2.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel-unstable\", rpm:\"xulrunner-devel-unstable~1.9.0.16~2.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3981", "CVE-2009-3986", "CVE-2009-3983", "CVE-2009-3985"], "description": "Check for the Version of firefox", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880876", "href": "http://plugins.openvas.org/nasl.php?oid=880876", "type": "openvas", "title": "CentOS Update for firefox CESA-2009:1674 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2009:1674 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986)\n \n A flaw was found in the Firefox NT Lan Manager (NTLM) authentication\n protocol implementation. If an attacker could trick a local user that has\n NTLM credentials into visiting a specially-crafted web page, they could\n send arbitrary requests, authenticated with the user's NTLM credentials, to\n other applications on the user's system. (CVE-2009-3983)\n \n A flaw was found in the way Firefox displayed the SSL location bar\n indicator. An attacker could create an unencrypted web page that appears to\n be encrypted, possibly tricking the user into believing they are visiting a\n secure page. (CVE-2009-3984)\n \n A flaw was found in the way Firefox displayed blank pages after a user\n navigates to an invalid address. If a user visits an attacker-controlled\n web page that results in a blank page, the attacker could inject content\n into that blank page, possibly tricking the user into believing they are\n viewing a legitimate page. (CVE-2009-3985)\n \n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 3.0.16. You can find a link to the Mozilla\n advisories in the References section of this errata.\n \n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 3.0.16, which corrects these issues. After installing the\n update, Firefox must be restarted for the changes to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"firefox on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-December/016397.html\");\n script_id(880876);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1674\");\n script_cve_id(\"CVE-2009-3979\", \"CVE-2009-3981\", \"CVE-2009-3983\", \"CVE-2009-3984\", \"CVE-2009-3985\", \"CVE-2009-3986\");\n script_name(\"CentOS Update for firefox CESA-2009:1674 centos4 i386\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.16~4.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3981", "CVE-2009-3986", "CVE-2009-3983", "CVE-2009-3985"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-877-1", "modified": "2017-12-25T00:00:00", "published": "2010-01-15T00:00:00", "id": "OPENVAS:1361412562310840361", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840361", "type": "openvas", "title": "Ubuntu Update for firefox-3.0, xulrunner-1.9 regression USN-877-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_877_1.nasl 8244 2017-12-25 07:29:28Z teissa $\n#\n# Ubuntu Update for firefox-3.0, xulrunner-1.9 regression USN-877-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-873-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream\n changes introduced a regression when using NTLM authentication. This update\n fixes the problem and added additional stability fixes.\n\n We apologize for the inconvenience.\n \n Original advisory details:\n \n Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and\n David James discovered several flaws in the browser and JavaScript engines\n of Firefox. If a user were tricked into viewing a malicious website, a\n remote attacker could cause a denial of service or possibly execute\n arbitrary code with the privileges of the user invoking the program.\n (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986)\n \n Takehiro Takahashi discovered flaws in the NTLM implementation in Firefox.\n If an NTLM authenticated user visited a malicious website, a remote\n attacker could send requests to other applications, authenticated as the\n user. (CVE-2009-3983)\n \n Jonathan Morgan discovered that Firefox did not properly display SSL\n indicators under certain circumstances. This could be used by an attacker\n to spoof an encrypted page, such as in a phishing attack. (CVE-2009-3984)\n \n Jordi Chancel discovered that Firefox did not properly display invalid URLs\n for a blank page. If a user were tricked into accessing a malicious\n website, an attacker could exploit this to spoof the location bar, such as\n in a phishing attack. (CVE-2009-3985)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-877-1\";\ntag_affected = \"firefox-3.0, xulrunner-1.9 regression on Ubuntu 8.04 LTS ,\n Ubuntu 8.10 ,\n Ubuntu 9.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-877-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840361\");\n script_version(\"$Revision: 8244 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 08:29:28 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-15 10:29:41 +0100 (Fri, 15 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"877-1\");\n script_cve_id(\"CVE-2009-3979\", \"CVE-2009-3981\", \"CVE-2009-3986\", \"CVE-2009-3983\", \"CVE-2009-3984\", \"CVE-2009-3985\");\n script_name(\"Ubuntu Update for firefox-3.0, xulrunner-1.9 regression USN-877-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"abrowser\", ver:\"3.0-branding_3.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0-branding_3.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0-dev_3.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0-gnome-support_3.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0_3.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.9-dev_1.9.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.9-gnome-support_1.9.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.9_1.9.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"1.9.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"abrowser\", ver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dev\", ver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-trunk-dev\", ver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0-dom-inspector_3.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0-venkman_3.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dom-inspector\", ver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-granparadiso-gnome-support\", ver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-granparadiso\", ver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-trunk-dom-inspector\", ver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-trunk-gnome-support\", ver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-trunk-venkman\", ver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-trunk\", ver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.9-dom-inspector_1.9.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.9-venkman_1.9.0.17+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"abrowser\", ver:\"3.0-branding_3.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0-branding_3.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0-dev_3.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0-gnome-support_3.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0_3.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.9-dev_1.9.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.9-gnome-support_1.9.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.9_1.9.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"1.9.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"abrowser\", ver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dev\", ver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-trunk-dev\", ver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0-dom-inspector_3.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0-venkman_3.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dom-inspector\", ver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-granparadiso-gnome-support\", ver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-granparadiso\", ver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-trunk-dom-inspector\", ver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-trunk-gnome-support\", ver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-trunk-venkman\", ver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-trunk\", ver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.9-dom-inspector_1.9.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.9-venkman_1.9.0.17+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0-dev_3.0.17+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0-gnome-support_3.0.17+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0_3.0.17+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.9-dev_1.9.0.17+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.9-gnome-support_1.9.0.17+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.9_1.9.0.17+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dev\", ver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-trunk-dev\", ver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0-dom-inspector_3.0.17+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0-venkman_3.0.17+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dom-inspector\", ver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-granparadiso-gnome-support\", ver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-granparadiso\", ver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-trunk-dom-inspector\", ver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-trunk-gnome-support\", ver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-trunk-venkman\", ver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-trunk\", ver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.9-dom-inspector_1.9.0.17+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.9-venkman_1.9.0.17+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:30:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3981", "CVE-2009-3986", "CVE-2009-3983", "CVE-2009-3985"], "description": "The remote host is missing an update to xulrunner-1.9\nannounced via advisory USN-873-1.", "modified": "2017-12-01T00:00:00", "published": "2009-12-30T00:00:00", "id": "OPENVAS:66605", "href": "http://plugins.openvas.org/nasl.php?oid=66605", "type": "openvas", "title": "Ubuntu USN-873-1 (xulrunner-1.9)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_873_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_873_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-873-1 (xulrunner-1.9)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 8.04 LTS:\n firefox-3.0 3.0.16+nobinonly-0ubuntu0.8.04.1\n xulrunner-1.9 1.9.0.16+nobinonly-0ubuntu0.8.04.1\n\nUbuntu 8.10:\n abrowser 3.0.16+nobinonly-0ubuntu0.8.10.1\n firefox-3.0 3.0.16+nobinonly-0ubuntu0.8.10.1\n xulrunner-1.9 1.9.0.16+nobinonly-0ubuntu0.8.10.1\n\nUbuntu 9.04:\n abrowser 3.0.16+nobinonly-0ubuntu0.9.04.1\n firefox-3.0 3.0.16+nobinonly-0ubuntu0.9.04.1\n xulrunner-1.9 1.9.0.16+nobinonly-0ubuntu0.9.04.1\n\nAfter a standard system upgrade you need to restart Firefox and any\napplications that use xulrunner to effect the necessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-873-1\";\n\ntag_insight = \"Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and\nDavid James discovered several flaws in the browser and JavaScript engines\nof Firefox. If a user were tricked into viewing a malicious website, a\nremote attacker could cause a denial of service or possibly execute\narbitrary code with the privileges of the user invoking the program.\n(CVE-2009-3979, CVE-2009-3981, CVE-2009-3986)\n\nTakehiro Takahashi discovered flaws in the NTLM implementation in Firefox.\nIf an NTLM authenticated user visited a malicious website, a remote\nattacker could send requests to other applications, authenticated as the\nuser. (CVE-2009-3983)\n\nJonathan Morgan discovered that Firefox did not properly display SSL\nindicators under certain circumstances. This could be used by an attacker\nto spoof an encrypted page, such as in a phishing attack. (CVE-2009-3984)\n\nJordi Chancel discovered that Firefox did not properly display invalid URLs\nfor a blank page. If a user were tricked into accessing a malicious\nwebsite, an attacker could exploit this to spoof the location bar, such as\nin a phishing attack. (CVE-2009-3985)\";\ntag_summary = \"The remote host is missing an update to xulrunner-1.9\nannounced via advisory USN-873-1.\";\n\n \n\n\nif(description)\n{\n script_id(66605);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-3979\", \"CVE-2009-3981\", \"CVE-2009-3983\", \"CVE-2009-3984\", \"CVE-2009-3985\", \"CVE-2009-3986\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-873-1 (xulrunner-1.9)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-873-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"3.0.16+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"3.0.16+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dev\", ver:\"3.0.16+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dev\", ver:\"3.0.16+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0.16+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dom-inspector\", ver:\"3.0.16+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-venkman\", ver:\"3.0.16+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"3.0.16+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dom-inspector\", ver:\"3.0.16+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-gnome-support\", ver:\"3.0.16+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso\", ver:\"3.0.16+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"3.0.16+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dom-inspector\", ver:\"3.0.16+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-gnome-support\", ver:\"3.0.16+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-venkman\", ver:\"3.0.16+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk\", ver:\"3.0.16+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dom-inspector\", ver:\"1.9.0.16+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-venkman\", ver:\"1.9.0.16+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dev\", ver:\"3.0.16+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-gnome-support\", ver:\"3.0.16+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0\", ver:\"3.0.16+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dev\", ver:\"1.9.0.16+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-gnome-support\", ver:\"1.9.0.16+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9\", ver:\"1.9.0.16+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abrowser\", ver:\"3.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"3.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"3.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dev\", ver:\"3.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dev\", ver:\"3.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dom-inspector\", ver:\"3.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-venkman\", ver:\"3.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"3.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dom-inspector\", ver:\"3.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-gnome-support\", ver:\"3.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso\", ver:\"3.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"3.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dom-inspector\", ver:\"3.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-gnome-support\", ver:\"3.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-venkman\", ver:\"3.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk\", ver:\"3.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dom-inspector\", ver:\"1.9.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-venkman\", ver:\"1.9.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abrowser-3.0-branding\", ver:\"3.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-branding\", ver:\"3.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dev\", ver:\"3.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-gnome-support\", ver:\"3.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0\", ver:\"3.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dev\", ver:\"1.9.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-gnome-support\", ver:\"1.9.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9\", ver:\"1.9.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"1.9.0.16+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abrowser\", ver:\"3.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"3.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"3.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dev\", ver:\"3.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dev\", ver:\"3.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dom-inspector\", ver:\"3.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-venkman\", ver:\"3.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"3.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dom-inspector\", ver:\"3.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-gnome-support\", ver:\"3.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso\", ver:\"3.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"3.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dom-inspector\", ver:\"3.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-gnome-support\", ver:\"3.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-venkman\", ver:\"3.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk\", ver:\"3.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dom-inspector\", ver:\"1.9.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-venkman\", ver:\"1.9.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abrowser-3.0-branding\", ver:\"3.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-branding\", ver:\"3.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dev\", ver:\"3.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-gnome-support\", ver:\"3.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0\", ver:\"3.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dev\", ver:\"1.9.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-gnome-support\", ver:\"1.9.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9\", ver:\"1.9.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"1.9.0.16+nobinonly-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3981", "CVE-2009-3986", "CVE-2009-3983", "CVE-2009-3985"], "description": "The remote host is missing an update to xulrunner\nannounced via advisory DSA 1956-1.", "modified": "2018-04-06T00:00:00", "published": "2009-12-30T00:00:00", "id": "OPENVAS:136141256231066594", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066594", "type": "openvas", "title": "Debian Security Advisory DSA 1956-1 (xulrunner)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1956_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1956-1 (xulrunner)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2009-3986:\n\nDavid James discovered that the window.opener property allows Chrome\nprivilege escalation.\n\nCVE-2009-3985:\n\nJordi Chanel discovered a spoofing vulnerability of the URL location bar\nusing the document.location property.\n\nCVE-2009-3984:\n\nJonathan Morgan discovered that the icon indicating a secure connection\ncould be spoofed through the document.location property.\n\nCVE-2009-3983:\n\nTakehiro Takahashi discovered that the NTLM implementaion is vulnerable\nto reflection attacks.\n\nCVE-2009-3981:\n\nJesse Ruderman discovered a crash in the layout engine, which might allow\nthe execution of arbitrary code.\n\nCVE-2009-3979:\n\nJesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel and Olli Pettay\ndiscovered crashes in the layout engine, which might allow the execution\nof arbitrary code.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.16-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.1.6-1.\n\nWe recommend that you upgrade your xulrunner packages.\";\ntag_summary = \"The remote host is missing an update to xulrunner\nannounced via advisory DSA 1956-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201956-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66594\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-3986\", \"CVE-2009-3985\", \"CVE-2009-3984\", \"CVE-2009-3983\", \"CVE-2009-3981\", \"CVE-2009-3979\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1956-1 (xulrunner)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmozillainterfaces-java\", ver:\"1.9.0.16-1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dbg\", ver:\"1.9.0.16-1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs1d\", ver:\"1.9.0.16-1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9\", ver:\"1.9.0.16-1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs1d-dbg\", ver:\"1.9.0.16-1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"1.9.0.16-1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-xpcom\", ver:\"1.9.0.16-1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"1.9.0.16-1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"1.9.0.16-1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-gnome-support\", ver:\"1.9.0.16-1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:52", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3983"], "description": "[1.0.9-51.0.1.el4_8]\n- Added mozilla-oracle-default-prefs.js and mozilla-oracle-default-bookmarks.html\n and removed corresponding RedHat ones\n[1.0.9-51.el4]\n- Added fixes from 1.9.0.16 ", "edition": 4, "modified": "2009-12-16T00:00:00", "published": "2009-12-16T00:00:00", "id": "ELSA-2009-1673", "href": "http://linux.oracle.com/errata/ELSA-2009-1673.html", "title": "seamonkey security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:42", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3981", "CVE-2009-3986", "CVE-2009-3983", "CVE-2009-3985"], "description": "firefox:\n[3.0.16-1.0.1.el5_4]\n- Update firstrun and homepage URLs in specfile\n- Added patch oracle-firefox-branding.patch\n- Added firefox-oracle-default-prefs.js/firefox-oracle-default-bookmarks.html\n and removed the corresponding Red Hat ones\n[3.0.16-1]\n- Update to 3.0.16\nxulrunner:\n[1.9.0.16-2.0.1.el5_4]\n- Added xulrunner-oracle-default-prefs.js and removed the corresponding\n RedHat one.\n[1.9.0.16-2]\n- Rebuild due to Mozilla's respin\n[1.9.0.16-1]\n- Update to 1.9.0.16 ", "edition": 4, "modified": "2009-12-16T00:00:00", "published": "2009-12-16T00:00:00", "id": "ELSA-2009-1674", "href": "http://linux.oracle.com/errata/ELSA-2009-1674.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:03", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3979", "CVE-2009-3983", "CVE-2009-3984"], "description": "SeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3979)\n\nA flaw was found in the SeaMonkey NT Lan Manager (NTLM) authentication\nprotocol implementation. If an attacker could trick a local user that has\nNTLM credentials into visiting a specially-crafted web page, they could\nsend arbitrary requests, authenticated with the user's NTLM credentials, to\nother applications on the user's system. (CVE-2009-3983)\n\nA flaw was found in the way SeaMonkey displayed the SSL location bar\nindicator. An attacker could create an unencrypted web page that appears\nto be encrypted, possibly tricking the user into believing they are\nvisiting a secure page. (CVE-2009-3984)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.", "modified": "2018-05-26T04:26:17", "published": "2009-12-15T05:00:00", "id": "RHSA-2009:1673", "href": "https://access.redhat.com/errata/RHSA-2009:1673", "type": "redhat", "title": "(RHSA-2009:1673) Critical: seamonkey security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:56", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3979", "CVE-2009-3981", "CVE-2009-3983", "CVE-2009-3984", "CVE-2009-3985", "CVE-2009-3986"], "description": "Mozilla Firefox is an open source Web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986)\n\nA flaw was found in the Firefox NT Lan Manager (NTLM) authentication\nprotocol implementation. If an attacker could trick a local user that has\nNTLM credentials into visiting a specially-crafted web page, they could\nsend arbitrary requests, authenticated with the user's NTLM credentials, to\nother applications on the user's system. (CVE-2009-3983)\n\nA flaw was found in the way Firefox displayed the SSL location bar\nindicator. An attacker could create an unencrypted web page that appears to\nbe encrypted, possibly tricking the user into believing they are visiting a\nsecure page. (CVE-2009-3984)\n\nA flaw was found in the way Firefox displayed blank pages after a user\nnavigates to an invalid address. If a user visits an attacker-controlled\nweb page that results in a blank page, the attacker could inject content\ninto that blank page, possibly tricking the user into believing they are\nviewing a legitimate page. (CVE-2009-3985)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.0.16. You can find a link to the Mozilla\nadvisories in the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.0.16, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.", "modified": "2017-09-08T12:10:59", "published": "2009-12-16T05:00:00", "id": "RHSA-2009:1674", "href": "https://access.redhat.com/errata/RHSA-2009:1674", "type": "redhat", "title": "(RHSA-2009:1674) Critical: firefox security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:27:22", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3983"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1673\n\n\nSeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2009-3979)\n\nA flaw was found in the SeaMonkey NT Lan Manager (NTLM) authentication\nprotocol implementation. If an attacker could trick a local user that has\nNTLM credentials into visiting a specially-crafted web page, they could\nsend arbitrary requests, authenticated with the user's NTLM credentials, to\nother applications on the user's system. (CVE-2009-3983)\n\nA flaw was found in the way SeaMonkey displayed the SSL location bar\nindicator. An attacker could create an unencrypted web page that appears\nto be encrypted, possibly tricking the user into believing they are\nvisiting a secure page. (CVE-2009-3984)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/028433.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/028434.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1673.html", "edition": 3, "modified": "2009-12-18T19:04:42", "published": "2009-12-18T19:04:27", "href": "http://lists.centos.org/pipermail/centos-announce/2009-December/028433.html", "id": "CESA-2009:1673", "title": "seamonkey security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-22T12:39:09", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3981", "CVE-2009-3986", "CVE-2009-3983", "CVE-2009-3985"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1674\n\n\nMozilla Firefox is an open source Web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986)\n\nA flaw was found in the Firefox NT Lan Manager (NTLM) authentication\nprotocol implementation. If an attacker could trick a local user that has\nNTLM credentials into visiting a specially-crafted web page, they could\nsend arbitrary requests, authenticated with the user's NTLM credentials, to\nother applications on the user's system. (CVE-2009-3983)\n\nA flaw was found in the way Firefox displayed the SSL location bar\nindicator. An attacker could create an unencrypted web page that appears to\nbe encrypted, possibly tricking the user into believing they are visiting a\nsecure page. (CVE-2009-3984)\n\nA flaw was found in the way Firefox displayed blank pages after a user\nnavigates to an invalid address. If a user visits an attacker-controlled\nweb page that results in a blank page, the attacker could inject content\ninto that blank page, possibly tricking the user into believing they are\nviewing a legitimate page. (CVE-2009-3985)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.0.16. You can find a link to the Mozilla\nadvisories in the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.0.16, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/028429.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/028430.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/028435.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/028436.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\nxulrunner-devel-unstable\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1674.html", "edition": 5, "modified": "2009-12-18T19:06:57", "published": "2009-12-18T02:04:10", "href": "http://lists.centos.org/pipermail/centos-announce/2009-December/028429.html", "id": "CESA-2009:1674", "title": "firefox, xulrunner security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-17T13:44:36", "description": "Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running SeaMonkey. (CVE-2009-3979)\n\nA flaw was found in the SeaMonkey NT Lan Manager (NTLM) authentication\nprotocol implementation. If an attacker could trick a local user that\nhas NTLM credentials into visiting a specially crafted web page, they\ncould send arbitrary requests, authenticated with the user's NTLM\ncredentials, to other applications on the user's system.\n(CVE-2009-3983)\n\nA flaw was found in the way SeaMonkey displayed the SSL location bar\nindicator. An attacker could create an unencrypted web page that\nappears to be encrypted, possibly tricking the user into believing\nthey are visiting a secure page. (CVE-2009-3984)\n\nAfter installing the update, SeaMonkey must be restarted for the\nchanges to take effect.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3983"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20091215_SEAMONKEY_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60707", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60707);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3979\", \"CVE-2009-3983\", \"CVE-2009-3984\");\n\n script_name(english:\"Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running SeaMonkey. (CVE-2009-3979)\n\nA flaw was found in the SeaMonkey NT Lan Manager (NTLM) authentication\nprotocol implementation. If an attacker could trick a local user that\nhas NTLM credentials into visiting a specially crafted web page, they\ncould send arbitrary requests, authenticated with the user's NTLM\ncredentials, to other applications on the user's system.\n(CVE-2009-3983)\n\nA flaw was found in the way SeaMonkey displayed the SSL location bar\nindicator. An attacker could create an unencrypted web page that\nappears to be encrypted, possibly tricking the user into believing\nthey are visiting a secure page. (CVE-2009-3984)\n\nAfter installing the update, SeaMonkey must be restarted for the\nchanges to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0912&L=scientific-linux-errata&T=0&P=1503\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1c8db0d2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-1.0.9-0.48.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-chat-1.0.9-0.48.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-devel-1.0.9-0.48.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-dom-inspector-1.0.9-0.48.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-js-debugger-1.0.9-0.48.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-mail-1.0.9-0.48.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nspr-1.0.9-0.48.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nspr-devel-1.0.9-0.48.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nss-1.0.9-0.48.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nss-devel-1.0.9-0.48.el3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-1.0.9-51.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-chat-1.0.9-51.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-devel-1.0.9-51.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-dom-inspector-1.0.9-51.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-js-debugger-1.0.9-51.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-mail-1.0.9-51.el4_8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:57:16", "description": "USN-873-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream\nchanges introduced a regression when using NTLM authentication. This\nupdate fixes the problem and adds additional stability fixes.\n\nWe apologize for the inconvenience.\n\nJesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay,\nand David James discovered several flaws in the browser and JavaScript\nengines of Firefox. If a user were tricked into viewing a malicious\nwebsite, a remote attacker could cause a denial of service or possibly\nexecute arbitrary code with the privileges of the user invoking the\nprogram. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986)\n\nTakehiro Takahashi discovered flaws in the NTLM\nimplementation in Firefox. If an NTLM authenticated user\nvisited a malicious website, a remote attacker could send\nrequests to other applications, authenticated as the user.\n(CVE-2009-3983)\n\nJonathan Morgan discovered that Firefox did not properly\ndisplay SSL indicators under certain circumstances. This\ncould be used by an attacker to spoof an encrypted page,\nsuch as in a phishing attack. (CVE-2009-3984)\n\nJordi Chancel discovered that Firefox did not properly\ndisplay invalid URLs for a blank page. If a user were\ntricked into accessing a malicious website, an attacker\ncould exploit this to spoof the location bar, such as in a\nphishing attack. (CVE-2009-3985).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2010-01-08T00:00:00", "title": "Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 regression (USN-877-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3981", "CVE-2009-3986", "CVE-2009-3983", "CVE-2009-3985"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:abrowser", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dev", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-venkman", "p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-libthai", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-venkman", "p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dev", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk", "p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0-branding", "p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dev", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0", "p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-branding", "p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-venkman", "p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9"], "id": "UBUNTU_USN-877-1.NASL", "href": "https://www.tenable.com/plugins/nessus/43823", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-877-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43823);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2009-3979\", \"CVE-2009-3981\", \"CVE-2009-3983\", \"CVE-2009-3984\", \"CVE-2009-3985\", \"CVE-2009-3986\");\n script_bugtraq_id(37361, 37363, 37365, 37366, 37367, 37370);\n script_xref(name:\"USN\", value:\"877-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 regression (USN-877-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-873-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream\nchanges introduced a regression when using NTLM authentication. This\nupdate fixes the problem and adds additional stability fixes.\n\nWe apologize for the inconvenience.\n\nJesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay,\nand David James discovered several flaws in the browser and JavaScript\nengines of Firefox. If a user were tricked into viewing a malicious\nwebsite, a remote attacker could cause a denial of service or possibly\nexecute arbitrary code with the privileges of the user invoking the\nprogram. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986)\n\nTakehiro Takahashi discovered flaws in the NTLM\nimplementation in Firefox. If an NTLM authenticated user\nvisited a malicious website, a remote attacker could send\nrequests to other applications, authenticated as the user.\n(CVE-2009-3983)\n\nJonathan Morgan discovered that Firefox did not properly\ndisplay SSL indicators under certain circumstances. This\ncould be used by an attacker to spoof an encrypted page,\nsuch as in a phishing attack. (CVE-2009-3984)\n\nJordi Chancel discovered that Firefox did not properly\ndisplay invalid URLs for a blank page. If a user were\ntricked into accessing a malicious website, an attacker\ncould exploit this to spoof the location bar, such as in a\nphishing attack. (CVE-2009-3985).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/877-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-libthai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xulrunner-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/12/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|8\\.10|9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 8.10 / 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0-dev\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0-dom-inspector\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0-gnome-support\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0-venkman\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-dev\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-dom-inspector\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-gnome-support\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso-dev\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso-dom-inspector\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso-gnome-support\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-libthai\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk-dev\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk-dom-inspector\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk-gnome-support\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk-venkman\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9\", pkgver:\"1.9.0.17+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9-dev\", pkgver:\"1.9.0.17+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9-dom-inspector\", pkgver:\"1.9.0.17+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9-gnome-support\", pkgver:\"1.9.0.17+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xulrunner-1.9-venkman\", pkgver:\"1.9.0.17+nobinonly-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"abrowser\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"abrowser-3.0-branding\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-3.0\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-3.0-branding\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-3.0-dev\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-3.0-dom-inspector\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-3.0-gnome-support\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-3.0-venkman\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-dev\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-dom-inspector\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-gnome-support\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-granparadiso\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-granparadiso-dev\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-granparadiso-dom-inspector\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-granparadiso-gnome-support\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-libthai\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-trunk\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-trunk-dev\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-trunk-dom-inspector\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-trunk-gnome-support\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"firefox-trunk-venkman\", pkgver:\"3.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"xulrunner-1.9\", pkgver:\"1.9.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"xulrunner-1.9-dev\", pkgver:\"1.9.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"xulrunner-1.9-dom-inspector\", pkgver:\"1.9.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"xulrunner-1.9-gnome-support\", pkgver:\"1.9.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"xulrunner-1.9-venkman\", pkgver:\"1.9.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"xulrunner-dev\", pkgver:\"1.9.0.17+nobinonly-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"abrowser\", pkgver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"abrowser-3.0-branding\", pkgver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox\", pkgver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0\", pkgver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0-branding\", pkgver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0-dev\", pkgver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0-dom-inspector\", pkgver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0-gnome-support\", pkgver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-3.0-venkman\", pkgver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-dev\", pkgver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-dom-inspector\", pkgver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-gnome-support\", pkgver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-granparadiso\", pkgver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-granparadiso-dev\", pkgver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-granparadiso-dom-inspector\", pkgver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-granparadiso-gnome-support\", pkgver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-libthai\", pkgver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-trunk\", pkgver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-trunk-dev\", pkgver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-trunk-dom-inspector\", pkgver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-trunk-gnome-support\", pkgver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"firefox-trunk-venkman\", pkgver:\"3.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9\", pkgver:\"1.9.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9-dev\", pkgver:\"1.9.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9-dom-inspector\", pkgver:\"1.9.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9-gnome-support\", pkgver:\"1.9.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-1.9-venkman\", pkgver:\"1.9.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xulrunner-dev\", pkgver:\"1.9.0.17+nobinonly-0ubuntu0.9.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"abrowser / abrowser-3.0-branding / firefox / firefox-3.0 / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:03:51", "description": "The Mozilla Firefox was updated to version 3.0.16, fixing lots of bugs\nand various security issues.\n\nThe following issues were fixed :\n\n - MFSA 2009-65/CVE-2009-3979/CVE-2009-3981 Crashes with\n evidence of memory corruption (1.9.0.16)\n\n - MFSA 2009-68/CVE-2009-3983 (bmo#487872) NTLM reflection\n vulnerability\n\n - MFSA 2009-69/CVE-2009-3984/CVE-2009-3985\n (bmo#521461,bmo#514232) Location bar spoofing\n vulnerabilities\n\n - MFSA 2009-70/CVE-2009-3986 (bmo#522430) Privilege\n escalation via chrome window.opener", "edition": 23, "published": "2009-12-23T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (MozillaFirefox-1727)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3981", "CVE-2009-3986", "CVE-2009-3983", "CVE-2009-3985"], "modified": "2009-12-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations", "p-cpe:/a:novell:opensuse:python-xpcom190", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs"], "id": "SUSE_11_1_MOZILLAFIREFOX-091221.NASL", "href": "https://www.tenable.com/plugins/nessus/43396", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-1727.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43396);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3979\", \"CVE-2009-3981\", \"CVE-2009-3983\", \"CVE-2009-3984\", \"CVE-2009-3985\", \"CVE-2009-3986\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (MozillaFirefox-1727)\");\n script_summary(english:\"Check for the MozillaFirefox-1727 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla Firefox was updated to version 3.0.16, fixing lots of bugs\nand various security issues.\n\nThe following issues were fixed :\n\n - MFSA 2009-65/CVE-2009-3979/CVE-2009-3981 Crashes with\n evidence of memory corruption (1.9.0.16)\n\n - MFSA 2009-68/CVE-2009-3983 (bmo#487872) NTLM reflection\n vulnerability\n\n - MFSA 2009-69/CVE-2009-3984/CVE-2009-3985\n (bmo#521461,bmo#514232) Location bar spoofing\n vulnerabilities\n\n - MFSA 2009-70/CVE-2009-3986 (bmo#522430) Privilege\n escalation via chrome window.opener\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=559807\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xpcom190\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-3.0.16-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-branding-upstream-3.0.16-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-translations-3.0.16-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner190-1.9.0.16-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner190-devel-1.9.0.16-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.16-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner190-translations-1.9.0.16-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"python-xpcom190-1.9.0.16-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.16-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.16-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-32bit-1.9.0.16-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:02:54", "description": "The Mozilla Firefox was updated to version 3.0.16, fixing lots of bugs\nand various security issues.\n\nThe following issues were fixed :\n\n - MFSA 2009-65/CVE-2009-3979/CVE-2009-3981 Crashes with\n evidence of memory corruption (1.9.0.16)\n\n - MFSA 2009-68/CVE-2009-3983 (bmo#487872) NTLM reflection\n vulnerability\n\n - MFSA 2009-69/CVE-2009-3984/CVE-2009-3985\n (bmo#521461,bmo#514232) Location bar spoofing\n vulnerabilities\n\n - MFSA 2009-70/CVE-2009-3986 (bmo#522430) Privilege\n escalation via chrome window.opener", "edition": 23, "published": "2009-12-23T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (MozillaFirefox-1727)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3981", "CVE-2009-3986", "CVE-2009-3983", "CVE-2009-3985"], "modified": "2009-12-23T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations-32bit", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-devel", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190", "p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs"], "id": "SUSE_11_0_MOZILLAFIREFOX-091217.NASL", "href": "https://www.tenable.com/plugins/nessus/43395", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-1727.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43395);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3979\", \"CVE-2009-3981\", \"CVE-2009-3983\", \"CVE-2009-3984\", \"CVE-2009-3985\", \"CVE-2009-3986\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (MozillaFirefox-1727)\");\n script_summary(english:\"Check for the MozillaFirefox-1727 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla Firefox was updated to version 3.0.16, fixing lots of bugs\nand various security issues.\n\nThe following issues were fixed :\n\n - MFSA 2009-65/CVE-2009-3979/CVE-2009-3981 Crashes with\n evidence of memory corruption (1.9.0.16)\n\n - MFSA 2009-68/CVE-2009-3983 (bmo#487872) NTLM reflection\n vulnerability\n\n - MFSA 2009-69/CVE-2009-3984/CVE-2009-3985\n (bmo#521461,bmo#514232) Location bar spoofing\n vulnerabilities\n\n - MFSA 2009-70/CVE-2009-3986 (bmo#522430) Privilege\n escalation via chrome window.opener\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=559807\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"MozillaFirefox-3.0.16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"MozillaFirefox-translations-3.0.16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mozilla-xulrunner190-1.9.0.16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mozilla-xulrunner190-devel-1.9.0.16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mozilla-xulrunner190-translations-1.9.0.16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-32bit-1.9.0.16-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:45:48", "description": "Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\n - CVE-2009-3986 :\n David James discovered that the window.opener property\n allows Chrome privilege escalation.\n\n - CVE-2009-3985 :\n Jordi Chanel discovered a spoofing vulnerability of the\n URL location bar using the document.location property.\n\n - CVE-2009-3984 :\n Jonathan Morgan discovered that the icon indicating a\n secure connection could be spoofed through the\n document.location property.\n\n - CVE-2009-3983 :\n Takehiro Takahashi discovered that the NTLM\n implementation is vulnerable to reflection attacks.\n\n - CVE-2009-3981 :\n Jesse Ruderman discovered a crash in the layout engine,\n which might allow the execution of arbitrary code.\n\n - CVE-2009-3979 :\n Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel\n and Olli Pettay discovered crashes in the layout engine,\n which might allow the execution of arbitrary code.", "edition": 26, "published": "2010-02-24T00:00:00", "title": "Debian DSA-1956-1 : xulrunner - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3981", "CVE-2009-3986", "CVE-2009-3983", "CVE-2009-3985"], "modified": "2010-02-24T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:xulrunner"], "id": "DEBIAN_DSA-1956.NASL", "href": "https://www.tenable.com/plugins/nessus/44821", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1956. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44821);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-3979\", \"CVE-2009-3981\", \"CVE-2009-3983\", \"CVE-2009-3984\", \"CVE-2009-3985\", \"CVE-2009-3986\");\n script_bugtraq_id(37361, 37363, 37365, 37366, 37367, 37370);\n script_xref(name:\"DSA\", value:\"1956\");\n\n script_name(english:\"Debian DSA-1956-1 : xulrunner - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\n - CVE-2009-3986 :\n David James discovered that the window.opener property\n allows Chrome privilege escalation.\n\n - CVE-2009-3985 :\n Jordi Chanel discovered a spoofing vulnerability of the\n URL location bar using the document.location property.\n\n - CVE-2009-3984 :\n Jonathan Morgan discovered that the icon indicating a\n secure connection could be spoofed through the\n document.location property.\n\n - CVE-2009-3983 :\n Takehiro Takahashi discovered that the NTLM\n implementation is vulnerable to reflection attacks.\n\n - CVE-2009-3981 :\n Jesse Ruderman discovered a crash in the layout engine,\n which might allow the execution of arbitrary code.\n\n - CVE-2009-3979 :\n Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel\n and Olli Pettay discovered crashes in the layout engine,\n which might allow the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-3986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-3985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-3984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-3983\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-3981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-3979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1956\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xulrunner packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.16-1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"libmozillainterfaces-java\", reference:\"1.9.0.16-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libmozjs-dev\", reference:\"1.9.0.16-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libmozjs1d\", reference:\"1.9.0.16-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libmozjs1d-dbg\", reference:\"1.9.0.16-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"python-xpcom\", reference:\"1.9.0.16-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"spidermonkey-bin\", reference:\"1.9.0.16-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xulrunner-1.9\", reference:\"1.9.0.16-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xulrunner-1.9-dbg\", reference:\"1.9.0.16-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xulrunner-1.9-gnome-support\", reference:\"1.9.0.16-1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xulrunner-dev\", reference:\"1.9.0.16-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:46:38", "description": "The Mozilla XULRunner engine was updated to version 1.9.0.16, fixing\nlots of bugs and various security issues.\n\nThe following issues were fixed :\n\n - Crashes with evidence of memory corruption (1.9.0.16).\n (MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3981)\n\n - (bmo#487872) NTLM reflection vulnerability. (MFSA\n 2009-68 / CVE-2009-3983)\n\n - (bmo#521461,bmo#514232) Location bar spoofing\n vulnerabilities. (MFSA 2009-69 / CVE-2009-3984 /\n CVE-2009-3985)\n\n - (bmo#522430) Privilege escalation via chrome\n window.opener. (MFSA 2009-70 / CVE-2009-3986)", "edition": 23, "published": "2010-10-11T00:00:00", "title": "SuSE 10 Security Update : XULRunner (ZYPP Patch Number 6734)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3981", "CVE-2009-3986", "CVE-2009-3983", "CVE-2009-3985"], "modified": "2010-10-11T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_MOZILLA-XULRUNNER190-6734.NASL", "href": "https://www.tenable.com/plugins/nessus/49898", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49898);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3979\", \"CVE-2009-3981\", \"CVE-2009-3983\", \"CVE-2009-3984\", \"CVE-2009-3985\", \"CVE-2009-3986\");\n\n script_name(english:\"SuSE 10 Security Update : XULRunner (ZYPP Patch Number 6734)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla XULRunner engine was updated to version 1.9.0.16, fixing\nlots of bugs and various security issues.\n\nThe following issues were fixed :\n\n - Crashes with evidence of memory corruption (1.9.0.16).\n (MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3981)\n\n - (bmo#487872) NTLM reflection vulnerability. (MFSA\n 2009-68 / CVE-2009-3983)\n\n - (bmo#521461,bmo#514232) Location bar spoofing\n vulnerabilities. (MFSA 2009-69 / CVE-2009-3984 /\n CVE-2009-3985)\n\n - (bmo#522430) Privilege escalation via chrome\n window.opener. (MFSA 2009-70 / CVE-2009-3986)\"\n );\n # http://www.mozilla.org/security/announce/2009/mfsa2009-65.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-65/\"\n );\n # http://www.mozilla.org/security/announce/2009/mfsa2009-68.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-68/\"\n );\n # http://www.mozilla.org/security/announce/2009/mfsa2009-69.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-69/\"\n );\n # http://www.mozilla.org/security/announce/2009/mfsa2009-70.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-70/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3979.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3981.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3983.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3984.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3985.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3986.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6734.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/12/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"mozilla-xulrunner190-1.9.0.16-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.16-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"mozilla-xulrunner190-translations-1.9.0.16-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.16-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.16-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-32bit-1.9.0.16-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner190-1.9.0.16-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.16-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"mozilla-xulrunner190-translations-1.9.0.16-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.16-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.16-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-32bit-1.9.0.16-0.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:13:32", "description": "The Mozilla XULRunner engine was updated to version 1.9.0.16, fixing\nlots of bugs and various security issues.\n\nThe following issues were fixed :\n\n - Crashes with evidence of memory corruption (1.9.0.16).\n (MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3981)\n\n - (bmo#487872) NTLM reflection vulnerability. (MFSA\n 2009-68 / CVE-2009-3983)\n\n - (bmo#521461,bmo#514232) Location bar spoofing\n vulnerabilities. (MFSA 2009-69 / CVE-2009-3984 /\n CVE-2009-3985)\n\n - (bmo#522430) Privilege escalation via chrome\n window.opener. (MFSA 2009-70 / CVE-2009-3986)", "edition": 23, "published": "2009-12-22T00:00:00", "title": "SuSE 11 Security Update : XULRunner (SAT Patch Number 1716)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3981", "CVE-2009-3986", "CVE-2009-3983", "CVE-2009-3985"], "modified": "2009-12-22T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs-32bit"], "id": "SUSE_11_MOZILLA-XULRUNNER190-091217.NASL", "href": "https://www.tenable.com/plugins/nessus/43388", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43388);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3979\", \"CVE-2009-3981\", \"CVE-2009-3983\", \"CVE-2009-3984\", \"CVE-2009-3985\", \"CVE-2009-3986\");\n\n script_name(english:\"SuSE 11 Security Update : XULRunner (SAT Patch Number 1716)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla XULRunner engine was updated to version 1.9.0.16, fixing\nlots of bugs and various security issues.\n\nThe following issues were fixed :\n\n - Crashes with evidence of memory corruption (1.9.0.16).\n (MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3981)\n\n - (bmo#487872) NTLM reflection vulnerability. (MFSA\n 2009-68 / CVE-2009-3983)\n\n - (bmo#521461,bmo#514232) Location bar spoofing\n vulnerabilities. (MFSA 2009-69 / CVE-2009-3984 /\n CVE-2009-3985)\n\n - (bmo#522430) Privilege escalation via chrome\n window.opener. (MFSA 2009-70 / CVE-2009-3986)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-65.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-68.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-69.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-70.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=559807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3979.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3981.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3983.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3984.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3985.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3986.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1716.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-1.9.0.16-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.16-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner190-translations-1.9.0.16-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-1.9.0.16-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.16-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.16-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.16-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-1.9.0.16-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-32bit-1.9.0.16-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner190-1.9.0.16-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.16-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner190-translations-1.9.0.16-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"mozilla-xulrunner190-32bit-1.9.0.16-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.16-0.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:44:37", "description": "Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986)\n\nA flaw was found in the Firefox NT Lan Manager (NTLM) authentication\nprotocol implementation. If an attacker could trick a local user that\nhas NTLM credentials into visiting a specially crafted web page, they\ncould send arbitrary requests, authenticated with the user's NTLM\ncredentials, to other applications on the user's system.\n(CVE-2009-3983)\n\nA flaw was found in the way Firefox displayed the SSL location bar\nindicator. An attacker could create an unencrypted web page that\nappears to be encrypted, possibly tricking the user into believing\nthey are visiting a secure page. (CVE-2009-3984)\n\nA flaw was found in the way Firefox displayed blank pages after a user\nnavigates to an invalid address. If a user visits an\nattacker-controlled web page that results in a blank page, the\nattacker could inject content into that blank page, possibly tricking\nthe user into believing they are viewing a legitimate page.\n(CVE-2009-3985)\n\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3981", "CVE-2009-3986", "CVE-2009-3983", "CVE-2009-3985"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20091216_FIREFOX_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60709", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60709);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3979\", \"CVE-2009-3981\", \"CVE-2009-3983\", \"CVE-2009-3984\", \"CVE-2009-3985\", \"CVE-2009-3986\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986)\n\nA flaw was found in the Firefox NT Lan Manager (NTLM) authentication\nprotocol implementation. If an attacker could trick a local user that\nhas NTLM credentials into visiting a specially crafted web page, they\ncould send arbitrary requests, authenticated with the user's NTLM\ncredentials, to other applications on the user's system.\n(CVE-2009-3983)\n\nA flaw was found in the way Firefox displayed the SSL location bar\nindicator. An attacker could create an unencrypted web page that\nappears to be encrypted, possibly tricking the user into believing\nthey are visiting a secure page. (CVE-2009-3984)\n\nA flaw was found in the way Firefox displayed blank pages after a user\nnavigates to an invalid address. If a user visits an\nattacker-controlled web page that results in a blank page, the\nattacker could inject content into that blank page, possibly tricking\nthe user into believing they are viewing a legitimate page.\n(CVE-2009-3985)\n\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0912&L=scientific-linux-errata&T=0&P=1635\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3467a319\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"firefox-3.0.16-4.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"firefox-3.0.16-1.el5_4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-1.9.0.16-2.el5_4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-devel-1.9.0.16-2.el5_4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-devel-unstable-1.9.0.16-2.el5_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:07:20", "description": "Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986)\n\nA flaw was found in the Firefox NT Lan Manager (NTLM) authentication\nprotocol implementation. If an attacker could trick a local user that\nhas NTLM credentials into visiting a specially crafted web page, they\ncould send arbitrary requests, authenticated with the user's NTLM\ncredentials, to other applications on the user's system.\n(CVE-2009-3983)\n\nA flaw was found in the way Firefox displayed the SSL location bar\nindicator. An attacker could create an unencrypted web page that\nappears to be encrypted, possibly tricking the user into believing\nthey are visiting a secure page. (CVE-2009-3984)\n\nA flaw was found in the way Firefox displayed blank pages after a user\nnavigates to an invalid address. If a user visits an\nattacker-controlled web page that results in a blank page, the\nattacker could inject content into that blank page, possibly tricking\nthe user into believing they are viewing a legitimate page.\n(CVE-2009-3985)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.0.16. You can find a link to the\nMozilla advisories in the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.0.16, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 29, "published": "2009-12-16T00:00:00", "title": "RHEL 4 / 5 : firefox (RHSA-2009:1674)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3981", "CVE-2009-3986", "CVE-2009-3983", "CVE-2009-3985"], "modified": "2009-12-16T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:xulrunner-devel-unstable", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:xulrunner", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:xulrunner-devel", "cpe:/o:redhat:enterprise_linux:5.4"], "id": "REDHAT-RHSA-2009-1674.NASL", "href": "https://www.tenable.com/plugins/nessus/43171", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1674. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43171);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3979\", \"CVE-2009-3981\", \"CVE-2009-3983\", \"CVE-2009-3984\", \"CVE-2009-3985\", \"CVE-2009-3986\");\n script_xref(name:\"RHSA\", value:\"2009:1674\");\n\n script_name(english:\"RHEL 4 / 5 : firefox (RHSA-2009:1674)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986)\n\nA flaw was found in the Firefox NT Lan Manager (NTLM) authentication\nprotocol implementation. If an attacker could trick a local user that\nhas NTLM credentials into visiting a specially crafted web page, they\ncould send arbitrary requests, authenticated with the user's NTLM\ncredentials, to other applications on the user's system.\n(CVE-2009-3983)\n\nA flaw was found in the way Firefox displayed the SSL location bar\nindicator. An attacker could create an unencrypted web page that\nappears to be encrypted, possibly tricking the user into believing\nthey are visiting a secure page. (CVE-2009-3984)\n\nA flaw was found in the way Firefox displayed blank pages after a user\nnavigates to an invalid address. If a user visits an\nattacker-controlled web page that results in a blank page, the\nattacker could inject content into that blank page, possibly tricking\nthe user into believing they are viewing a legitimate page.\n(CVE-2009-3985)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.0.16. You can find a link to the\nMozilla advisories in the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.0.16, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3983\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3986\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d7d74da4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1674\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel-unstable\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/12/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1674\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"firefox-3.0.16-4.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-3.0.16-1.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-1.9.0.16-2.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-devel-1.9.0.16-2.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xulrunner-devel-unstable-1.9.0.16-2.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xulrunner-devel-unstable-1.9.0.16-2.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xulrunner-devel-unstable-1.9.0.16-2.el5_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner / xulrunner-devel / xulrunner-devel-unstable\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:26:04", "description": "Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986)\n\nA flaw was found in the Firefox NT Lan Manager (NTLM) authentication\nprotocol implementation. If an attacker could trick a local user that\nhas NTLM credentials into visiting a specially crafted web page, they\ncould send arbitrary requests, authenticated with the user's NTLM\ncredentials, to other applications on the user's system.\n(CVE-2009-3983)\n\nA flaw was found in the way Firefox displayed the SSL location bar\nindicator. An attacker could create an unencrypted web page that\nappears to be encrypted, possibly tricking the user into believing\nthey are visiting a secure page. (CVE-2009-3984)\n\nA flaw was found in the way Firefox displayed blank pages after a user\nnavigates to an invalid address. If a user visits an\nattacker-controlled web page that results in a blank page, the\nattacker could inject content into that blank page, possibly tricking\nthe user into believing they are viewing a legitimate page.\n(CVE-2009-3985)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.0.16. You can find a link to the\nMozilla advisories in the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.0.16, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 27, "published": "2009-12-21T00:00:00", "title": "CentOS 4 / 5 : firefox (CESA-2009:1674)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3981", "CVE-2009-3986", "CVE-2009-3983", "CVE-2009-3985"], "modified": "2009-12-21T00:00:00", "cpe": ["p-cpe:/a:centos:centos:xulrunner-devel", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:xulrunner-devel-unstable", "p-cpe:/a:centos:centos:xulrunner", "p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2009-1674.NASL", "href": "https://www.tenable.com/plugins/nessus/43356", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1674 and \n# CentOS Errata and Security Advisory 2009:1674 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43356);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-3979\", \"CVE-2009-3981\", \"CVE-2009-3983\", \"CVE-2009-3984\", \"CVE-2009-3985\", \"CVE-2009-3986\");\n script_xref(name:\"RHSA\", value:\"2009:1674\");\n\n script_name(english:\"CentOS 4 / 5 : firefox (CESA-2009:1674)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986)\n\nA flaw was found in the Firefox NT Lan Manager (NTLM) authentication\nprotocol implementation. If an attacker could trick a local user that\nhas NTLM credentials into visiting a specially crafted web page, they\ncould send arbitrary requests, authenticated with the user's NTLM\ncredentials, to other applications on the user's system.\n(CVE-2009-3983)\n\nA flaw was found in the way Firefox displayed the SSL location bar\nindicator. An attacker could create an unencrypted web page that\nappears to be encrypted, possibly tricking the user into believing\nthey are visiting a secure page. (CVE-2009-3984)\n\nA flaw was found in the way Firefox displayed blank pages after a user\nnavigates to an invalid address. If a user visits an\nattacker-controlled web page that results in a blank page, the\nattacker could inject content into that blank page, possibly tricking\nthe user into believing they are viewing a legitimate page.\n(CVE-2009-3985)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.0.16. You can find a link to the\nMozilla advisories in the References section of this errata.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.0.16, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-December/016391.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1de93e8c\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-December/016392.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f44276c\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-December/016397.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?594d2815\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-December/016398.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?307a82be\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner-devel-unstable\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/12/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"firefox-3.0.16-4.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"firefox-3.0.16-4.el4.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-3.0.16-1.el5.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-1.9.0.16-2.el5_4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-devel-1.9.0.16-2.el5_4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-devel-unstable-1.9.0.16-2.el5_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner / xulrunner-devel / xulrunner-devel-unstable\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:23:59", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3981", "CVE-2009-3986", "CVE-2009-3983", "CVE-2009-3985"], "description": "Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and \nDavid James discovered several flaws in the browser and JavaScript engines \nof Firefox. If a user were tricked into viewing a malicious website, a \nremote attacker could cause a denial of service or possibly execute \narbitrary code with the privileges of the user invoking the program. \n(CVE-2009-3979, CVE-2009-3981, CVE-2009-3986)\n\nTakehiro Takahashi discovered flaws in the NTLM implementation in Firefox. \nIf an NTLM authenticated user visited a malicious website, a remote \nattacker could send requests to other applications, authenticated as the \nuser. (CVE-2009-3983)\n\nJonathan Morgan discovered that Firefox did not properly display SSL \nindicators under certain circumstances. This could be used by an attacker \nto spoof an encrypted page, such as in a phishing attack. (CVE-2009-3984)\n\nJordi Chancel discovered that Firefox did not properly display invalid URLs \nfor a blank page. If a user were tricked into accessing a malicious \nwebsite, an attacker could exploit this to spoof the location bar, such as \nin a phishing attack. (CVE-2009-3985)", "edition": 5, "modified": "2009-12-18T00:00:00", "published": "2009-12-18T00:00:00", "id": "USN-873-1", "href": "https://ubuntu.com/security/notices/USN-873-1", "title": "Firefox 3.0 and Xulrunner 1.9 vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:33:13", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3981", "CVE-2009-3986", "CVE-2009-3983", "CVE-2009-3985"], "description": "USN-873-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream \nchanges introduced a regression when using NTLM authentication. This update \nfixes the problem and adds additional stability fixes.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nJesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and \nDavid James discovered several flaws in the browser and JavaScript engines \nof Firefox. If a user were tricked into viewing a malicious website, a \nremote attacker could cause a denial of service or possibly execute \narbitrary code with the privileges of the user invoking the program. \n(CVE-2009-3979, CVE-2009-3981, CVE-2009-3986)\n\nTakehiro Takahashi discovered flaws in the NTLM implementation in Firefox. \nIf an NTLM authenticated user visited a malicious website, a remote \nattacker could send requests to other applications, authenticated as the \nuser. (CVE-2009-3983)\n\nJonathan Morgan discovered that Firefox did not properly display SSL \nindicators under certain circumstances. This could be used by an attacker \nto spoof an encrypted page, such as in a phishing attack. (CVE-2009-3984)\n\nJordi Chancel discovered that Firefox did not properly display invalid URLs \nfor a blank page. If a user were tricked into accessing a malicious \nwebsite, an attacker could exploit this to spoof the location bar, such as \nin a phishing attack. (CVE-2009-3985)", "edition": 5, "modified": "2010-01-08T00:00:00", "published": "2010-01-08T00:00:00", "id": "USN-877-1", "href": "https://ubuntu.com/security/notices/USN-877-1", "title": "Firefox 3.0 and Xulrunner 1.9 regression", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-08T23:40:35", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3388", "CVE-2009-3389", "CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3980", "CVE-2009-3986", "CVE-2009-3983", "CVE-2009-3982", "CVE-2009-3985"], "description": "USN-874-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream \nchanges introduced a regression when using NTLM authentication. This update \nfixes the problem and adds additional stability fixes.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details: \nJesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and \nDavid James discovered several flaws in the browser and JavaScript engines \nof Firefox. If a user were tricked into viewing a malicious website, a \nremote attacker could cause a denial of service or possibly execute \narbitrary code with the privileges of the user invoking the program. \n(CVE-2009-3979, CVE-2009-3980, CVE-2009-3982, CVE-2009-3986)\n\nTakehiro Takahashi discovered flaws in the NTLM implementation in Firefox. \nIf an NTLM authenticated user visited a malicious website, a remote \nattacker could send requests to other applications, authenticated as the \nuser. (CVE-2009-3983)\n\nJonathan Morgan discovered that Firefox did not properly display SSL \nindicators under certain circumstances. This could be used by an attacker \nto spoof an encrypted page, such as in a phishing attack. (CVE-2009-3984)\n\nJordi Chancel discovered that Firefox did not properly display invalid URLs \nfor a blank page. If a user were tricked into accessing a malicious \nwebsite, an attacker could exploit this to spoof the location bar, such as \nin a phishing attack. (CVE-2009-3985)\n\nDavid Keeler, Bob Clary, and Dan Kaminsky discovered several flaws in third \nparty media libraries. If a user were tricked into opening a crafted media \nfile, a remote attacker could cause a denial of service or possibly execute \narbitrary code with the privileges of the user invoking the program. \n(CVE-2009-3388, CVE-2009-3389)", "edition": 5, "modified": "2010-01-08T00:00:00", "published": "2010-01-08T00:00:00", "id": "USN-878-1", "href": "https://ubuntu.com/security/notices/USN-878-1", "title": "Firefox 3.5 and Xulrunner 1.9.1 regression", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:32:24", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3388", "CVE-2009-3389", "CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3980", "CVE-2009-3986", "CVE-2009-3983", "CVE-2009-3982", "CVE-2009-3985"], "description": "Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and \nDavid James discovered several flaws in the browser and JavaScript engines \nof Firefox. If a user were tricked into viewing a malicious website, a \nremote attacker could cause a denial of service or possibly execute \narbitrary code with the privileges of the user invoking the program. \n(CVE-2009-3979, CVE-2009-3980, CVE-2009-3982, CVE-2009-3986)\n\nTakehiro Takahashi discovered flaws in the NTLM implementation in Firefox. \nIf an NTLM authenticated user visited a malicious website, a remote \nattacker could send requests to other applications, authenticated as the \nuser. (CVE-2009-3983)\n\nJonathan Morgan discovered that Firefox did not properly display SSL \nindicators under certain circumstances. This could be used by an attacker \nto spoof an encrypted page, such as in a phishing attack. (CVE-2009-3984)\n\nJordi Chancel discovered that Firefox did not properly display invalid URLs \nfor a blank page. If a user were tricked into accessing a malicious \nwebsite, an attacker could exploit this to spoof the location bar, such as \nin a phishing attack. (CVE-2009-3985)\n\nDavid Keeler, Bob Clary, and Dan Kaminsky discovered several flaws in third \nparty media libraries. If a user were tricked into opening a crafted media \nfile, a remote attacker could cause a denial of service or possibly execute \narbitrary code with the privileges of the user invoking the program. \n(CVE-2009-3388, CVE-2009-3389)", "edition": 5, "modified": "2009-12-18T00:00:00", "published": "2009-12-18T00:00:00", "id": "USN-874-1", "href": "https://ubuntu.com/security/notices/USN-874-1", "title": "Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:25:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3979", "CVE-2009-3984", "CVE-2009-3981", "CVE-2009-3986", "CVE-2009-3983", "CVE-2009-3985"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1956-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nDecember 16, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : xulrunner\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2009-3986 CVE-2009-3985 CVE-2009-3984 CVE-2009-3983 CVE-2009-3981 CVE-2009-3979\n\nSeveral remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2009-3986:\n\n David James discovered that the window.opener property allows Chrome\n privilege escalation.\n\nCVE-2009-3985:\n\n Jordi Chanel discovered a spoofing vulnerability of the URL location bar \n using the document.location property.\n\nCVE-2009-3984:\n\n Jonathan Morgan discovered that the icon indicating a secure connection\n could be spoofed through the document.location property.\n\nCVE-2009-3983:\n\n Takehiro Takahashi discovered that the NTLM implementaion is vulnerable\n to reflection attacks.\n\nCVE-2009-3981:\n\n Jesse Ruderman discovered a crash in the layout engine, which might allow\n the execution of arbitrary code.\n\nCVE-2009-3979:\n\n Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel and Olli Pettay\n discovered crashes in the layout engine, which might allow the execution\n of arbitrary code.\n\nFor the stable distribution (lenny), these problems have been fixed in \nversion 1.9.0.16-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.1.6-1.\n\nWe recommend that you upgrade your xulrunner packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.16-1.dsc\n Size/MD5 checksum: 1755 661a7213945541c3aff7c1225f4a4e4b\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.16.orig.tar.gz\n Size/MD5 checksum: 44158276 49eccba737701abfd9f0405dc91fb848\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.16-1.diff.gz\n Size/MD5 checksum: 116218 6d5380e0a12ea65cbfa98059641c5b1b\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.16-1_all.deb\n Size/MD5 checksum: 1464570 40a5ae6f705fe11bb244e039804233ea\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_alpha.deb\n Size/MD5 checksum: 51094414 36f539011a5ee228fae0195020709cc7\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_alpha.deb\n Size/MD5 checksum: 432242 c5110bdb4836a6e20a9b9b8e6959c1e9\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_alpha.deb\n Size/MD5 checksum: 9494198 0139dd56d61b77e77316ab24937df305\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_alpha.deb\n Size/MD5 checksum: 938424 b52ef8d6a5671df01a179e42379af747\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_alpha.deb\n Size/MD5 checksum: 72044 2fe658f8d17e1547d7c18d7e382b1c02\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_alpha.deb\n Size/MD5 checksum: 163948 ee725d4c448ebf6d3c3def1ec0302e8a\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_alpha.deb\n Size/MD5 checksum: 3651674 4f728529795d19de42ee07c1a994d84e\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_alpha.deb\n Size/MD5 checksum: 221628 578247ecd3b3c21230b272fe446c85b8\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_alpha.deb\n Size/MD5 checksum: 112068 52292e961eea13ac499f0923f8f56afe\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_amd64.deb\n Size/MD5 checksum: 3288346 c4994fb96c217a3d16d718b919c5488a\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_amd64.deb\n Size/MD5 checksum: 151976 db96efb00277b2eae199c26b99ea043e\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_amd64.deb\n Size/MD5 checksum: 69948 db7a93f30248ee123430c0ec8fc51388\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_amd64.deb\n Size/MD5 checksum: 101544 804243e7ed5e3fadb407f16d9d78f081\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_amd64.deb\n Size/MD5 checksum: 890384 5dfe153e3eafca3a3590d44692088152\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_amd64.deb\n Size/MD5 checksum: 374232 dfee7250cbe693362d58228d815b17a1\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_amd64.deb\n Size/MD5 checksum: 50332174 0c1988f9cff6d4718d0965f6fe2ca00c\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_amd64.deb\n Size/MD5 checksum: 7724684 2ece5643c14ae34a0270d1bb740d0190\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_amd64.deb\n Size/MD5 checksum: 223014 368b9f81b97bedfd51ea46cef4bfed9c\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_hppa.deb\n Size/MD5 checksum: 223372 f14b9641604130cbd1316684ce80eea4\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_hppa.deb\n Size/MD5 checksum: 72040 cee4430fd91f516a3a6b64a851cba9d1\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_hppa.deb\n Size/MD5 checksum: 898940 adc9f60d3478ac3efac390b54f758c08\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_hppa.deb\n Size/MD5 checksum: 413076 fa0451857abe00213b1c2fdbbeeb9216\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_hppa.deb\n Size/MD5 checksum: 158510 c33508922abba00e2db82b4330cfe556\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_hppa.deb\n Size/MD5 checksum: 51227746 215c15bee82bd5ee69c1603c93e47c74\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_hppa.deb\n Size/MD5 checksum: 3629732 24ae38db87e085986b45cbfbf51596b5\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_hppa.deb\n Size/MD5 checksum: 106760 9d9f796627813bf63d3d59cbc80cae94\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_hppa.deb\n Size/MD5 checksum: 9512538 053e525101326d09b2b302090b172496\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_i386.deb\n Size/MD5 checksum: 6603188 5a7d3778788b71f3214ed981d2158481\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_i386.deb\n Size/MD5 checksum: 141452 0281b88b7c5efcd28e70283d9083a78c\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_i386.deb\n Size/MD5 checksum: 350878 d2977664d676cf868f1945c7949ff91b\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_i386.deb\n Size/MD5 checksum: 3565586 3a069b19bc73d53ace1bd816412b4672\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_i386.deb\n Size/MD5 checksum: 851826 a7b7b5596d788b006125e1af9f50b9e2\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_i386.deb\n Size/MD5 checksum: 223270 46166eab3e8d094223f19cf7024f00f5\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_i386.deb\n Size/MD5 checksum: 49496458 37d985ecce882e81a20e797ad1ea3618\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_i386.deb\n Size/MD5 checksum: 68158 8b79e51fcd2e87aba9db39b000027e5f\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_i386.deb\n Size/MD5 checksum: 79204 52f55479a92095e5e410680a64c35a69\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_ia64.deb\n Size/MD5 checksum: 223178 56b4d13963a5417365ac98e7cb68f9c2\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_ia64.deb\n Size/MD5 checksum: 180234 118576ab26bd4bc6e98a32574d30aa21\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_ia64.deb\n Size/MD5 checksum: 76530 5d78eca360e0d75cb28ca38fed899d91\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_ia64.deb\n Size/MD5 checksum: 811202 72192683bea462cc1f5f672c7988d9e9\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_ia64.deb\n Size/MD5 checksum: 121554 ac350b3e945c3d6b619d07f099af37ce\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_ia64.deb\n Size/MD5 checksum: 3397796 8d200fb548f982d0752ade5d0c28f593\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_ia64.deb\n Size/MD5 checksum: 49671280 16b4ad4e4ab3f9eab9ff83baf69e098f\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_ia64.deb\n Size/MD5 checksum: 11302800 b071e5b863130a778ab494c853617ca6\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_ia64.deb\n Size/MD5 checksum: 542146 141726b2753b7921fed58c5ffba4c2df\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_mips.deb\n Size/MD5 checksum: 918282 528a68827030f8761ab114e74fafc1e4\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_mips.deb\n Size/MD5 checksum: 3308002 bf1f6036812f8848332a98197b46e8ac\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_mips.deb\n Size/MD5 checksum: 223192 2c1f794ad7ff07396a5290c0fb39885d\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_mips.deb\n Size/MD5 checksum: 97104 2bdf01e5ce9380788078e3da3dce886a\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_mips.deb\n Size/MD5 checksum: 69950 5e7d343695b4b895020e7346daf6dad8\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_mips.deb\n Size/MD5 checksum: 51850028 8d341a8e7ef18c24778b61ae228dfcd7\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_mips.deb\n Size/MD5 checksum: 380128 d1394d5bbc20bb7822aede419206733d\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_mips.deb\n Size/MD5 checksum: 145388 263d12d202370293e8eb3b4c5374365d\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_mips.deb\n Size/MD5 checksum: 7649668 6d6cf7e6a00da066b8e5fbdeba9d61ed\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_mipsel.deb\n Size/MD5 checksum: 145050 ebdb58e0370aef9bef4ebf5f2736f4ad\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_mipsel.deb\n Size/MD5 checksum: 223200 caf058f99c969d46b9a7a40f0d0e3fc8\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_mipsel.deb\n Size/MD5 checksum: 7375656 83fea69a0f228bdd1f346cae0e4fce83\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_mipsel.deb\n Size/MD5 checksum: 3309390 02be3ae69ff0bb0e74511c90e65ee397\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_mipsel.deb\n Size/MD5 checksum: 900198 c47c7a1172694e5bba824f8d8f0da98e\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_mipsel.deb\n Size/MD5 checksum: 49967230 1aa11add1436ac50da0e7098b7858fcf\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_mipsel.deb\n Size/MD5 checksum: 96810 d1d70a9ac6cd40722fd448822bb41d42\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_mipsel.deb\n Size/MD5 checksum: 69892 1b8c2bd977102cfa5e84e227fbb95324\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_mipsel.deb\n Size/MD5 checksum: 378640 18bf07b633c1eaa5a6766e0043491e1d\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_powerpc.deb\n Size/MD5 checksum: 223186 a98c3d606008370b58426e68aa1d74eb\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_powerpc.deb\n Size/MD5 checksum: 73036 420365b25bd6586f30ad15a532b7f711\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_powerpc.deb\n Size/MD5 checksum: 3283746 eb8cd1cc29aad06c45f912b39dd1d35c\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_powerpc.deb\n Size/MD5 checksum: 7276356 1ff0a306c07d06af8692c569e65e4370\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_powerpc.deb\n Size/MD5 checksum: 887834 00ddf03b5858a38abb4c1268e14b8deb\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_powerpc.deb\n Size/MD5 checksum: 362562 403794ddb64118af431bae437aa83f55\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_powerpc.deb\n Size/MD5 checksum: 94824 68a744cc480c2bb91e5fccd0bbe2b8f7\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_powerpc.deb\n Size/MD5 checksum: 51392064 99becd6b3e9926f6b9ad06d35273bb96\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_powerpc.deb\n Size/MD5 checksum: 152322 5496044d62fc184a0207d8a1f7b16528\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_s390.deb\n Size/MD5 checksum: 105586 a049e14abd47bd52222d230d0ab5a779\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_s390.deb\n Size/MD5 checksum: 406744 93ef047be735be315259b074218e86d7\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_s390.deb\n Size/MD5 checksum: 8389742 4eb282c84e3c7e9f152e4039517d1937\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_s390.deb\n Size/MD5 checksum: 223184 7286a158dab58e76054ed3af5ec04a09\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_s390.deb\n Size/MD5 checksum: 909268 db230812204f07871e429bd7905ec502\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_s390.deb\n Size/MD5 checksum: 72922 3c5bedcaba5e9ea016983a0f00f54f7c\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_s390.deb\n Size/MD5 checksum: 156154 3b6f6e83b5019f2b85ede8d18e7bb108\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_s390.deb\n Size/MD5 checksum: 3306442 8c65f811bc4738b29e2b380e278cacc4\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_s390.deb\n Size/MD5 checksum: 51168676 4707184c455836b99d06075a06776866\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_sparc.deb\n Size/MD5 checksum: 88242 41d0bc936d44d0ae634785b40612c795\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_sparc.deb\n Size/MD5 checksum: 143282 658b3bbe4a734b9b1b17d7427d61baec\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_sparc.deb\n Size/MD5 checksum: 49355150 e2f70f19c1e526dc0bd2b324d25476e8\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_sparc.deb\n Size/MD5 checksum: 350094 0dcf1d199dabaa5207adfd370f391592\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_sparc.deb\n Size/MD5 checksum: 3577426 9c84a634aacd4ec64592ca24f5bec695\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_sparc.deb\n Size/MD5 checksum: 223282 4ca30dc0fc7989ee4045df25fa3df454\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_sparc.deb\n Size/MD5 checksum: 7175610 7ed182660d5e25fd16ffd5e65e3af587\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_sparc.deb\n Size/MD5 checksum: 821316 6fc3418c8abe57536e00b579970efaf9\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_sparc.deb\n Size/MD5 checksum: 69406 9a525e6314a592841214dc2c77186c8c\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2009-12-16T21:16:12", "published": "2009-12-16T21:16:12", "id": "DEBIAN:DSA-1956-1:B3844", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00280.html", "title": "[SECURITY] [DSA 1956-1] New xulrunner packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3388", "CVE-2009-3389", "CVE-2009-3979", "CVE-2009-3982", "CVE-2009-3983", "CVE-2009-3984", "CVE-2009-3985", "CVE-2009-3986"], "description": "SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite. ", "modified": "2009-12-18T04:36:12", "published": "2009-12-18T04:36:12", "id": "FEDORA:81D0728EDC8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: seamonkey-2.0.1-1.fc12", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3388", "CVE-2009-3389", "CVE-2009-3979", "CVE-2009-3980", "CVE-2009-3982", "CVE-2009-3983", "CVE-2009-3984", "CVE-2009-3985", "CVE-2009-3986"], "description": "This module allows you to use the Mozilla embedding widget from Perl. ", "modified": "2009-12-18T04:32:41", "published": "2009-12-18T04:32:41", "id": "FEDORA:4FD0428EDCB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: perl-Gtk2-MozEmbed-0.08-6.fc11.8", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3388", "CVE-2009-3389", "CVE-2009-3979", "CVE-2009-3980", "CVE-2009-3982", "CVE-2009-3983", "CVE-2009-3984", "CVE-2009-3985", "CVE-2009-3986"], "description": "Ruby/GNOME2 is a Ruby binding of libgnome/libgnomeui-2.x. ", "modified": "2009-12-18T04:32:41", "published": "2009-12-18T04:32:41", "id": "FEDORA:4F9D328EDCA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: ruby-gnome2-0.19.3-5.fc11", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3388", "CVE-2009-3389", "CVE-2009-3979", "CVE-2009-3980", "CVE-2009-3982", "CVE-2009-3983", "CVE-2009-3984", "CVE-2009-3985", "CVE-2009-3986"], "description": "XULRunner provides the XUL Runtime environment for Gecko applications. ", "modified": "2009-12-18T04:32:41", "published": "2009-12-18T04:32:41", "id": "FEDORA:997FA28EDDE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: xulrunner-1.9.1.6-1.fc11", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3388", "CVE-2009-3389", "CVE-2009-3979", "CVE-2009-3980", "CVE-2009-3982", "CVE-2009-3983", "CVE-2009-3984", "CVE-2009-3985", "CVE-2009-3986"], "description": "Epiphany is the web browser for the GNOME desktop. Its goal is to be simple and easy to use. Epiphany ties together many GNOME components in order to let you focus on the Web content, instead of the browser application. Epiphany is extensible through a plugin system. Existing plugins can be found in the epiphany-extensions package. ", "modified": "2009-12-18T04:32:41", "published": "2009-12-18T04:32:41", "id": "FEDORA:17B2B28EDDC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: epiphany-2.26.3-7.fc11", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3388", "CVE-2009-3389", "CVE-2009-3979", "CVE-2009-3980", "CVE-2009-3982", "CVE-2009-3983", "CVE-2009-3984", "CVE-2009-3985", "CVE-2009-3986"], "description": "A gtk2 chm document viewer. It uses chmlib to extract files. It uses gecko to display pages. It supports displaying multilingual pages due to gecko. It features bookmarks and tabs. The tabs could be used to jump inside the chm file conveniently. Its UI is clean and handy, also is well localized. It is actively developed and maintained. The author of chmsee is Jungle Ji and several other great peopl e. Hint * Unlike other chm viewers, chmsee extracts files from chm file, and then r ead and display them. The extracted files could be found in $HOME/.chmsee/books helf directory. You can clean those files at any time and there is a special con fig option for that. * The bookmark is related to each file so not all bookmarks will be loaded, only current file's. * Try to remove $HOME/.chmsee if you encounter any problem after an upgrade. ", "modified": "2009-12-18T04:32:41", "published": "2009-12-18T04:32:41", "id": "FEDORA:5FF9E28EDD6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: chmsee-1.0.1-14.fc11", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3388", "CVE-2009-3389", "CVE-2009-3979", "CVE-2009-3980", "CVE-2009-3982", "CVE-2009-3983", "CVE-2009-3984", "CVE-2009-3985", "CVE-2009-3986"], "description": "Miro is a free application that turns your computer into an internet TV video player. This release is still a beta version, which means that there are some bugs, but we're moving quickly to fix them and will be releasing bug fixes on a regular basis. ", "modified": "2009-12-18T04:32:41", "published": "2009-12-18T04:32:41", "id": "FEDORA:8040D28EDCF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: Miro-2.5.2-7.fc11", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3388", "CVE-2009-3389", "CVE-2009-3979", "CVE-2009-3980", "CVE-2009-3982", "CVE-2009-3983", "CVE-2009-3984", "CVE-2009-3985", "CVE-2009-3986"], "description": "This is mozvoikko, an extension for Mozilla programs for using the Finnish spell-checker Voikko. ", "modified": "2009-12-18T04:32:41", "published": "2009-12-18T04:32:41", "id": "FEDORA:610F128EDCD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: mozvoikko-0.9.7-0.10.rc1.fc11", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3388", "CVE-2009-3389", "CVE-2009-3979", "CVE-2009-3980", "CVE-2009-3982", "CVE-2009-3983", "CVE-2009-3984", "CVE-2009-3985", "CVE-2009-3986"], "description": "gnome-web-photo contains a thumbnailer that will be used by GNOME applicati ons, including the file manager, to generate screenshots of web pages. ", "modified": "2009-12-18T04:38:06", "published": "2009-12-18T04:38:06", "id": "FEDORA:2B22428EDD5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: gnome-web-photo-0.9-4.fc12", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3388", "CVE-2009-3389", "CVE-2009-3979", "CVE-2009-3980", "CVE-2009-3982", "CVE-2009-3983", "CVE-2009-3984", "CVE-2009-3985", "CVE-2009-3986"], "description": "An easy-to-use telnet client mainly targets BBS users. PCMan X is a newly developed GPL'd version of PCMan, a full-featured famous BBS client formerly designed for MS Windows only. It aimed to be an easy-to-use yet full-featured telnet client facilitating BBS browsing with the ability to process double-byte characters. ", "modified": "2009-12-18T04:32:41", "published": "2009-12-18T04:32:41", "id": "FEDORA:E730828EDDA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: pcmanx-gtk2-0.3.8-11.fc11", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
