ID OPENVAS:1361412562310800379 Type openvas Reporter Copyright (C) 2009 Greenbone Networks GmbH Modified 2018-12-03T00:00:00
Description
The host is installed with Mozilla Firefox browser and is prone
to XSL File Parsing Vulnerability.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_firefox_xsl_parsing_vuln_win.nasl 12629 2018-12-03 15:19:43Z cfischer $
#
# Firefox XSL Parsing Vulnerability (Windows)
#
# Authors:
# Sharath S <sharaths@secpod.com>
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.800379");
script_version("$Revision: 12629 $");
script_tag(name:"last_modification", value:"$Date: 2018-12-03 16:19:43 +0100 (Mon, 03 Dec 2018) $");
script_tag(name:"creation_date", value:"2009-04-08 08:04:29 +0200 (Wed, 08 Apr 2009)");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_cve_id("CVE-2009-1169");
script_bugtraq_id(34235);
script_name("Firefox XSL Parsing Vulnerability (Windows)");
script_xref(name:"URL", value:"http://secunia.com/advisories/34471");
script_xref(name:"URL", value:"http://www.milw0rm.com/exploits/8285");
script_xref(name:"URL", value:"http://securitytracker.com/alerts/2009/Mar/1021941.html");
script_xref(name:"URL", value:"http://www.mozilla.org/security/announce/2009/mfsa2009-12.html");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
script_family("Denial of Service");
script_dependencies("gb_firefox_detect_portable_win.nasl");
script_mandatory_keys("Firefox/Win/Ver");
script_tag(name:"impact", value:"Successful exploitation will let the attacker cause remote code execution
through a specially crafted malicious XSL file or can cause application termination at runtime.");
script_tag(name:"affected", value:"Firefox version 3.0 to 3.0.7 on Windows.");
script_tag(name:"insight", value:"This flaw is due to improper handling of errors encountered when transforming
an XML document which can be exploited to cause memory corrpution through a specially crafted XSLT code.");
script_tag(name:"solution", value:"Upgrade to Firefox version 3.0.8.");
script_tag(name:"summary", value:"The host is installed with Mozilla Firefox browser and is prone
to XSL File Parsing Vulnerability.");
script_tag(name:"qod_type", value:"registry");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("version_func.inc");
ffVer = get_kb_item("Firefox/Win/Ver");
if(!ffVer){
exit(0);
}
if(version_in_range(version:ffVer, test_version:"3.0", test_version2:"3.0.7")){
security_message( port: 0, data: "The target host was found to be vulnerable" );
}
{"id": "OPENVAS:1361412562310800379", "bulletinFamily": "scanner", "title": "Firefox XSL Parsing Vulnerability (Windows)", "description": "The host is installed with Mozilla Firefox browser and is prone\n to XSL File Parsing Vulnerability.", "published": "2009-04-08T00:00:00", "modified": "2018-12-03T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800379", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["http://www.mozilla.org/security/announce/2009/mfsa2009-12.html", "http://securitytracker.com/alerts/2009/Mar/1021941.html", "http://secunia.com/advisories/34471", "http://www.milw0rm.com/exploits/8285"], "cvelist": ["CVE-2009-1169"], "type": "openvas", "lastseen": "2019-05-29T18:40:15", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2009-1169"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The host is installed with Mozilla Firefox browser and is prone\n to XSL File Parsing Vulnerability.", "edition": 2, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "47da03925e1d5fb614f76c420e831f47293cb63732373453b9dfff5cdf9cfd7f", "hashmap": [{"hash": "711d051a7c0db70ca108b804aa5319ac", "key": "naslFamily"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "5d874e93f9cd8f114c2faddd03835bb7", "key": "sourceData"}, {"hash": "9eadcbf57fb10f768f5a4387decf9967", "key": "modified"}, {"hash": "95d8f5c057366fe2b7971ab1e180e3fa", "key": "cvelist"}, {"hash": "15fa3ee607cd450142f8bfb9b557cac7", "key": "title"}, {"hash": "43b5550fd20da42069af96c55f849034", "key": "href"}, {"hash": "b7e844243a0b30893b9118e3563e6521", "key": "reporter"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "003bae46353e255645499f61bb3f06f2", "key": "published"}, {"hash": "45142284e09012c5c8d49944b0640a80", "key": "description"}, {"hash": "8e2bea13af844006d6c9a239684ef5d2", "key": "pluginID"}, {"hash": "99689e745caa06d0ec9a32963671dcd6", "key": "references"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800379", "id": "OPENVAS:1361412562310800379", "lastseen": "2018-05-23T14:52:18", "modified": "2018-05-18T00:00:00", "naslFamily": "Denial of Service", "objectVersion": "1.3", "pluginID": "1361412562310800379", "published": "2009-04-08T00:00:00", "references": ["http://www.mozilla.org/security/announce/2009/mfsa2009-12.html", "http://securitytracker.com/alerts/2009/Mar/1021941.html", "http://secunia.com/advisories/34471", "http://www.milw0rm.com/exploits/8285"], "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_firefox_xsl_parsing_vuln_win.nasl 9912 2018-05-18 13:54:07Z cfischer $\n#\n# Firefox XSL Parsing Vulnerability (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800379\");\n script_version(\"$Revision: 9912 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-05-18 15:54:07 +0200 (Fri, 18 May 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-08 08:04:29 +0200 (Wed, 08 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1169\");\n script_bugtraq_id(34235);\n script_name(\"Firefox XSL Parsing Vulnerability (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/34471\");\n script_xref(name : \"URL\" , value : \"http://www.milw0rm.com/exploits/8285\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2009/Mar/1021941.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2009/mfsa2009-12.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n script_tag(name : \"impact\" , value : \"Successful exploitation will let the attacker cause remote code execution\n through a specially crafted malicious XSL file or can cause application\n termination at runtime.\n Impact Level: System/Application\");\n script_tag(name : \"affected\" , value : \"Firefox version 3.0 to 3.0.7 on Windows.\");\n script_tag(name : \"insight\" , value : \"This flaw is due to improper handling of errors encountered when transforming\n an XML document which can be exploited to cause memory corrpution through a\n specially crafted XSLT code.\");\n script_tag(name : \"solution\" , value : \"Upgrade to Firefox version 3.0.8\n http://www.mozilla.com/en-US/firefox/firefox.html\");\n script_tag(name : \"summary\" , value : \"The host is installed with Mozilla Firefox browser and is prone\n to XSL File Parsing Vulnerability.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(!ffVer){\n exit(0);\n}\n\nif(version_in_range(version:ffVer, test_version:\"3.0\", test_version2:\"3.0.7\")){\n security_message(0);\n}\n", "title": "Firefox XSL Parsing Vulnerability (Windows)", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-05-23T14:52:18"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2009-1169"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The host is installed with Mozilla Firefox browser and is prone\n to XSL File Parsing Vulnerability.", "edition": 5, "enchantments": {"dependencies": {"modified": "2018-12-04T13:43:35", "references": [{"idList": ["SECURITYVULNS:VULN:9712", "SECURITYVULNS:DOC:21546"], "type": "securityvulns"}, {"idList": ["DEBIAN_DSA-1756.NASL", "ORACLELINUX_ELSA-2009-0398.NASL", "REDHAT-RHSA-2009-0398.NASL", "FEDORA_2009-3099.NASL", "SUSE_11_0_MOZILLAFIREFOX-090407.NASL", "MANDRIVA_MDVSA-2009-084.NASL", "UBUNTU_USN-745-1.NASL", "SUSE_11_1_MOZILLAFIREFOX-090407.NASL", "CENTOS_RHSA-2009-0397.NASL", "REDHAT-RHSA-2009-0397.NASL"], "type": "nessus"}, {"idList": ["CVE-2009-1169"], "type": "cve"}, {"idList": ["CESA-2009:0398-01", "CESA-2009:0398", "CESA-2009:0397"], "type": "centos"}, {"idList": ["OPENVAS:136141256231065643", "OPENVAS:800380", "OPENVAS:1361412562310800380", "OPENVAS:800378", "OPENVAS:880792", "OPENVAS:136141256231063722", "OPENVAS:800379", "OPENVAS:800377", "OPENVAS:1361412562310800378", "OPENVAS:1361412562310800377"], "type": "openvas"}, {"idList": ["RHSA-2009:0397", "RHSA-2009:0398"], "type": "redhat"}, {"idList": ["EDB-ID:8285"], "type": "exploitdb"}, {"idList": ["DEBIAN:DSA-1756-1:9438A"], "type": "debian"}, {"idList": ["ELSA-2009-0397", "ELSA-2009-0398"], "type": "oraclelinux"}, {"idList": ["SSV:4973"], "type": "seebug"}, {"idList": ["USN-745-1"], "type": "ubuntu"}, {"idList": ["GLSA-201301-01"], "type": "gentoo"}, {"idList": ["SUSE-SA:2009:022", "SUSE-SA:2009:023"], "type": "suse"}]}, "score": {"value": 6.8, "vector": "NONE"}}, "hash": "7861515d4199264ee9cee70d0b87fad7cc05144b4f5b0f4a395183ddccfc6119", "hashmap": [{"hash": "711d051a7c0db70ca108b804aa5319ac", "key": "naslFamily"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "95d8f5c057366fe2b7971ab1e180e3fa", "key": "cvelist"}, {"hash": "15fa3ee607cd450142f8bfb9b557cac7", "key": "title"}, {"hash": "43b5550fd20da42069af96c55f849034", "key": "href"}, {"hash": "b7e844243a0b30893b9118e3563e6521", "key": "reporter"}, {"hash": "34823aeeb891b13b760dddf0727b0576", "key": "modified"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "003bae46353e255645499f61bb3f06f2", "key": "published"}, {"hash": "45142284e09012c5c8d49944b0640a80", "key": "description"}, {"hash": "8e2bea13af844006d6c9a239684ef5d2", "key": "pluginID"}, {"hash": "33db67a77ed4ab89a54d7c05b1381187", "key": "sourceData"}, {"hash": "99689e745caa06d0ec9a32963671dcd6", "key": "references"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800379", "id": "OPENVAS:1361412562310800379", "lastseen": "2018-12-04T13:43:35", "modified": "2018-12-03T00:00:00", "naslFamily": "Denial of Service", "objectVersion": "1.3", "pluginID": "1361412562310800379", "published": "2009-04-08T00:00:00", "references": ["http://www.mozilla.org/security/announce/2009/mfsa2009-12.html", "http://securitytracker.com/alerts/2009/Mar/1021941.html", "http://secunia.com/advisories/34471", "http://www.milw0rm.com/exploits/8285"], "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_firefox_xsl_parsing_vuln_win.nasl 12629 2018-12-03 15:19:43Z cfischer $\n#\n# Firefox XSL Parsing Vulnerability (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800379\");\n script_version(\"$Revision: 12629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-03 16:19:43 +0100 (Mon, 03 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-08 08:04:29 +0200 (Wed, 08 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1169\");\n script_bugtraq_id(34235);\n script_name(\"Firefox XSL Parsing Vulnerability (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/34471\");\n script_xref(name:\"URL\", value:\"http://www.milw0rm.com/exploits/8285\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2009/Mar/1021941.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-12.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let the attacker cause remote code execution\n through a specially crafted malicious XSL file or can cause application termination at runtime.\");\n\n script_tag(name:\"affected\", value:\"Firefox version 3.0 to 3.0.7 on Windows.\");\n\n script_tag(name:\"insight\", value:\"This flaw is due to improper handling of errors encountered when transforming\n an XML document which can be exploited to cause memory corrpution through a specially crafted XSLT code.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Firefox version 3.0.8.\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla Firefox browser and is prone\n to XSL File Parsing Vulnerability.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(!ffVer){\n exit(0);\n}\n\nif(version_in_range(version:ffVer, test_version:\"3.0\", test_version2:\"3.0.7\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "title": "Firefox XSL Parsing Vulnerability (Windows)", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-12-04T13:43:35"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2009-1169"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The host is installed with Mozilla Firefox browser and is prone\n to XSL File Parsing Vulnerability.", "edition": 4, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "47da03925e1d5fb614f76c420e831f47293cb63732373453b9dfff5cdf9cfd7f", "hashmap": [{"hash": "711d051a7c0db70ca108b804aa5319ac", "key": "naslFamily"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "5d874e93f9cd8f114c2faddd03835bb7", "key": "sourceData"}, {"hash": "9eadcbf57fb10f768f5a4387decf9967", "key": "modified"}, {"hash": "95d8f5c057366fe2b7971ab1e180e3fa", "key": "cvelist"}, {"hash": "15fa3ee607cd450142f8bfb9b557cac7", "key": "title"}, {"hash": "43b5550fd20da42069af96c55f849034", "key": "href"}, {"hash": "b7e844243a0b30893b9118e3563e6521", "key": "reporter"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "003bae46353e255645499f61bb3f06f2", "key": "published"}, {"hash": "45142284e09012c5c8d49944b0640a80", "key": "description"}, {"hash": "8e2bea13af844006d6c9a239684ef5d2", "key": "pluginID"}, {"hash": "99689e745caa06d0ec9a32963671dcd6", "key": "references"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800379", "id": "OPENVAS:1361412562310800379", "lastseen": "2018-09-02T00:05:41", "modified": "2018-05-18T00:00:00", "naslFamily": "Denial of Service", "objectVersion": "1.3", "pluginID": "1361412562310800379", "published": "2009-04-08T00:00:00", "references": ["http://www.mozilla.org/security/announce/2009/mfsa2009-12.html", "http://securitytracker.com/alerts/2009/Mar/1021941.html", "http://secunia.com/advisories/34471", "http://www.milw0rm.com/exploits/8285"], "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_firefox_xsl_parsing_vuln_win.nasl 9912 2018-05-18 13:54:07Z cfischer $\n#\n# Firefox XSL Parsing Vulnerability (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800379\");\n script_version(\"$Revision: 9912 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-05-18 15:54:07 +0200 (Fri, 18 May 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-08 08:04:29 +0200 (Wed, 08 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1169\");\n script_bugtraq_id(34235);\n script_name(\"Firefox XSL Parsing Vulnerability (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/34471\");\n script_xref(name : \"URL\" , value : \"http://www.milw0rm.com/exploits/8285\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2009/Mar/1021941.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2009/mfsa2009-12.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n script_tag(name : \"impact\" , value : \"Successful exploitation will let the attacker cause remote code execution\n through a specially crafted malicious XSL file or can cause application\n termination at runtime.\n Impact Level: System/Application\");\n script_tag(name : \"affected\" , value : \"Firefox version 3.0 to 3.0.7 on Windows.\");\n script_tag(name : \"insight\" , value : \"This flaw is due to improper handling of errors encountered when transforming\n an XML document which can be exploited to cause memory corrpution through a\n specially crafted XSLT code.\");\n script_tag(name : \"solution\" , value : \"Upgrade to Firefox version 3.0.8\n http://www.mozilla.com/en-US/firefox/firefox.html\");\n script_tag(name : \"summary\" , value : \"The host is installed with Mozilla Firefox browser and is prone\n to XSL File Parsing Vulnerability.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(!ffVer){\n exit(0);\n}\n\nif(version_in_range(version:ffVer, test_version:\"3.0\", test_version2:\"3.0.7\")){\n security_message(0);\n}\n", "title": "Firefox XSL Parsing Vulnerability (Windows)", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2018-09-02T00:05:41"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2009-1169"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The host is installed with Mozilla Firefox browser and is prone\n to XSL File Parsing Vulnerability.", "edition": 3, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "fc32337acab7dcdb543a365b4cc4ea0c11a3c4ffa5065b843e1d5e8e566df63d", "hashmap": [{"hash": "711d051a7c0db70ca108b804aa5319ac", "key": "naslFamily"}, {"hash": "5d874e93f9cd8f114c2faddd03835bb7", "key": "sourceData"}, {"hash": "9eadcbf57fb10f768f5a4387decf9967", "key": "modified"}, {"hash": "95d8f5c057366fe2b7971ab1e180e3fa", "key": "cvelist"}, {"hash": "15fa3ee607cd450142f8bfb9b557cac7", "key": "title"}, {"hash": "43b5550fd20da42069af96c55f849034", "key": "href"}, {"hash": "b7e844243a0b30893b9118e3563e6521", "key": "reporter"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "003bae46353e255645499f61bb3f06f2", "key": "published"}, {"hash": "45142284e09012c5c8d49944b0640a80", "key": "description"}, {"hash": "8e2bea13af844006d6c9a239684ef5d2", "key": "pluginID"}, {"hash": "99689e745caa06d0ec9a32963671dcd6", "key": "references"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800379", "id": "OPENVAS:1361412562310800379", "lastseen": "2018-08-30T19:28:10", "modified": "2018-05-18T00:00:00", "naslFamily": "Denial of Service", "objectVersion": "1.3", "pluginID": "1361412562310800379", "published": "2009-04-08T00:00:00", "references": ["http://www.mozilla.org/security/announce/2009/mfsa2009-12.html", "http://securitytracker.com/alerts/2009/Mar/1021941.html", "http://secunia.com/advisories/34471", "http://www.milw0rm.com/exploits/8285"], "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_firefox_xsl_parsing_vuln_win.nasl 9912 2018-05-18 13:54:07Z cfischer $\n#\n# Firefox XSL Parsing Vulnerability (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800379\");\n script_version(\"$Revision: 9912 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-05-18 15:54:07 +0200 (Fri, 18 May 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-08 08:04:29 +0200 (Wed, 08 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1169\");\n script_bugtraq_id(34235);\n script_name(\"Firefox XSL Parsing Vulnerability (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/34471\");\n script_xref(name : \"URL\" , value : \"http://www.milw0rm.com/exploits/8285\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2009/Mar/1021941.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2009/mfsa2009-12.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n script_tag(name : \"impact\" , value : \"Successful exploitation will let the attacker cause remote code execution\n through a specially crafted malicious XSL file or can cause application\n termination at runtime.\n Impact Level: System/Application\");\n script_tag(name : \"affected\" , value : \"Firefox version 3.0 to 3.0.7 on Windows.\");\n script_tag(name : \"insight\" , value : \"This flaw is due to improper handling of errors encountered when transforming\n an XML document which can be exploited to cause memory corrpution through a\n specially crafted XSLT code.\");\n script_tag(name : \"solution\" , value : \"Upgrade to Firefox version 3.0.8\n http://www.mozilla.com/en-US/firefox/firefox.html\");\n script_tag(name : \"summary\" , value : \"The host is installed with Mozilla Firefox browser and is prone\n to XSL File Parsing Vulnerability.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(!ffVer){\n exit(0);\n}\n\nif(version_in_range(version:ffVer, test_version:\"3.0\", test_version2:\"3.0.7\")){\n security_message(0);\n}\n", "title": "Firefox XSL Parsing Vulnerability (Windows)", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:28:10"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2009-1169"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The host is installed with Mozilla Firefox browser and is prone\n to XSL File Parsing Vulnerability.", "edition": 1, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "f4fea54e0c3d37aa5fca41270d0d8e783d556b6237c1bc6a33daa73f5ed619bb", "hashmap": [{"hash": "711d051a7c0db70ca108b804aa5319ac", "key": "naslFamily"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "95d8f5c057366fe2b7971ab1e180e3fa", "key": "cvelist"}, {"hash": "15fa3ee607cd450142f8bfb9b557cac7", "key": "title"}, {"hash": "43b5550fd20da42069af96c55f849034", "key": "href"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "b7e844243a0b30893b9118e3563e6521", "key": "reporter"}, {"hash": "6a17ca853a48203175f82cf4ac74fa40", "key": "sourceData"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "003bae46353e255645499f61bb3f06f2", "key": "published"}, {"hash": "45142284e09012c5c8d49944b0640a80", "key": "description"}, {"hash": "8e2bea13af844006d6c9a239684ef5d2", "key": "pluginID"}, {"hash": "99689e745caa06d0ec9a32963671dcd6", "key": "references"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800379", "id": "OPENVAS:1361412562310800379", "lastseen": "2018-04-06T11:39:47", "modified": "2018-04-06T00:00:00", "naslFamily": "Denial of Service", "objectVersion": "1.3", "pluginID": "1361412562310800379", "published": "2009-04-08T00:00:00", "references": ["http://www.mozilla.org/security/announce/2009/mfsa2009-12.html", "http://securitytracker.com/alerts/2009/Mar/1021941.html", "http://secunia.com/advisories/34471", "http://www.milw0rm.com/exploits/8285"], "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_firefox_xsl_parsing_vuln_win.nasl 9350 2018-04-06 07:03:33Z cfischer $\n#\n# Firefox XSL Parsing Vulnerability (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let the attacker cause remote code execution\n through a specially crafted malicious XSL file or can cause application\n termination at runtime.\n Impact Level: System/Application\";\ntag_affected = \"Firefox version 3.0 to 3.0.7 on Windows.\";\ntag_insight = \"This flaw is due to improper handling of errors encountered when transforming\n an XML document which can be exploited to cause memory corrpution through a\n specially crafted XSLT code.\";\ntag_solution = \"Upgrade to Firefox version 3.0.8\n http://www.mozilla.com/en-US/firefox/firefox.html\";\ntag_summary = \"The host is installed with Mozilla Firefox browser and is prone\n to XSL File Parsing Vulnerability.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800379\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-08 08:04:29 +0200 (Wed, 08 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1169\");\n script_bugtraq_id(34235);\n script_name(\"Firefox XSL Parsing Vulnerability (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/34471\");\n script_xref(name : \"URL\" , value : \"http://www.milw0rm.com/exploits/8285\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2009/Mar/1021941.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2009/mfsa2009-12.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_firefox_detect_win.nasl\");\n script_require_keys(\"Firefox/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(!ffVer){\n exit(0);\n}\n\n# Grep for firefox version 3.0 to 3.0.7\nif(version_in_range(version:ffVer, test_version:\"3.0\", test_version2:\"3.0.7\")){\n security_message(0);\n}\n", "title": "Firefox XSL Parsing Vulnerability (Windows)", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2018-04-06T11:39:47"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "95d8f5c057366fe2b7971ab1e180e3fa"}, {"key": "cvss", "hash": "d726e774add6189e33cf2ea0c61a2ba5"}, {"key": "description", "hash": "45142284e09012c5c8d49944b0640a80"}, {"key": "href", "hash": "43b5550fd20da42069af96c55f849034"}, {"key": "modified", "hash": "34823aeeb891b13b760dddf0727b0576"}, {"key": "naslFamily", "hash": "711d051a7c0db70ca108b804aa5319ac"}, {"key": "pluginID", "hash": "8e2bea13af844006d6c9a239684ef5d2"}, {"key": "published", "hash": "003bae46353e255645499f61bb3f06f2"}, {"key": "references", "hash": "99689e745caa06d0ec9a32963671dcd6"}, {"key": "reporter", "hash": "b7e844243a0b30893b9118e3563e6521"}, {"key": "sourceData", "hash": "33db67a77ed4ab89a54d7c05b1381187"}, {"key": "title", "hash": "15fa3ee607cd450142f8bfb9b557cac7"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "fc596f61f2bb13eed3537f4ff0973d25b37a7895ecae9ba69d4ab04c2fffb5f9", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-1169"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:21546", "SECURITYVULNS:VULN:9712"]}, {"type": "openvas", "idList": ["OPENVAS:800377", "OPENVAS:800380", "OPENVAS:1361412562310800377", "OPENVAS:1361412562310800380", "OPENVAS:1361412562310800378", "OPENVAS:800378", "OPENVAS:800379", "OPENVAS:1361412562310880733", "OPENVAS:63710", "OPENVAS:880930"]}, {"type": "exploitdb", "idList": ["EDB-ID:8285"]}, {"type": "seebug", "idList": ["SSV:4973"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2009-0398.NASL", "REDHAT-RHSA-2009-0397.NASL", "ORACLELINUX_ELSA-2009-0398.NASL", "MANDRIVA_MDVSA-2009-084.NASL", "FEDORA_2009-3100.NASL", "SUSE_11_0_MOZILLAFIREFOX-090407.NASL", "CENTOS_RHSA-2009-0397.NASL", "SUSE_11_1_MOZILLAFIREFOX-090407.NASL", "MOZILLA_FIREFOX_308.NASL", "CENTOS_RHSA-2009-0398.NASL"]}, {"type": "centos", "idList": ["CESA-2009:0398-01", "CESA-2009:0397", "CESA-2009:0398"]}, {"type": "redhat", "idList": ["RHSA-2009:0398", "RHSA-2009:0397"]}, {"type": "suse", "idList": ["SUSE-SA:2009:022", "SUSE-SA:2009:023"]}, {"type": "ubuntu", "idList": ["USN-745-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-0398", "ELSA-2009-0397"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1756-1:9438A"]}, {"type": "gentoo", "idList": ["GLSA-201301-01"]}], "modified": "2019-05-29T18:40:15"}, "score": {"value": 7.5, "vector": "NONE", "modified": "2019-05-29T18:40:15"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_firefox_xsl_parsing_vuln_win.nasl 12629 2018-12-03 15:19:43Z cfischer $\n#\n# Firefox XSL Parsing Vulnerability (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800379\");\n script_version(\"$Revision: 12629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-03 16:19:43 +0100 (Mon, 03 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-08 08:04:29 +0200 (Wed, 08 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1169\");\n script_bugtraq_id(34235);\n script_name(\"Firefox XSL Parsing Vulnerability (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/34471\");\n script_xref(name:\"URL\", value:\"http://www.milw0rm.com/exploits/8285\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2009/Mar/1021941.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-12.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let the attacker cause remote code execution\n through a specially crafted malicious XSL file or can cause application termination at runtime.\");\n\n script_tag(name:\"affected\", value:\"Firefox version 3.0 to 3.0.7 on Windows.\");\n\n script_tag(name:\"insight\", value:\"This flaw is due to improper handling of errors encountered when transforming\n an XML document which can be exploited to cause memory corrpution through a specially crafted XSLT code.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Firefox version 3.0.8.\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla Firefox browser and is prone\n to XSL File Parsing Vulnerability.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(!ffVer){\n exit(0);\n}\n\nif(version_in_range(version:ffVer, test_version:\"3.0\", test_version2:\"3.0.7\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "naslFamily": "Denial of Service", "pluginID": "1361412562310800379", "scheme": null}
{"cve": [{"lastseen": "2019-05-29T18:09:58", "bulletinFamily": "NVD", "description": "The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.\nPer: http://www.securityfocus.com/bid/34235/info\r\n\r\nMozilla Firefox is prone to a remote memory-corruption vulnerability.\r\n\r\nAn attacker can exploit this issue to execute arbitrary code within the context of the affected browser. Failed exploit attempt will result in a denial-of-service condition.", "modified": "2017-09-29T01:34:00", "id": "CVE-2009-1169", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1169", "published": "2009-03-27T00:30:00", "title": "CVE-2009-1169", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-02T21:14:21", "bulletinFamily": "scanner", "description": "The host is installed with Mozilla Firefox browser and is prone\n to XSL File Parsing Vulnerability.", "modified": "2016-12-28T00:00:00", "published": "2009-04-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=800377", "id": "OPENVAS:800377", "title": "Firefox XSL Parsing Vulnerability (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_firefox_xsl_parsing_vuln_lin.nasl 4865 2016-12-28 16:16:43Z teissa $\n#\n# Firefox XSL Parsing Vulnerability (Linux)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let the attacker cause remote code execution\n through a specially crafted malicious XSL file or can cause application\n termination at runtime.\n Impact Level: System/Application\";\ntag_affected = \"Firefox version 3.0 to 3.0.7 on Linux.\";\ntag_insight = \"This flaw is due to improper handling of errors encountered when transforming\n an XML document which can be exploited to cause memory corrpution through a\n specially crafted XSLT code.\";\ntag_solution = \"Upgrade to Firefox version 3.0.8\n http://www.mozilla.com/en-US/firefox/firefox.html\";\ntag_summary = \"The host is installed with Mozilla Firefox browser and is prone\n to XSL File Parsing Vulnerability.\";\n\nif(description)\n{\n script_id(800377);\n script_version(\"$Revision: 4865 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-28 17:16:43 +0100 (Wed, 28 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-08 08:04:29 +0200 (Wed, 08 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1169\");\n script_bugtraq_id(34235);\n script_name(\"Firefox XSL Parsing Vulnerability (Linux)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/34471\");\n script_xref(name : \"URL\" , value : \"http://www.milw0rm.com/exploits/8285\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2009/Mar/1021941.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2009/mfsa2009-12.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_firefox_detect_lin.nasl\");\n script_require_keys(\"Firefox/Linux/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Linux/Ver\");\nif(!ffVer){\n exit(0);\n}\n\n# Grep for firefox version 3.0 to 3.0.7\nif(version_in_range(version:ffVer, test_version:\"3.0\", test_version2:\"3.0.7\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:15", "bulletinFamily": "scanner", "description": "The host is installed with Mozilla Seamnkey and is prone to XSL\n File Parsing Vulnerability.", "modified": "2016-12-29T00:00:00", "published": "2009-04-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=800380", "id": "OPENVAS:800380", "title": "Mozilla Seamonkey XSL Parsing Vulnerability (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_seamonkey_xsl_parsing_vuln_win.nasl 4869 2016-12-29 11:01:45Z teissa $\n#\n# Mozilla Seamonkey XSL Parsing Vulnerability (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let the attacker cause remote code execution\n through a specially crafted malicious XSL file or can cause application\n termination at runtime.\n Impact Level: Application\";\ntag_affected = \"Mozilla Seamonkey version 1.0 to 1.1.15 on Windows.\";\ntag_insight = \"This flaw is due to improper handling of errors encountered when transforming\n an XML document which can be exploited to cause memory corruption through a\n specially crafted XSLT code.\";\ntag_solution = \"Upgrade to Seamonkey version 1.1.16 or later.\n http://www.seamonkey-project.org/releases\";\ntag_summary = \"The host is installed with Mozilla Seamnkey and is prone to XSL\n File Parsing Vulnerability.\";\n\nif(description)\n{\n script_id(800380);\n script_version(\"$Revision: 4869 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-29 12:01:45 +0100 (Thu, 29 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-08 08:04:29 +0200 (Wed, 08 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1169\");\n script_bugtraq_id(34235);\n script_name(\"Mozilla Seamonkey XSL Parsing Vulnerability (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/34471\");\n script_xref(name : \"URL\" , value : \"http://www.milw0rm.com/exploits/8285\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2009/Mar/1021941.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2009/mfsa2009-12.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_seamonkey_detect_win.nasl\");\n script_require_keys(\"Seamonkey/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsmVer = get_kb_item(\"Seamonkey/Win/Ver\");\nif(!smVer){\n exit(0);\n}\n\n# Grep for Mozilla Seamonkey version 1.0 to 1.1.15\nif(version_in_range(version:smVer, test_version:\"1.0\",\n test_version2:\"1.1.15\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:25", "bulletinFamily": "scanner", "description": "The host is installed with Mozilla Firefox browser and is prone\n to XSL File Parsing Vulnerability.", "modified": "2019-04-29T00:00:00", "published": "2009-04-08T00:00:00", "id": "OPENVAS:1361412562310800377", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800377", "title": "Firefox XSL Parsing Vulnerability (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Firefox XSL Parsing Vulnerability (Linux)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800377\");\n script_version(\"2019-04-29T15:08:03+0000\");\n script_tag(name:\"last_modification\", value:\"2019-04-29 15:08:03 +0000 (Mon, 29 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2009-04-08 08:04:29 +0200 (Wed, 08 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1169\");\n script_bugtraq_id(34235);\n script_name(\"Firefox XSL Parsing Vulnerability (Linux)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/34471\");\n script_xref(name:\"URL\", value:\"http://www.milw0rm.com/exploits/8285\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2009/Mar/1021941.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-12.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_firefox_detect_lin.nasl\");\n script_mandatory_keys(\"Firefox/Linux/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will let the attacker cause remote code execution\n through a specially crafted malicious XSL file or can cause application\n termination at runtime.\");\n script_tag(name:\"affected\", value:\"Firefox version 3.0 to 3.0.7 on Linux.\");\n script_tag(name:\"insight\", value:\"This flaw is due to improper handling of errors encountered when transforming\n an XML document which can be exploited to cause memory corrpution through a\n specially crafted XSLT code.\");\n script_tag(name:\"solution\", value:\"Upgrade to Firefox version 3.0.8.\");\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla Firefox browser and is prone\n to XSL File Parsing Vulnerability.\");\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Linux/Ver\");\nif(!ffVer)\n exit(0);\n\nif(version_in_range(version:ffVer, test_version:\"3.0\", test_version2:\"3.0.7\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:40:17", "bulletinFamily": "scanner", "description": "The host is installed with Mozilla Seamnkey and is prone to XSL\n File Parsing Vulnerability.", "modified": "2019-04-29T00:00:00", "published": "2009-04-08T00:00:00", "id": "OPENVAS:1361412562310800378", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800378", "title": "Mozilla Seamonkey XSL Parsing Vulnerability (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Seamonkey XSL Parsing Vulnerability (Linux)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800378\");\n script_version(\"2019-04-29T15:08:03+0000\");\n script_tag(name:\"last_modification\", value:\"2019-04-29 15:08:03 +0000 (Mon, 29 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2009-04-08 08:04:29 +0200 (Wed, 08 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1169\");\n script_bugtraq_id(34235);\n script_name(\"Mozilla Seamonkey XSL Parsing Vulnerability (Linux)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/34471\");\n script_xref(name:\"URL\", value:\"http://www.milw0rm.com/exploits/8285\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2009/Mar/1021941.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-12.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_seamonkey_detect_lin.nasl\");\n script_mandatory_keys(\"Seamonkey/Linux/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will let the attacker cause remote code execution\n through a specially crafted malicious XSL file or can cause application\n termination at runtime.\");\n script_tag(name:\"affected\", value:\"Mozilla Seamonkey version 1.0 to 1.1.15 on Linux.\");\n script_tag(name:\"insight\", value:\"This flaw is due to improper handling of errors encountered when transforming\n an XML document which can be exploited to cause memory corruption through a\n specially crafted XSLT code.\");\n script_tag(name:\"solution\", value:\"Upgrade to Seamonkey version 1.1.16 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla Seamnkey and is prone to XSL\n File Parsing Vulnerability.\");\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nsmVer = get_kb_item(\"Seamonkey/Linux/Ver\");\nif(!smVer)\n exit(0);\n\nif(version_in_range(version:smVer, test_version:\"1.0\",\n test_version2:\"1.1.15\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:14:11", "bulletinFamily": "scanner", "description": "The host is installed with Mozilla Firefox browser and is prone\n to XSL File Parsing Vulnerability.", "modified": "2016-12-28T00:00:00", "published": "2009-04-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=800379", "id": "OPENVAS:800379", "title": "Firefox XSL Parsing Vulnerability (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_firefox_xsl_parsing_vuln_win.nasl 4865 2016-12-28 16:16:43Z teissa $\n#\n# Firefox XSL Parsing Vulnerability (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let the attacker cause remote code execution\n through a specially crafted malicious XSL file or can cause application\n termination at runtime.\n Impact Level: System/Application\";\ntag_affected = \"Firefox version 3.0 to 3.0.7 on Windows.\";\ntag_insight = \"This flaw is due to improper handling of errors encountered when transforming\n an XML document which can be exploited to cause memory corrpution through a\n specially crafted XSLT code.\";\ntag_solution = \"Upgrade to Firefox version 3.0.8\n http://www.mozilla.com/en-US/firefox/firefox.html\";\ntag_summary = \"The host is installed with Mozilla Firefox browser and is prone\n to XSL File Parsing Vulnerability.\";\n\nif(description)\n{\n script_id(800379);\n script_version(\"$Revision: 4865 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-28 17:16:43 +0100 (Wed, 28 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-08 08:04:29 +0200 (Wed, 08 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1169\");\n script_bugtraq_id(34235);\n script_name(\"Firefox XSL Parsing Vulnerability (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/34471\");\n script_xref(name : \"URL\" , value : \"http://www.milw0rm.com/exploits/8285\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2009/Mar/1021941.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2009/mfsa2009-12.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_firefox_detect_win.nasl\");\n script_require_keys(\"Firefox/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(!ffVer){\n exit(0);\n}\n\n# Grep for firefox version 3.0 to 3.0.7\nif(version_in_range(version:ffVer, test_version:\"3.0\", test_version2:\"3.0.7\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:18", "bulletinFamily": "scanner", "description": "The host is installed with Mozilla Seamnkey and is prone to XSL\n File Parsing Vulnerability.", "modified": "2016-12-29T00:00:00", "published": "2009-04-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=800378", "id": "OPENVAS:800378", "title": "Mozilla Seamonkey XSL Parsing Vulnerability (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_seamonkey_xsl_parsing_vuln_lin.nasl 4869 2016-12-29 11:01:45Z teissa $\n#\n# Mozilla Seamonkey XSL Parsing Vulnerability (Linux)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let the attacker cause remote code execution\n through a specially crafted malicious XSL file or can cause application\n termination at runtime.\n Impact Level: Application\";\ntag_affected = \"Mozilla Seamonkey version 1.0 to 1.1.15 on Linux.\";\ntag_insight = \"This flaw is due to improper handling of errors encountered when transforming\n an XML document which can be exploited to cause memory corruption through a\n specially crafted XSLT code.\";\ntag_solution = \"Upgrade to Seamonkey version 1.1.16 or later.\n http://www.seamonkey-project.org/releases\";\ntag_summary = \"The host is installed with Mozilla Seamnkey and is prone to XSL\n File Parsing Vulnerability.\";\n\nif(description)\n{\n script_id(800378);\n script_version(\"$Revision: 4869 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-29 12:01:45 +0100 (Thu, 29 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-08 08:04:29 +0200 (Wed, 08 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1169\");\n script_bugtraq_id(34235);\n script_name(\"Mozilla Seamonkey XSL Parsing Vulnerability (Linux)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/34471\");\n script_xref(name : \"URL\" , value : \"http://www.milw0rm.com/exploits/8285\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2009/Mar/1021941.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2009/mfsa2009-12.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_seamonkey_detect_lin.nasl\");\n script_require_keys(\"Seamonkey/Linux/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsmVer = get_kb_item(\"Seamonkey/Linux/Ver\");\nif(!smVer){\n exit(0);\n}\n\n# Grep for Seamonkey version 1.0 to 1.1.15\nif(version_in_range(version:smVer, test_version:\"1.0\",\n test_version2:\"1.1.15\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:20", "bulletinFamily": "scanner", "description": "The host is installed with Mozilla Seamnkey and is prone to XSL\n File Parsing Vulnerability.", "modified": "2019-04-29T00:00:00", "published": "2009-04-08T00:00:00", "id": "OPENVAS:1361412562310800380", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800380", "title": "Mozilla Seamonkey XSL Parsing Vulnerability (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Seamonkey XSL Parsing Vulnerability (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800380\");\n script_version(\"2019-04-29T15:08:03+0000\");\n script_tag(name:\"last_modification\", value:\"2019-04-29 15:08:03 +0000 (Mon, 29 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2009-04-08 08:04:29 +0200 (Wed, 08 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1169\");\n script_bugtraq_id(34235);\n script_name(\"Mozilla Seamonkey XSL Parsing Vulnerability (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/34471\");\n script_xref(name:\"URL\", value:\"http://www.milw0rm.com/exploits/8285\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2009/Mar/1021941.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-12.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_seamonkey_detect_win.nasl\");\n script_mandatory_keys(\"Seamonkey/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will let the attacker cause remote code execution\n through a specially crafted malicious XSL file or can cause application\n termination at runtime.\");\n script_tag(name:\"affected\", value:\"Mozilla Seamonkey version 1.0 to 1.1.15 on Windows.\");\n script_tag(name:\"insight\", value:\"This flaw is due to improper handling of errors encountered when transforming\n an XML document which can be exploited to cause memory corruption through a\n specially crafted XSLT code.\");\n script_tag(name:\"solution\", value:\"Upgrade to Seamonkey version 1.1.16 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla Seamnkey and is prone to XSL\n File Parsing Vulnerability.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nsmVer = get_kb_item(\"Seamonkey/Win/Ver\");\nif(!smVer)\n exit(0);\n\nif(version_in_range(version:smVer, test_version:\"1.0\",\n test_version2:\"1.1.15\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:39:57", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n MozillaFirefox\n MozillaFirefox-translations\n mozilla-xulrunner190\n mozilla-xulrunner190-gnomevfs\n mozilla-xulrunner190-translations\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065643", "id": "OPENVAS:136141256231065643", "title": "SLES11: Security update for MozillaFirefox", "type": "openvas", "sourceData": "#\n#VID 272bd7f6089e8316b21585826776f472\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for MozillaFirefox\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n MozillaFirefox\n MozillaFirefox-translations\n mozilla-xulrunner190\n mozilla-xulrunner190-gnomevfs\n mozilla-xulrunner190-translations\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=488955\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.65643\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-1044\", \"CVE-2009-1169\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES11: Security update for MozillaFirefox\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.8~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.8~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.8~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.8~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.8~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:57", "bulletinFamily": "scanner", "description": "The remote host is missing an update to firefox\nannounced via advisory FEDORA-2009-3099.", "modified": "2017-07-10T00:00:00", "published": "2009-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63721", "id": "OPENVAS:63721", "title": "Fedora Core 9 FEDORA-2009-3099 (firefox)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_3099.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-3099 (firefox)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nMozilla Firefox is an open source Web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox. A memory corruption flaw was\ndiscovered in the way Firefox handles XML files containing an XSLT transform. A\nremote attacker could use this flaw to crash Firefox or, potentially, execute\narbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was\ndiscovered in the way Firefox handles certain XUL garbage collection events. A\nremote attacker could use this flaw to crash Firefox or, potentially, execute\narbitrary code as the user running Firefox. (CVE-2009-1044)\n\nThis update also provides depending packages rebuilt against new Firefox\nversion. Miro updates to upstream 2.0.3. Provides new features and\nfixes various bugs in 1.2.x series\n\nChangeLog:\n\n* Fri Mar 27 2009 Christopher Aillon - 3.0.8-1\n- Update to 3.0.8\n* Wed Mar 4 2009 Jan Horak - 3.0.7-1\n- Update to 3.0.7\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update firefox' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3099\";\ntag_summary = \"The remote host is missing an update to firefox\nannounced via advisory FEDORA-2009-3099.\";\n\n\n\nif(description)\n{\n script_id(63721);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-06 20:58:11 +0200 (Mon, 06 Apr 2009)\");\n script_cve_id(\"CVE-2009-1169\", \"CVE-2009-1044\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 9 FEDORA-2009-3099 (firefox)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.0.8~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.0.8~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:31", "bulletinFamily": "scanner", "description": "The remote host is missing an update to xulrunner-1.9\nannounced via advisory USN-745-1.", "modified": "2017-12-01T00:00:00", "published": "2009-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63749", "id": "OPENVAS:63749", "title": "Ubuntu USN-745-1 (xulrunner-1.9)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_745_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_745_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-745-1 (xulrunner-1.9)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n firefox 1.5.dfsg+1.5.0.15~prepatch080614l-0ubuntu1\n\nUbuntu 7.10:\n firefox 2.0.0.21~tb.21.308+nobinonly-0ubuntu0.7.10.1\n\nUbuntu 8.04 LTS:\n firefox-3.0 3.0.8+nobinonly-0ubuntu0.8.04.2\n xulrunner-1.9 1.9.0.8+nobinonly-0ubuntu0.8.04.1\n\nUbuntu 8.10:\n abrowser 3.0.8+nobinonly-0ubuntu0.8.10.2\n firefox-3.0 3.0.8+nobinonly-0ubuntu0.8.10.2\n xulrunner-1.9 1.9.0.8+nobinonly-0ubuntu0.8.10.1\n\nAfter a standard system upgrade you need to restart Firefox and any\napplications that use xulrunner, such as Epiphany, to effect the necessary\nchanges.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-745-1\";\n\ntag_insight = \"It was discovered that Firefox did not properly perform XUL garbage\ncollection. If a user were tricked into viewing a malicious website, a\nremote attacker could cause a denial of service or execute arbitrary code\nwith the privileges of the user invoking the program. This issue only\naffected Ubuntu 8.04 LTS and 8.10. (CVE-2009-1044)\n\nA flaw was discovered in the way Firefox performed XSLT transformations.\nIf a user were tricked into opening a crafted XSL stylesheet, an attacker\ncould cause a denial of service or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2009-1169)\";\ntag_summary = \"The remote host is missing an update to xulrunner-1.9\nannounced via advisory USN-745-1.\";\n\n \n\n\nif(description)\n{\n script_id(63749);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-06 20:58:11 +0200 (Mon, 06 Apr 2009)\");\n script_cve_id(\"CVE-2009-1044\", \"CVE-2009-1169\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-745-1 (xulrunner-1.9)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-745-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"1.5.dfsg+1.5.0.15~prepatch080614l-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox-dev\", ver:\"1.5.dfsg+1.5.0.15~prepatch080614l-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"1.5.dfsg+1.5.0.15~prepatch080614l-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"1.5.dfsg+1.5.0.15~prepatch080614l-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"1.5.dfsg+1.5.0.15~prepatch080614l-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox\", ver:\"1.5.dfsg+1.5.0.15~prepatch080614l-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr-dev\", ver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080614l-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4\", ver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080614l-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss-dev\", ver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080614l-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080614l-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"1.5.dfsg+1.5.0.15~prepatch080614l-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"2.0.0.21~tb.21.308+nobinonly-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"2.0.0.21~tb.21.308+nobinonly-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"2.0.0.21~tb.21.308+nobinonly-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"2.0.0.21~tb.21.308+nobinonly-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"2.0.0.21~tb.21.308+nobinonly-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox\", ver:\"2.0.0.21~tb.21.308+nobinonly-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"3.0.8+nobinonly-0ubuntu0.8.04.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"3.0.8+nobinonly-0ubuntu0.8.04.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dev\", ver:\"3.0.8+nobinonly-0ubuntu0.8.04.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dev\", ver:\"3.0.8+nobinonly-0ubuntu0.8.04.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0.8+nobinonly-0ubuntu0.8.04.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dom-inspector\", ver:\"3.0.8+nobinonly-0ubuntu0.8.04.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-venkman\", ver:\"3.0.8+nobinonly-0ubuntu0.8.04.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"3.0.8+nobinonly-0ubuntu0.8.04.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dom-inspector\", ver:\"3.0.8+nobinonly-0ubuntu0.8.04.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-gnome-support\", ver:\"3.0.8+nobinonly-0ubuntu0.8.04.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso\", ver:\"3.0.8+nobinonly-0ubuntu0.8.04.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"3.0.8+nobinonly-0ubuntu0.8.04.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dom-inspector\", ver:\"3.0.8+nobinonly-0ubuntu0.8.04.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-gnome-support\", ver:\"3.0.8+nobinonly-0ubuntu0.8.04.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-venkman\", ver:\"3.0.8+nobinonly-0ubuntu0.8.04.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk\", ver:\"3.0.8+nobinonly-0ubuntu0.8.04.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dom-inspector\", ver:\"1.9.0.8+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-venkman\", ver:\"1.9.0.8+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dev\", ver:\"3.0.8+nobinonly-0ubuntu0.8.04.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-gnome-support\", ver:\"3.0.8+nobinonly-0ubuntu0.8.04.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0\", ver:\"3.0.8+nobinonly-0ubuntu0.8.04.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dev\", ver:\"1.9.0.8+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-gnome-support\", ver:\"1.9.0.8+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9\", ver:\"1.9.0.8+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abrowser\", ver:\"3.0.8+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"3.0.8+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"3.0.8+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dev\", ver:\"3.0.8+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dev\", ver:\"3.0.8+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox\", ver:\"3.0.8+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dom-inspector\", ver:\"3.0.8+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-venkman\", ver:\"3.0.8+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"3.0.8+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-dom-inspector\", ver:\"3.0.8+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso-gnome-support\", ver:\"3.0.8+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-granparadiso\", ver:\"3.0.8+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"3.0.8+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-dom-inspector\", ver:\"3.0.8+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-gnome-support\", ver:\"3.0.8+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk-venkman\", ver:\"3.0.8+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-trunk\", ver:\"3.0.8+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dom-inspector\", ver:\"1.9.0.8+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-venkman\", ver:\"1.9.0.8+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abrowser-3.0-branding\", ver:\"3.0.8+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-branding\", ver:\"3.0.8+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-dev\", ver:\"3.0.8+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0-gnome-support\", ver:\"3.0.8+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-3.0\", ver:\"3.0.8+nobinonly-0ubuntu0.8.10.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-dev\", ver:\"1.9.0.8+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9-gnome-support\", ver:\"1.9.0.8+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-1.9\", ver:\"1.9.0.8+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"1.9.0.8+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:29", "bulletinFamily": "software", "description": "Mozilla Foundation Security Advisory 2009-12\r\n\r\nTitle: XSL Transformation vulnerability\r\nImpact: Critical\r\nAnnounced: March 27, 2009\r\nReporter: Guido Landi, Andre, Michael Rooney, Martin\r\nProducts: Firefox, SeaMonkey\r\n\r\nFixed in: Firefox 3.0.8\r\n SeaMonkey 1.1.16\r\nDescription\r\n\r\nSecurity researcher Guido Landi discovered that a XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim's computer.\r\n\r\nThis vulnerability was also previously reported as a stability problem by Ubuntu community member, Andre. Ubuntu community member Michael Rooney reported Andre's findings to Mozilla, and Mozilla community member Martin helped reduce Andre's original testcase and contributed a patch to fix the vulnerability.\r\nReferences\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=485217\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=460090\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=485286\r\n * CVE-2009-1169\r\n", "modified": "2009-04-01T00:00:00", "published": "2009-04-01T00:00:00", "id": "SECURITYVULNS:DOC:21546", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21546", "title": "Mozilla Foundation Security Advisory 2009-12", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:32", "bulletinFamily": "software", "description": "Crossite XML access, multiple memory corruptions.", "modified": "2009-04-01T00:00:00", "published": "2009-04-01T00:00:00", "id": "SECURITYVULNS:VULN:9712", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9712", "title": "Mozilla Firefox / Seamonkey / Thunderbird multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:55:26", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 34235\r\nCVE(CAN) ID: CVE-2009-1169\r\n\r\nFirefox\u662f\u4e00\u6b3e\u975e\u5e38\u6d41\u884c\u7684\u5f00\u653e\u6e90\u7801WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nFirefox\u5728\u8f6c\u6362XML\u6587\u6863\u65f6\u6ca1\u6709\u6b63\u786e\u5730\u5904\u7406\u51fa\u9519\u60c5\u51b5\uff0c\u7279\u5236\u7684XSLT\u4ee3\u7801\u53ef\u80fd\u5bfc\u81f4\u5c06\u4e34\u65f6\u7684\u88ab\u7834\u574f\u6808\u53d8\u91cf\u5904\u7406\u4e3a\u8bc4\u4f30\u4e0a\u4e0b\u6587\u5bf9\u8c61\u3002\u6f0f\u6d1e\u7684\u8d77\u56e0\u662f evalContext\u662f\u6808\u5206\u914d\u7684\uff0c\u4f46\u5728\u5931\u8d25\u7684\u60c5\u51b5\u4e0b\u4ecd\u88abtxExecutionState\u5bf9\u8c61\u5f15\u7528\uff0c\u8be5\u5bf9\u8c61\u7684\u91ca\u653e\u5668\u4e4b\u540e\u53c8\u8bd5\u56fe\u5220\u9664 evalContext\u3002\u6210\u529f\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u7684\u653b\u51fb\u8005\u53ef\u80fd\u5bfc\u81f4\u6d4f\u89c8\u5668\u5d29\u6e83\u6216\u5728\u7528\u6237\u673a\u5668\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nMozilla Firefox < 3.0.8\r\nMozilla SeaMonkey < 1.1.16\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nDebian\r\n------\r\nDebian\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08DSA-1756-1\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nDSA-1756-1\uff1aNew xulrunner packages fix multiple vulnerabilities\r\n\u94fe\u63a5\uff1a<a href=http://www.debian.org/security/2009/dsa-1756 target=_blank rel=external nofollow>http://www.debian.org/security/2009/dsa-1756</a>\r\n\r\n\u8865\u4e01\u4e0b\u8f7d\uff1a\r\n\r\nSource archives:\r\n\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny2.dsc target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny2.dsc</a>\r\nSize/MD5 checksum: 1777 be107e8cce28d09395d6c2b0e2880e0b\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7.orig.tar.gz target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7.orig.tar.gz</a>\r\nSize/MD5 checksum: 43683292 f49b66c10e021debdfd9cd3705847d9b\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny2.diff.gz target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny2.diff.gz</a>\r\nSize/MD5 checksum: 115665 4886b961a24c13d9017e8f261b7a4ad4\r\n\r\nArchitecture independent packages:\r\n\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.7-0lenny2_all.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.7-0lenny2_all.deb</a>\r\nSize/MD5 checksum: 1480030 c12b4d6d534c0f12ec8e19760ca52a9b\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_amd64.deb</a>\r\nSize/MD5 checksum: 69048 cbcfc3f9addacdd2a6641980876910f1\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_amd64.deb</a>\r\nSize/MD5 checksum: 7725982 c5075bc0634cb5b2cfc8b64649f9511e\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_amd64.deb</a>\r\nSize/MD5 checksum: 3587626 1ce3de601c764c9bfb0c3998566f2baa\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_amd64.deb</a>\r\nSize/MD5 checksum: 887434 d373f8ed294bc6184a188bc820e04d6b\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_amd64.deb</a>\r\nSize/MD5 checksum: 220394 8ac87390e12115281d335b8773fb5733\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_amd64.deb</a>\r\nSize/MD5 checksum: 152152 76761d21f53d017af1ff349e528664ea\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_amd64.deb</a>\r\nSize/MD5 checksum: 372048 ba88e43241ab33621169f2e352bdf634\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_amd64.deb</a>\r\nSize/MD5 checksum: 50084206 d44a3028e5049f2b8051a5f6ed632fe6\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_amd64.deb</a>\r\nSize/MD5 checksum: 100434 d20e7c595e15ca0831d62d13d19c9d25\r\n\r\narm architecture (ARM)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_arm.deb</a>\r\nSize/MD5 checksum: 814182 2fe30b4c614a8dad20d6daa5e8156193\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_arm.deb</a>\r\nSize/MD5 checksum: 83324 b2b5e1e0850ceb17bf60471435a751f8\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_arm.deb</a>\r\nSize/MD5 checksum: 6786494 017302b5a56bdd55d3d1ffe18bd61832\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_arm.deb</a>\r\nSize/MD5 checksum: 49032638 2343b97ac1a895a00c65d7c7d4854bf3\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_arm.deb</a>\r\nSize/MD5 checksum: 67078 5891e17e7a7abe4b9b3ff3b06d1c5bf8\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_arm.deb</a>\r\nSize/MD5 checksum: 348306 7cacc5c36e3139afa7e93cce23e55bdc\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_arm.deb</a>\r\nSize/MD5 checksum: 141074 ddfcdb101f24b626caede43f36667ebb\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_arm.deb</a>\r\nSize/MD5 checksum: 222552 099c35e0a9fc845e12d97e05dc5cefbe\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_arm.deb</a>\r\nSize/MD5 checksum: 3577622 a45883aa5a860e9ceaccd1507b1e2b4d\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_hppa.deb</a>\r\nSize/MD5 checksum: 106132 b21e7b60ef507b75d4e75cecf01507b4\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_hppa.deb</a>\r\nSize/MD5 checksum: 409632 8ad83b2450a8224287708d08fb0e3349\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_hppa.deb</a>\r\nSize/MD5 checksum: 222406 cc644de6ffb2987c4d3290760d851c3f\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_hppa.deb</a>\r\nSize/MD5 checksum: 50959494 30e6201361ab450cce9c1ae5767b7d00\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_hppa.deb</a>\r\nSize/MD5 checksum: 900224 98b504ea16f93598810cff8dd753c7cc\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_hppa.deb</a>\r\nSize/MD5 checksum: 3625060 bb06476c2dfef959c573a67f910f500a\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_hppa.deb</a>\r\nSize/MD5 checksum: 71008 d61063712c37cfde51b3944f1dbd311f\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_hppa.deb</a>\r\nSize/MD5 checksum: 157864 c9b9587d5b0582b35a1ccff76445f13f\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_hppa.deb</a>\r\nSize/MD5 checksum: 9487824 ebcb840996d1d69d6836e6d1aec2f81d\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_i386.deb</a>\r\nSize/MD5 checksum: 6581370 480961b3e126e36c1d4087df2c2fb6d9\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_i386.deb</a>\r\nSize/MD5 checksum: 141498 729642753ad2a51d17983b3583f740b6\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_i386.deb</a>\r\nSize/MD5 checksum: 3572938 f0bf3224b2c681417ba6dd8dcac5f96d\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_i386.deb</a>\r\nSize/MD5 checksum: 846308 06e3b0690f2f3a868375f4d58a7b8614\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_i386.deb</a>\r\nSize/MD5 checksum: 348812 acc2f219abb68286432720315861ed53\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_i386.deb</a>\r\nSize/MD5 checksum: 82002 77b4ffe73322bf5ead4bc24ee3fc76d2\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_i386.deb</a>\r\nSize/MD5 checksum: 222556 85fee1ce9133cb7ab9ce99f62b70e447\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_i386.deb</a>\r\nSize/MD5 checksum: 67810 0eb6b02984351fa3bf02640d7ff1d4e6\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_i386.deb</a>\r\nSize/MD5 checksum: 49248242 64fb21f6c3a2411743222fc26e304b76\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_ia64.deb</a>\r\nSize/MD5 checksum: 49419026 7cb040fbbef113cd5c8a1c5c443df6fd\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_ia64.deb</a>\r\nSize/MD5 checksum: 179458 82249a7cb150fce22af5f5681d3164fe\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_ia64.deb</a>\r\nSize/MD5 checksum: 11270206 be3c0b80f22210fa2a53236cbde9ceb9\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_ia64.deb</a>\r\nSize/MD5 checksum: 538492 e75c766e0666c1604805f8c4c97cc256\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_ia64.deb</a>\r\nSize/MD5 checksum: 75446 94f2c55150101f7a5811c9429364bd1b\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_ia64.deb</a>\r\nSize/MD5 checksum: 222198 62ba8960b8326d21523dc7c76cc1f9d8\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_ia64.deb</a>\r\nSize/MD5 checksum: 808982 3038817adea449b7715164cad73a5f16\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_ia64.deb</a>\r\nSize/MD5 checksum: 3391518 26decf00e4fb05e3dbfc61c9dd933f5b\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_ia64.deb</a>\r\nSize/MD5 checksum: 120932 e3af6d0b86f8d21a9fbb43986a5c79b3\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_mips.deb</a>\r\nSize/MD5 checksum: 914808 749779b5620ceffb2845ac170699a866\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_mips.deb</a>\r\nSize/MD5 checksum: 221900 63c93f91cf4ee34e307bd06c5675c460\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_mips.deb</a>\r\nSize/MD5 checksum: 377372 1c527a4b63e3eb729124f54764261310\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_mips.deb</a>\r\nSize/MD5 checksum: 51596012 c6b8d6fed635039a75e553a59164b0de\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_mips.deb</a>\r\nSize/MD5 checksum: 7652050 4464324acfeaf2019722f4bddc980a64\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_mips.deb</a>\r\nSize/MD5 checksum: 144160 3217dab8582a83c2e8db5ed0a2894c9a\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_mips.deb</a>\r\nSize/MD5 checksum: 69328 7d17be8a925e42469ce3d46009eb0437\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_mips.deb</a>\r\nSize/MD5 checksum: 3607854 683f1204c14aa14f72927e2babf2afc2\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_mips.deb</a>\r\nSize/MD5 checksum: 96506 95148e457d3a554935ae2771553378d8\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_mipsel.deb</a>\r\nSize/MD5 checksum: 896502 7293da4f42af7c5faadaff3d00e024ad\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_mipsel.deb</a>\r\nSize/MD5 checksum: 222202 8ab7c65e1b6e67481b885951bf7b06ee\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_mipsel.deb</a>\r\nSize/MD5 checksum: 96170 02b28ff5c4af5b3c5ab241e6ada57895\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_mipsel.deb</a>\r\nSize/MD5 checksum: 144424 34f4f9236099f217f309dd3404cd32fc\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_mipsel.deb</a>\r\nSize/MD5 checksum: 375064 c324513cb22e6bf942308fec5d6ffc44\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_mipsel.deb</a>\r\nSize/MD5 checksum: 3303026 c9f09e3ac15cea9522e16d7606832417\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_mipsel.deb</a>\r\nSize/MD5 checksum: 7359744 20955f26918492c6060f5196608cecca\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_mipsel.deb</a>\r\nSize/MD5 checksum: 68948 e564d5ad298fa7f2eb43c3d142421b23\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_mipsel.deb</a>\r\nSize/MD5 checksum: 49718170 f305c87d9f9f0a4bb25c782fbca0e553\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_powerpc.deb</a>\r\nSize/MD5 checksum: 51145940 d4450ede3188d085537b34912a130fc8\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_powerpc.deb</a>\r\nSize/MD5 checksum: 222214 a193661cfee9a9baf937e51fa8927852\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_powerpc.deb</a>\r\nSize/MD5 checksum: 7259520 7a5a2eb42cf43a3859c886f6604e7bb0\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_powerpc.deb</a>\r\nSize/MD5 checksum: 94176 0f27b080d4ef6e907e97926d9bde09d8\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_powerpc.deb</a>\r\nSize/MD5 checksum: 151634 eb3b55bb033dd21e3a395b5455fed3a3\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_powerpc.deb</a>\r\nSize/MD5 checksum: 72114 856bcc9a079008a00f502c037f7e075b\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_powerpc.deb</a>\r\nSize/MD5 checksum: 3278706 141fbb356a9b0ee7ddee52b32b250021\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_powerpc.deb</a>\r\nSize/MD5 checksum: 359602 e678dd18f6fac0aad286a5d455e6d84f\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_powerpc.deb</a>\r\nSize/MD5 checksum: 885062 6682354b8d0e8f25e6897bcfee801579\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_s390.deb</a>\r\nSize/MD5 checksum: 50926930 5066e277c6bb2f1435cd92ba4c09dc8f\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_s390.deb</a>\r\nSize/MD5 checksum: 222190 c62253da00b92ab339f524ef6d525767\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_s390.deb</a>\r\nSize/MD5 checksum: 404064 4f0c71caf3242ca9f1878ac6df71b414\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_s390.deb</a>\r\nSize/MD5 checksum: 104972 ecefd67cf04623d0bd9deb66645ece52\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_s390.deb</a>\r\nSize/MD5 checksum: 155536 33869ff68336fde0594bb45661f85c03\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_s390.deb</a>\r\nSize/MD5 checksum: 3300930 9cf7bde0ab1e0c507566a88fd2a6562f\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_s390.deb</a>\r\nSize/MD5 checksum: 906248 a03086436351f5085905acd1d4084f40\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_s390.deb</a>\r\nSize/MD5 checksum: 8371150 b731e930186033123c928eeb52c186ba\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_s390.deb</a>\r\nSize/MD5 checksum: 71936 426ddd3166525fdf235448bddcba413b\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_sparc.deb</a>\r\nSize/MD5 checksum: 68258 8c14ad467b7a590f0262ad0636b7a90b\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_sparc.deb</a>\r\nSize/MD5 checksum: 87020 d7241f5f6ae1a92e9bfe819955c42b88\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_sparc.deb</a>\r\nSize/MD5 checksum: 3571244 a50b84de8fe3f268e33882b5b325945d\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_sparc.deb</a>\r\nSize/MD5 checksum: 817342 554bd07b8f90071d36ac57c01c24b6a9\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_sparc.deb</a>\r\nSize/MD5 checksum: 220812 1edcd284a1520e8fdfdf68f015dd2211\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_sparc.deb</a>\r\nSize/MD5 checksum: 7152698 d33c5b929d5d98a02f0ce021b5bb1531\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_sparc.deb</a>\r\nSize/MD5 checksum: 346378 e617288c62da4165ed5230adbc9d7890\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_sparc.deb</a>\r\nSize/MD5 checksum: 141340 606be0ab05095515bbb3070d7543e1ca\r\n<a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_sparc.deb</a>\r\nSize/MD5 checksum: 49112986 1c799dc5e9059379adadf2380bf5d0e2\r\n\r\n\u8865\u4e01\u5b89\u88c5\u65b9\u6cd5\uff1a\r\n\r\n1. \u624b\u5de5\u5b89\u88c5\u8865\u4e01\u5305\uff1a\r\n\r\n \u9996\u5148\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u4e0b\u8f7d\u8865\u4e01\u8f6f\u4ef6\uff1a\r\n # wget url (url\u662f\u8865\u4e01\u4e0b\u8f7d\u94fe\u63a5\u5730\u5740)\r\n\r\n \u7136\u540e\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u5b89\u88c5\u8865\u4e01\uff1a \r\n # dpkg -i file.deb (file\u662f\u76f8\u5e94\u7684\u8865\u4e01\u540d)\r\n\r\n2. \u4f7f\u7528apt-get\u81ea\u52a8\u5b89\u88c5\u8865\u4e01\u5305\uff1a\r\n\r\n \u9996\u5148\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u66f4\u65b0\u5185\u90e8\u6570\u636e\u5e93\uff1a\r\n # apt-get update\r\n \r\n \u7136\u540e\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u5b89\u88c5\u66f4\u65b0\u8f6f\u4ef6\u5305\uff1a\r\n # apt-get upgrade\r\n\r\nMozilla\r\n-------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.mozilla.org/ target=_blank rel=external nofollow>http://www.mozilla.org/</a>\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2009:0397-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2009:0397-01\uff1aCritical: firefox security update\r\n\u94fe\u63a5\uff1a<a href=https://www.redhat.com/support/errata/RHSA-2009-0397.html target=_blank rel=external nofollow>https://www.redhat.com/support/errata/RHSA-2009-0397.html</a>", "modified": "2009-04-01T00:00:00", "published": "2009-04-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4973", "id": "SSV:4973", "title": "Firefox XSL\u89e3\u6790root XML\u6807\u7b7e\u5185\u5b58\u7834\u574f\u6f0f\u6d1e", "type": "seebug", "sourceData": "\n http://sebug.net/exploit/6050/\n ", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-4973"}], "exploitdb": [{"lastseen": "2016-02-01T05:10:06", "bulletinFamily": "exploit", "description": "Mozilla Firefox XSL Parsing Remote Memory Corruption PoC 0day. CVE-2009-1169. Dos exploits for multiple platform", "modified": "2009-03-25T00:00:00", "published": "2009-03-25T00:00:00", "id": "EDB-ID:8285", "href": "https://www.exploit-db.com/exploits/8285/", "type": "exploitdb", "title": "Mozilla Firefox XSL - Parsing Remote Memory Corruption PoC 0day", "sourceData": "// firefox XSL parsing remote memory corruption poc\r\n\r\n// k`sOSe - works both in windows and linux\r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/8285.tar.gz (2009-ffox-poc.tar.gz)\r\n\r\n# milw0rm.com [2009-03-25]\r\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/8285/"}], "centos": [{"lastseen": "2019-05-29T18:34:54", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2009:0398-01\n\n\nSeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nA memory corruption flaw was discovered in the way SeaMonkey handles XML\nfiles containing an XSLT transform. A remote attacker could use this flaw\nto crash SeaMonkey or, potentially, execute arbitrary code as the user\nrunning SeaMonkey. (CVE-2009-1169)\n\nA flaw was discovered in the way SeaMonkey handles certain XUL garbage\ncollection events. A remote attacker could use this flaw to crash SeaMonkey\nor, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2009-1044)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-March/015710.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "modified": "2009-03-30T23:53:22", "published": "2009-03-30T23:53:22", "href": "http://lists.centos.org/pipermail/centos-announce/2009-March/015710.html", "id": "CESA-2009:0398-01", "title": "seamonkey security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:51", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2009:0397\n\n\nMozilla Firefox is an open source Web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nA memory corruption flaw was discovered in the way Firefox handles XML\nfiles containing an XSLT transform. A remote attacker could use this flaw\nto crash Firefox or, potentially, execute arbitrary code as the user\nrunning Firefox. (CVE-2009-1169)\n\nA flaw was discovered in the way Firefox handles certain XUL garbage\ncollection events. A remote attacker could use this flaw to crash Firefox\nor, potentially, execute arbitrary code as the user running Firefox.\n(CVE-2009-1044)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories. You can find a link to the Mozilla advisories in the References\nsection of this errata.\n\nFirefox users should upgrade to these updated packages, which resolve these\nissues. For Red Hat Enterprise Linux 4, they contain backported patches to\nthe firefox package. For Red Hat Enterprise Linux 5, they contain\nbackported patches to the xulrunner packages. After installing the update,\nFirefox must be restarted for the changes to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/015756.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/015757.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/015820.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/015821.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\nxulrunner-devel-unstable\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-0397.html", "modified": "2009-04-21T10:09:59", "published": "2009-04-09T18:48:16", "href": "http://lists.centos.org/pipermail/centos-announce/2009-April/015756.html", "id": "CESA-2009:0397", "title": "firefox, xulrunner security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:31", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2009:0398\n\n\nSeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nA memory corruption flaw was discovered in the way SeaMonkey handles XML\nfiles containing an XSLT transform. A remote attacker could use this flaw\nto crash SeaMonkey or, potentially, execute arbitrary code as the user\nrunning SeaMonkey. (CVE-2009-1169)\n\nA flaw was discovered in the way SeaMonkey handles certain XUL garbage\ncollection events. A remote attacker could use this flaw to crash SeaMonkey\nor, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2009-1044)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-March/015706.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-March/015707.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-March/015708.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-March/015709.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-0398.html", "modified": "2009-03-29T09:03:21", "published": "2009-03-28T15:45:12", "href": "http://lists.centos.org/pipermail/centos-announce/2009-March/015706.html", "id": "CESA-2009:0398", "title": "seamonkey security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-02-21T01:11:48", "bulletinFamily": "scanner", "description": "A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "FEDORA_2009-3100.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=37824", "published": "2009-04-23T00:00:00", "title": "Fedora 10 : Miro-2.0.3-2.fc10 / blam-1.8.5-8.fc10 / devhelp-0.22-6.fc10 / epiphany-2.24.3-4.fc10 / etc (2009-3100)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-3100.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(37824);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2018/11/28 22:47:43\");\n\n script_cve_id(\"CVE-2009-1044\", \"CVE-2009-1169\");\n script_bugtraq_id(34181, 34235);\n script_xref(name:\"FEDORA\", value:\"2009-3100\");\n\n script_name(english:\"Fedora 10 : Miro-2.0.3-2.fc10 / blam-1.8.5-8.fc10 / devhelp-0.22-6.fc10 / epiphany-2.24.3-4.fc10 / etc (2009-3100)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A memory corruption flaw was discovered in the way Firefox handles XML\nfiles containing an XSLT transform. A remote attacker could use this\nflaw to crash Firefox or, potentially, execute arbitrary code as the\nuser running Firefox. (CVE-2009-1169) A flaw was discovered in the way\nFirefox handles certain XUL garbage collection events. A remote\nattacker could use this flaw to crash Firefox or, potentially, execute\narbitrary code as the user running Firefox. (CVE-2009-1044)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021834.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e27367e\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021835.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3c2e4e00\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021836.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ead787e6\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021837.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?82fb14d4\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021838.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0a8ab71\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021839.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b8b93ce0\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021840.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?527bdd4d\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021841.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?317c4055\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021842.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?39045ac3\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021843.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?042bfeb9\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021844.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1b6b5508\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021845.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ac5c0a7c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021846.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5be312ab\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021847.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c03fa684\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021848.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?49be5a5b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021849.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d73b1b01\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021850.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef8d768d\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021851.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?388377f6\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021852.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?288b32e8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:Miro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:blam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:evolution-rss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gecko-sharp2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-web-photo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:google-gadgets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kazehakase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mugshot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pcmanx-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-gnome2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"Miro-2.0.3-2.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"blam-1.8.5-8.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"devhelp-0.22-6.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"epiphany-2.24.3-4.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"epiphany-extensions-2.24.0-6.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"evolution-rss-0.1.2-6.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"firefox-3.0.8-1.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"galeon-2.0.7-8.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"gecko-sharp2-0.13-6.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"gnome-python2-extras-2.19.1-28.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"gnome-web-photo-0.3-16.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"google-gadgets-0.10.5-4.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"kazehakase-0.5.6-1.fc10.5\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"mozvoikko-0.9.5-8.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"mugshot-1.2.2-7.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"pcmanx-gtk2-0.3.8-7.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"ruby-gnome2-0.18.1-5.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"xulrunner-1.9.0.8-1.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"yelp-2.24.0-7.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Miro / blam / devhelp / epiphany / epiphany-extensions / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:34", "bulletinFamily": "scanner", "description": "Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.\n\nA memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169)\n\nA flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044)\n\nFor technical details regarding these flaws, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this errata.\n\nFirefox users should upgrade to these updated packages, which resolve these issues. For Red Hat Enterprise Linux 4, they contain backported patches to the firefox package. For Red Hat Enterprise Linux 5, they contain backported patches to the xulrunner packages. After installing the update, Firefox must be restarted for the changes to take effect.", "modified": "2018-12-20T00:00:00", "id": "REDHAT-RHSA-2009-0397.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=36043", "published": "2009-03-30T00:00:00", "title": "RHEL 4 / 5 : firefox (RHSA-2009:0397)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0397. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36043);\n script_version (\"1.24\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2009-1044\", \"CVE-2009-1169\");\n script_xref(name:\"RHSA\", value:\"2009:0397\");\n\n script_name(english:\"RHEL 4 / 5 : firefox (RHSA-2009:0397)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nA memory corruption flaw was discovered in the way Firefox handles XML\nfiles containing an XSLT transform. A remote attacker could use this\nflaw to crash Firefox or, potentially, execute arbitrary code as the\nuser running Firefox. (CVE-2009-1169)\n\nA flaw was discovered in the way Firefox handles certain XUL garbage\ncollection events. A remote attacker could use this flaw to crash\nFirefox or, potentially, execute arbitrary code as the user running\nFirefox. (CVE-2009-1044)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories. You can find a link to the Mozilla advisories in\nthe References section of this errata.\n\nFirefox users should upgrade to these updated packages, which resolve\nthese issues. For Red Hat Enterprise Linux 4, they contain backported\npatches to the firefox package. For Red Hat Enterprise Linux 5, they\ncontain backported patches to the xulrunner packages. After installing\nthe update, Firefox must be restarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1169\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d7d74da4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0397\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel-unstable\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0397\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"firefox-3.0.7-3.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-1.9.0.7-3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-devel-1.9.0.7-3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xulrunner-devel-unstable-1.9.0.7-3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xulrunner-devel-unstable-1.9.0.7-3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xulrunner-devel-unstable-1.9.0.7-3.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner / xulrunner-devel / xulrunner-devel-unstable\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:44", "bulletinFamily": "scanner", "description": "Security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Firefox 3.x, version 3.0.8 (CVE-2009-1044, CVE-2009-1169).\n\nThis update provides the latest Mozilla Firefox 3.x to correct these issues.\n\nAdditionally, some packages requiring it have also been rebuilt and are being provided as updates.", "modified": "2018-11-15T00:00:00", "id": "MANDRIVA_MDVSA-2009-084.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=37253", "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : firefox (MDVSA-2009:084)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:084. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(37253);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2018/11/15 20:50:22\");\n\n script_cve_id(\"CVE-2009-1044\", \"CVE-2009-1169\");\n script_xref(name:\"MDVSA\", value:\"2009:084\");\n\n script_name(english:\"Mandriva Linux Security Advisory : firefox (MDVSA-2009:084)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security vulnerabilities have been discovered in previous versions,\nand corrected in the latest Mozilla Firefox 3.x, version 3.0.8\n(CVE-2009-1044, CVE-2009-1169).\n\nThis update provides the latest Mozilla Firefox 3.x to correct these\nissues.\n\nAdditionally, some packages requiring it have also been rebuilt and\nare being provided as updates.\"\n );\n # https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/#firefox3.0.8\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?35ccd181\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-crawl-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-evolution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-gui-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:devhelp-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:epiphany-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-en_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_AR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-beagle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ga_IE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-gu_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nb_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nn_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-oc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pa_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pt_PT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sv_SE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-theme-kde4ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gda\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gda-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gksu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkhtml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkmozembed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64devhelp-1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64devhelp-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gluezilla0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xulrunner-unstable-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xulrunner1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdevhelp-1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdevhelp-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgluezilla0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxulrunner-unstable-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxulrunner1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ext-blogrovr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ext-foxmarks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-firefox-ext-scribefire\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-beagle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:totem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:totem-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:totem-gstreamer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:totem-mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:totem-mozilla-gstreamer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.1\", reference:\"devhelp-0.19-3.10mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"devhelp-plugins-0.19-3.10mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"epiphany-2.22.3-0.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"epiphany-devel-2.22.3-0.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-af-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-ar-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-be-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-bg-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-bn-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-ca-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-cs-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-cy-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-da-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-de-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-el-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-en_GB-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-eo-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-es_AR-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-es_ES-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-et-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-eu-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-fi-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-fr-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-fy-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-ga_IE-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-gl-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-gu_IN-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-he-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-hi-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-hu-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-id-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-is-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-it-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-ja-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-ka-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-kn-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-ko-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-ku-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-lt-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-lv-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-mk-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-mn-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-mr-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-nb_NO-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-nl-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-nn_NO-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-oc-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-pa_IN-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-pl-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-pt_BR-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-pt_PT-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-ro-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-ru-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-si-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-sk-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-sl-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-sq-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-sr-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-sv_SE-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-te-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-th-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-tr-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-uk-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-zh_CN-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"firefox-zh_TW-3.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"galeon-2.0.7-0.4mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"gnome-python-extras-2.19.1-10.10mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"gnome-python-gda-2.19.1-10.10mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"gnome-python-gda-devel-2.19.1-10.10mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"gnome-python-gdl-2.19.1-10.10mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"gnome-python-gksu-2.19.1-10.10mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"gnome-python-gtkhtml2-2.19.1-10.10mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"gnome-python-gtkmozembed-2.19.1-10.10mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"gnome-python-gtkspell-2.19.1-10.10mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64devhelp-1-devel-0.19-3.10mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64devhelp-1_0-0.19-3.10mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64gluezilla0-1.2.6.1-2.10mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64xulrunner-devel-1.9.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64xulrunner-unstable-devel-1.9.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64xulrunner1.9-1.9.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libdevhelp-1-devel-0.19-3.10mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libdevhelp-1_0-0.19-3.10mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libgluezilla0-1.2.6.1-2.10mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libxulrunner-devel-1.9.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libxulrunner-unstable-devel-1.9.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libxulrunner1.9-1.9.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-ext-blogrovr-1.1.779-2.8mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-ext-foxmarks-2.0.47.4-2.8mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-firefox-ext-scribefire-2.2.7-2.8mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"totem-2.22.0-4.10mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"totem-common-2.22.0-4.10mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"totem-gstreamer-2.22.0-4.10mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"totem-mozilla-2.22.0-4.10mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"totem-mozilla-gstreamer-2.22.0-4.10mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"xulrunner-1.9.0.8-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"yelp-2.22.1-0.4mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-0.3.8-13.9mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-crawl-system-0.3.8-13.9mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-doc-0.3.8-13.9mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-epiphany-0.3.8-13.9mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-evolution-0.3.8-13.9mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-gui-0.3.8-13.9mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-gui-qt-0.3.8-13.9mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-libs-0.3.8-13.9mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"devhelp-0.21-3.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"devhelp-plugins-0.21-3.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"epiphany-2.24.0.1-3.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"epiphany-devel-2.24.0.1-3.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-af-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ar-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-be-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-bg-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-bn-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ca-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-cs-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-cy-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-da-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-de-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-el-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-en_GB-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-eo-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-es_AR-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-es_ES-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-et-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-eu-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ext-beagle-0.3.8-13.9mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ext-mozvoikko-0.9.5-4.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-fi-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-fr-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-fy-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ga_IE-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-gl-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-gu_IN-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-he-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-hi-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-hu-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-id-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-is-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-it-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ja-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ka-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-kn-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ko-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ku-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-lt-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-lv-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-mk-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-mn-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-mr-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-nb_NO-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-nl-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-nn_NO-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-oc-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-pa_IN-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-pl-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-pt_BR-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-pt_PT-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ro-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ru-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-si-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-sk-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-sl-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-sq-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-sr-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-sv_SE-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-te-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-th-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-theme-kde4ff-0.14-4.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-tr-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-uk-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-zh_CN-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-zh_TW-3.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-extras-2.19.1-20.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-gda-2.19.1-20.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-gda-devel-2.19.1-20.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-gdl-2.19.1-20.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-gtkhtml2-2.19.1-20.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-gtkmozembed-2.19.1-20.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-gtkspell-2.19.1-20.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64devhelp-1-devel-0.21-3.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64devhelp-1_0-0.21-3.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64xulrunner-devel-1.9.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64xulrunner-unstable-devel-1.9.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64xulrunner1.9-1.9.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libdevhelp-1-devel-0.21-3.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libdevhelp-1_0-0.21-3.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libxulrunner-devel-1.9.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libxulrunner-unstable-devel-1.9.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libxulrunner1.9-1.9.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-firefox-ext-blogrovr-1.1.779-5.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-firefox-ext-foxmarks-2.1.0.12-2.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-firefox-ext-scribefire-2.3.1-2.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-beagle-0.3.8-13.9mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xulrunner-1.9.0.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"yelp-2.24.0-3.5mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:20", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2009:0398 :\n\nUpdated SeaMonkey packages that fix two security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor.\n\nA memory corruption flaw was discovered in the way SeaMonkey handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1169)\n\nA flaw was discovered in the way SeaMonkey handles certain XUL garbage collection events. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1044)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.", "modified": "2018-08-13T00:00:00", "id": "ORACLELINUX_ELSA-2009-0398.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67834", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 : seamonkey (ELSA-2009-0398)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:0398 and \n# Oracle Linux Security Advisory ELSA-2009-0398 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67834);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/08/13 14:32:37\");\n\n script_cve_id(\"CVE-2009-1044\", \"CVE-2009-1169\");\n script_xref(name:\"RHSA\", value:\"2009:0398\");\n\n script_name(english:\"Oracle Linux 3 / 4 : seamonkey (ELSA-2009-0398)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:0398 :\n\nUpdated SeaMonkey packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, email and newsgroup client,\nIRC chat client, and HTML editor.\n\nA memory corruption flaw was discovered in the way SeaMonkey handles\nXML files containing an XSLT transform. A remote attacker could use\nthis flaw to crash SeaMonkey or, potentially, execute arbitrary code\nas the user running SeaMonkey. (CVE-2009-1169)\n\nA flaw was discovered in the way SeaMonkey handles certain XUL garbage\ncollection events. A remote attacker could use this flaw to crash\nSeaMonkey or, potentially, execute arbitrary code as the user running\nSeaMonkey. (CVE-2009-1044)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncorrect these issues. After installing the update, SeaMonkey must be\nrestarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-March/000937.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-March/000940.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-1.0.9-0.36.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-1.0.9-0.36.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-chat-1.0.9-0.36.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-chat-1.0.9-0.36.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-devel-1.0.9-0.36.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-devel-1.0.9-0.36.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-dom-inspector-1.0.9-0.36.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-dom-inspector-1.0.9-0.36.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-js-debugger-1.0.9-0.36.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-js-debugger-1.0.9-0.36.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-mail-1.0.9-0.36.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-mail-1.0.9-0.36.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nspr-1.0.9-0.36.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nspr-1.0.9-0.36.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nspr-devel-1.0.9-0.36.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nspr-devel-1.0.9-0.36.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nss-1.0.9-0.36.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nss-1.0.9-0.36.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nss-devel-1.0.9-0.36.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nss-devel-1.0.9-0.36.0.1.el3\")) flag++;\n\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-1.0.9-40.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-chat-1.0.9-40.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-devel-1.0.9-40.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-dom-inspector-1.0.9-40.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-js-debugger-1.0.9-40.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-mail-1.0.9-40.0.1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-chat / seamonkey-devel / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:34", "bulletinFamily": "scanner", "description": "Updated SeaMonkey packages that fix two security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor.\n\nA memory corruption flaw was discovered in the way SeaMonkey handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1169)\n\nA flaw was discovered in the way SeaMonkey handles certain XUL garbage collection events. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1044)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.", "modified": "2018-11-27T00:00:00", "id": "REDHAT-RHSA-2009-0398.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=36044", "published": "2009-03-30T00:00:00", "title": "RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2009:0398)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0398. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36044);\n script_version (\"1.23\");\n script_cvs_date(\"Date: 2018/11/27 13:31:32\");\n\n script_cve_id(\"CVE-2009-1044\", \"CVE-2009-1169\");\n script_xref(name:\"RHSA\", value:\"2009:0398\");\n\n script_name(english:\"RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2009:0398)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated SeaMonkey packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, email and newsgroup client,\nIRC chat client, and HTML editor.\n\nA memory corruption flaw was discovered in the way SeaMonkey handles\nXML files containing an XSLT transform. A remote attacker could use\nthis flaw to crash SeaMonkey or, potentially, execute arbitrary code\nas the user running SeaMonkey. (CVE-2009-1169)\n\nA flaw was discovered in the way SeaMonkey handles certain XUL garbage\ncollection events. A remote attacker could use this flaw to crash\nSeaMonkey or, potentially, execute arbitrary code as the user running\nSeaMonkey. (CVE-2009-1044)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncorrect these issues. After installing the update, SeaMonkey must be\nrestarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0398\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(2\\.1|3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0398\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-1.0.9-0.32.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-chat-1.0.9-0.32.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-devel-1.0.9-0.32.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-dom-inspector-1.0.9-0.32.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-js-debugger-1.0.9-0.32.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-mail-1.0.9-0.32.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nspr-1.0.9-0.32.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nspr-devel-1.0.9-0.32.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nss-1.0.9-0.32.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nss-devel-1.0.9-0.32.el2\")) flag++;\n\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-1.0.9-0.36.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-chat-1.0.9-0.36.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-devel-1.0.9-0.36.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-dom-inspector-1.0.9-0.36.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-js-debugger-1.0.9-0.36.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-mail-1.0.9-0.36.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nspr-1.0.9-0.36.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nspr-devel-1.0.9-0.36.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nss-1.0.9-0.36.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nss-devel-1.0.9-0.36.el3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-1.0.9-40.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-chat-1.0.9-40.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-devel-1.0.9-40.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-dom-inspector-1.0.9-40.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-js-debugger-1.0.9-40.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-mail-1.0.9-40.el4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-chat / seamonkey-devel / etc\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:04", "bulletinFamily": "scanner", "description": "The Mozilla Firefox Browser was updated to the 3.0.8 release. It fixes several security issues :\n\nMFSA 2009-13 / CVE-2009-1044: Security researcher Nils reported via TippingPoint's Zero Day Initiative that the XUL tree method\n_moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still in use. In such cases, the browser would crash when attempting to access a previously destroyed object and this crash could be used by an attacker to run arbitrary code on a victim's computer. This vulnerability was used by the reporter to win the 2009 CanSecWest Pwn2Own contest. This vulnerability does not affect Firefox 2, Thunderbird 2, or released versions of SeaMonkey.\n\nMFSA 2009-12 / CVE-2009-1169:Security researcher Guido Landi discovered that a XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim's computer. This vulnerability was also previously reported as a stability problem by Ubuntu community member, Andre. Ubuntu community member Michael Rooney reported Andre's findings to Mozilla, and Mozilla community member Martin helped reduce Andre's original testcase and contributed a patch to fix the vulnerability.", "modified": "2014-06-13T00:00:00", "id": "SUSE_11_0_MOZILLAFIREFOX-090407.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=39888", "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (MozillaFirefox-745)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-745.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39888);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:44:02 $\");\n\n script_cve_id(\"CVE-2009-1044\", \"CVE-2009-1169\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (MozillaFirefox-745)\");\n script_summary(english:\"Check for the MozillaFirefox-745 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla Firefox Browser was updated to the 3.0.8 release. It fixes\nseveral security issues :\n\nMFSA 2009-13 / CVE-2009-1044: Security researcher Nils reported via\nTippingPoint's Zero Day Initiative that the XUL tree method\n_moveToEdgeShift was in some cases triggering garbage collection\nroutines on objects which were still in use. In such cases, the\nbrowser would crash when attempting to access a previously destroyed\nobject and this crash could be used by an attacker to run arbitrary\ncode on a victim's computer. This vulnerability was used by the\nreporter to win the 2009 CanSecWest Pwn2Own contest. This\nvulnerability does not affect Firefox 2, Thunderbird 2, or released\nversions of SeaMonkey.\n\nMFSA 2009-12 / CVE-2009-1169:Security researcher Guido Landi\ndiscovered that a XSL stylesheet could be used to crash the browser\nduring a XSL transformation. An attacker could potentially use this\ncrash to run arbitrary code on a victim's computer. This vulnerability\nwas also previously reported as a stability problem by Ubuntu\ncommunity member, Andre. Ubuntu community member Michael Rooney\nreported Andre's findings to Mozilla, and Mozilla community member\nMartin helped reduce Andre's original testcase and contributed a patch\nto fix the vulnerability.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=488955\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"MozillaFirefox-3.0.8-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"MozillaFirefox-translations-3.0.8-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mozilla-xulrunner190-1.9.0.8-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mozilla-xulrunner190-devel-1.9.0.8-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.8-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mozilla-xulrunner190-translations-1.9.0.8-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.8-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.8-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-32bit-1.9.0.8-1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:34", "bulletinFamily": "scanner", "description": "Updated SeaMonkey packages that fix two security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor.\n\nA memory corruption flaw was discovered in the way SeaMonkey handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1169)\n\nA flaw was discovered in the way SeaMonkey handles certain XUL garbage collection events. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1044)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2009-0398.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=36039", "published": "2009-03-30T00:00:00", "title": "CentOS 3 : seamonkey (CESA-2009:0398)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0398 and \n# CentOS Errata and Security Advisory 2009:0398 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36039);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/10 11:49:28\");\n\n script_cve_id(\"CVE-2009-1044\", \"CVE-2009-1169\");\n script_xref(name:\"RHSA\", value:\"2009:0398\");\n\n script_name(english:\"CentOS 3 : seamonkey (CESA-2009:0398)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated SeaMonkey packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, email and newsgroup client,\nIRC chat client, and HTML editor.\n\nA memory corruption flaw was discovered in the way SeaMonkey handles\nXML files containing an XSLT transform. A remote attacker could use\nthis flaw to crash SeaMonkey or, potentially, execute arbitrary code\nas the user running SeaMonkey. (CVE-2009-1169)\n\nA flaw was discovered in the way SeaMonkey handles certain XUL garbage\ncollection events. A remote attacker could use this flaw to crash\nSeaMonkey or, potentially, execute arbitrary code as the user running\nSeaMonkey. (CVE-2009-1044)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncorrect these issues. After installing the update, SeaMonkey must be\nrestarted for the changes to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-March/015706.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ec21dd6\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-March/015707.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?834d83cd\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-March/015708.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1bb8782f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-1.0.9-0.36.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-chat-1.0.9-0.36.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-devel-1.0.9-0.36.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-dom-inspector-1.0.9-0.36.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-js-debugger-1.0.9-0.36.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-mail-1.0.9-0.36.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nspr-1.0.9-0.36.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nspr-devel-1.0.9-0.36.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nss-1.0.9-0.36.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nss-devel-1.0.9-0.36.el3.centos3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:09", "bulletinFamily": "scanner", "description": "The Mozilla Firefox Browser was updated to the 3.0.8 release. It fixes several security issues :\n\nMFSA 2009-13 / CVE-2009-1044: Security researcher Nils reported via TippingPoint's Zero Day Initiative that the XUL tree method\n_moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still in use. In such cases, the browser would crash when attempting to access a previously destroyed object and this crash could be used by an attacker to run arbitrary code on a victim's computer. This vulnerability was used by the reporter to win the 2009 CanSecWest Pwn2Own contest. This vulnerability does not affect Firefox 2, Thunderbird 2, or released versions of SeaMonkey.\n\nMFSA 2009-12 / CVE-2009-1169:Security researcher Guido Landi discovered that a XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim's computer. This vulnerability was also previously reported as a stability problem by Ubuntu community member, Andre. Ubuntu community member Michael Rooney reported Andre's findings to Mozilla, and Mozilla community member Martin helped reduce Andre's original testcase and contributed a patch to fix the vulnerability.", "modified": "2014-06-13T00:00:00", "id": "SUSE_11_1_MOZILLAFIREFOX-090407.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40171", "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (MozillaFirefox-745)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update MozillaFirefox-745.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40171);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:55:04 $\");\n\n script_cve_id(\"CVE-2009-1044\", \"CVE-2009-1169\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (MozillaFirefox-745)\");\n script_summary(english:\"Check for the MozillaFirefox-745 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla Firefox Browser was updated to the 3.0.8 release. It fixes\nseveral security issues :\n\nMFSA 2009-13 / CVE-2009-1044: Security researcher Nils reported via\nTippingPoint's Zero Day Initiative that the XUL tree method\n_moveToEdgeShift was in some cases triggering garbage collection\nroutines on objects which were still in use. In such cases, the\nbrowser would crash when attempting to access a previously destroyed\nobject and this crash could be used by an attacker to run arbitrary\ncode on a victim's computer. This vulnerability was used by the\nreporter to win the 2009 CanSecWest Pwn2Own contest. This\nvulnerability does not affect Firefox 2, Thunderbird 2, or released\nversions of SeaMonkey.\n\nMFSA 2009-12 / CVE-2009-1169:Security researcher Guido Landi\ndiscovered that a XSL stylesheet could be used to crash the browser\nduring a XSL transformation. An attacker could potentially use this\ncrash to run arbitrary code on a victim's computer. This vulnerability\nwas also previously reported as a stability problem by Ubuntu\ncommunity member, Andre. Ubuntu community member Michael Rooney\nreported Andre's findings to Mozilla, and Mozilla community member\nMartin helped reduce Andre's original testcase and contributed a patch\nto fix the vulnerability.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=488955\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xpcom190\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-3.0.8-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-branding-upstream-3.0.8-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"MozillaFirefox-translations-3.0.8-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner190-1.9.0.8-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner190-devel-1.9.0.8-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner190-gnomevfs-1.9.0.8-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mozilla-xulrunner190-translations-1.9.0.8-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"python-xpcom190-1.9.0.8-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner190-32bit-1.9.0.8-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.8-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mozilla-xulrunner190-translations-32bit-1.9.0.8-1.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:34", "bulletinFamily": "scanner", "description": "The installed version of Firefox is earlier than 3.0.8. Such versions are potentially affected by the following security issues :\n\n - An XSL transformation vulnerability can be leveraged with a specially crafted stylesheet to crash the browser or to execute arbitrary code. (MFSA 2009-12)\n\n - An error in the XUL tree method '_moveToEdgeShift()' can be leveraged to trigger garbage collection routines on objects that are still in use, leading to a browser crash and possibly execution of arbitrary code. (MFSA 2009-13)", "modified": "2018-11-15T00:00:00", "id": "MOZILLA_FIREFOX_308.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=36045", "published": "2009-03-30T00:00:00", "title": "Firefox < 3.0.8 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(36045);\n script_version(\"1.16\");\n\n script_cve_id(\"CVE-2009-1044\", \"CVE-2009-1169\");\n script_bugtraq_id(34181, 34235);\n\n script_name(english:\"Firefox < 3.0.8 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute( attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\" );\n script_set_attribute( attribute:\"description\", value:\n\"The installed version of Firefox is earlier than 3.0.8. Such versions\nare potentially affected by the following security issues :\n\n - An XSL transformation vulnerability can be leveraged \n with a specially crafted stylesheet to crash the browser\n or to execute arbitrary code. (MFSA 2009-12)\n\n - An error in the XUL tree method '_moveToEdgeShift()' can\n be leveraged to trigger garbage collection routines on\n objects that are still in use, leading to a browser\n crash and possibly execution of arbitrary code. \n (MFSA 2009-13)\" );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-12/\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-13/\"\n );\n # https://website-archive.mozilla.org:443/www.mozilla.org/firefox_releasenotes/en-US/firefox/3.0.8/releasenotes/\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www.nessus.org/u?e8f5e612\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade to Firefox 3.0.8 or later. \"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(399);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2009/03/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2009/03/27\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n \n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n \n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\"); \n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'3.0.8', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:54", "bulletinFamily": "scanner", "description": "Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.\n\nA memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169)\n\nA flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044)\n\nFor technical details regarding these flaws, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this errata.\n\nFirefox users should upgrade to these updated packages, which resolve these issues. For Red Hat Enterprise Linux 4, they contain backported patches to the firefox package. For Red Hat Enterprise Linux 5, they contain backported patches to the xulrunner packages. After installing the update, Firefox must be restarted for the changes to take effect.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2009-0397.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43737", "published": "2010-01-06T00:00:00", "title": "CentOS 4 / 5 : firefox (CESA-2009:0397)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0397 and \n# CentOS Errata and Security Advisory 2009:0397 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43737);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/10 11:49:28\");\n\n script_cve_id(\"CVE-2009-1044\", \"CVE-2009-1169\");\n script_xref(name:\"RHSA\", value:\"2009:0397\");\n\n script_name(english:\"CentOS 4 / 5 : firefox (CESA-2009:0397)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nA memory corruption flaw was discovered in the way Firefox handles XML\nfiles containing an XSLT transform. A remote attacker could use this\nflaw to crash Firefox or, potentially, execute arbitrary code as the\nuser running Firefox. (CVE-2009-1169)\n\nA flaw was discovered in the way Firefox handles certain XUL garbage\ncollection events. A remote attacker could use this flaw to crash\nFirefox or, potentially, execute arbitrary code as the user running\nFirefox. (CVE-2009-1044)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories. You can find a link to the Mozilla advisories in\nthe References section of this errata.\n\nFirefox users should upgrade to these updated packages, which resolve\nthese issues. For Red Hat Enterprise Linux 4, they contain backported\npatches to the firefox package. For Red Hat Enterprise Linux 5, they\ncontain backported patches to the xulrunner packages. After installing\nthe update, Firefox must be restarted for the changes to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015756.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?406e64f8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015757.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e1b487e2\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015820.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?50882e36\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015821.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?882cfd5d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner-devel-unstable\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"firefox-3.0.7-3.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"firefox-3.0.7-3.el4.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-1.9.0.7-3.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-devel-1.9.0.7-3.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-devel-unstable-1.9.0.7-3.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:46:45", "bulletinFamily": "unix", "description": "SeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nA memory corruption flaw was discovered in the way SeaMonkey handles XML\nfiles containing an XSLT transform. A remote attacker could use this flaw\nto crash SeaMonkey or, potentially, execute arbitrary code as the user\nrunning SeaMonkey. (CVE-2009-1169)\n\nA flaw was discovered in the way SeaMonkey handles certain XUL garbage\ncollection events. A remote attacker could use this flaw to crash SeaMonkey\nor, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2009-1044)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.", "modified": "2019-03-22T23:42:58", "published": "2009-03-27T04:00:00", "id": "RHSA-2009:0398", "href": "https://access.redhat.com/errata/RHSA-2009:0398", "type": "redhat", "title": "(RHSA-2009:0398) Critical: seamonkey security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:08", "bulletinFamily": "unix", "description": "Mozilla Firefox is an open source Web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nA memory corruption flaw was discovered in the way Firefox handles XML\nfiles containing an XSLT transform. A remote attacker could use this flaw\nto crash Firefox or, potentially, execute arbitrary code as the user\nrunning Firefox. (CVE-2009-1169)\n\nA flaw was discovered in the way Firefox handles certain XUL garbage\ncollection events. A remote attacker could use this flaw to crash Firefox\nor, potentially, execute arbitrary code as the user running Firefox.\n(CVE-2009-1044)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories. You can find a link to the Mozilla advisories in the References\nsection of this errata.\n\nFirefox users should upgrade to these updated packages, which resolve these\nissues. For Red Hat Enterprise Linux 4, they contain backported patches to\nthe firefox package. For Red Hat Enterprise Linux 5, they contain\nbackported patches to the xulrunner packages. After installing the update,\nFirefox must be restarted for the changes to take effect.", "modified": "2017-09-08T11:51:49", "published": "2009-03-27T04:00:00", "id": "RHSA-2009:0397", "href": "https://access.redhat.com/errata/RHSA-2009:0397", "type": "redhat", "title": "(RHSA-2009:0397) Critical: firefox security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:52:15", "bulletinFamily": "unix", "description": "The Mozilla Firefox Browser was updated to the 3.0.8 release. It fixes two critical security issues:\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2009-04-20T12:00:48", "published": "2009-04-20T12:00:48", "id": "SUSE-SA:2009:022", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html", "type": "suse", "title": "remote code execution in MozillaFirefox", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:41:30", "bulletinFamily": "unix", "description": "The Mozilla Firefox Browser was refreshed to the current MOZILLA_1_8 branch state around fix level 2.0.0.22, backporting various security fixes from the Firefox 3.0.8 browser version.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2009-04-20T12:01:40", "published": "2009-04-20T12:01:40", "id": "SUSE-SA:2009:023", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html", "type": "suse", "title": "remote code execution in MozillaFirefox", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:22", "bulletinFamily": "unix", "description": "[1.0.9-40.0.1.el4]\n- Added mozilla-oracle-default-prefs.js, and mozilla-oracle-default-bookmarks.html\n and removed corresponding Redhat ones\n[1.0.9-40.el4]\n- Added fixes from 1.9.0.8 ", "modified": "2009-03-29T00:00:00", "published": "2009-03-29T00:00:00", "id": "ELSA-2009-0398", "href": "http://linux.oracle.com/errata/ELSA-2009-0398.html", "title": "seamonkey security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:52", "bulletinFamily": "unix", "description": "xulrunner:\n[1.9.0.7-3.0.1.el5]\n- Added xulrunner-oracle-default-prefs.js and removed the corresponding\n RedHat one\n[1.9.0.7-3]\n- Updated per 1.9.0.8\nfirefox:\n[3.0.7-3.0.1.el4]\n- Update firstrun and homepage URLS\n- Add oracle-firefox-branding.patch\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding RedHat ones\n[3.0.7-3.el4]\n- Updated per 1.9.0.8 ", "modified": "2009-03-29T00:00:00", "published": "2009-03-29T00:00:00", "id": "ELSA-2009-0397", "href": "http://linux.oracle.com/errata/ELSA-2009-0397.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2019-05-29T17:21:42", "bulletinFamily": "unix", "description": "It was discovered that Firefox did not properly perform XUL garbage collection. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS and 8.10. (CVE-2009-1044)\n\nA flaw was discovered in the way Firefox performed XSLT transformations. If a user were tricked into opening a crafted XSL stylesheet, an attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1169)", "modified": "2009-03-28T00:00:00", "published": "2009-03-28T00:00:00", "id": "USN-745-1", "href": "https://usn.ubuntu.com/745-1/", "title": "Firefox and Xulrunner vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:21:31", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1756-1 security@debian.org\nhttp://www.debian.org/security/ Noah Meyerhans\nMarch 29, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : xulrunner\nVulnerability : multiple\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2009-1169 CVE-2009-1044\n\nSeveral remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2009-1169\n\n Security researcher Guido Landi discovered that a XSL stylesheet could\n be used to crash the browser during a XSL transformation. An attacker\n could potentially use this crash to run arbitrary code on a victim's\n computer.\n\nCVE-2009-1044\n\n Security researcher Nils reported via TippingPoint's Zero Day Initiative\n that the XUL tree method _moveToEdgeShift was in some cases triggering\n garbage collection routines on objects which were still in use. In such\n cases, the browser would crash when attempting to access a previously\n destroyed object and this crash could be used by an attacker to run\n arbitrary code on a victim's computer.\n\nNote that after installing these updates, you will need to restart any\npackages using xulrunner, typically iceweasel or epiphany.\n\nFor the stable distribution (lenny), these problems have been fixed in version\n1.9.0.7-0lenny2.\n\nAs indicated in the Etch release notes, security support for the\nMozilla products in the oldstable distribution needed to be stopped\nbefore the end of the regular Etch security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a still\nsupported browser.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.0.8-1\n\nWe recommend that you upgrade your xulrunner package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny2.dsc\n Size/MD5 checksum: 1777 be107e8cce28d09395d6c2b0e2880e0b\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7.orig.tar.gz\n Size/MD5 checksum: 43683292 f49b66c10e021debdfd9cd3705847d9b\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny2.diff.gz\n Size/MD5 checksum: 115665 4886b961a24c13d9017e8f261b7a4ad4\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.7-0lenny2_all.deb\n Size/MD5 checksum: 1480030 c12b4d6d534c0f12ec8e19760ca52a9b\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_amd64.deb\n Size/MD5 checksum: 69048 cbcfc3f9addacdd2a6641980876910f1\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_amd64.deb\n Size/MD5 checksum: 7725982 c5075bc0634cb5b2cfc8b64649f9511e\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_amd64.deb\n Size/MD5 checksum: 3587626 1ce3de601c764c9bfb0c3998566f2baa\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_amd64.deb\n Size/MD5 checksum: 887434 d373f8ed294bc6184a188bc820e04d6b\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_amd64.deb\n Size/MD5 checksum: 220394 8ac87390e12115281d335b8773fb5733\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_amd64.deb\n Size/MD5 checksum: 152152 76761d21f53d017af1ff349e528664ea\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_amd64.deb\n Size/MD5 checksum: 372048 ba88e43241ab33621169f2e352bdf634\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_amd64.deb\n Size/MD5 checksum: 50084206 d44a3028e5049f2b8051a5f6ed632fe6\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_amd64.deb\n Size/MD5 checksum: 100434 d20e7c595e15ca0831d62d13d19c9d25\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_arm.deb\n Size/MD5 checksum: 814182 2fe30b4c614a8dad20d6daa5e8156193\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_arm.deb\n Size/MD5 checksum: 83324 b2b5e1e0850ceb17bf60471435a751f8\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_arm.deb\n Size/MD5 checksum: 6786494 017302b5a56bdd55d3d1ffe18bd61832\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_arm.deb\n Size/MD5 checksum: 49032638 2343b97ac1a895a00c65d7c7d4854bf3\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_arm.deb\n Size/MD5 checksum: 67078 5891e17e7a7abe4b9b3ff3b06d1c5bf8\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_arm.deb\n Size/MD5 checksum: 348306 7cacc5c36e3139afa7e93cce23e55bdc\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_arm.deb\n Size/MD5 checksum: 141074 ddfcdb101f24b626caede43f36667ebb\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_arm.deb\n Size/MD5 checksum: 222552 099c35e0a9fc845e12d97e05dc5cefbe\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_arm.deb\n Size/MD5 checksum: 3577622 a45883aa5a860e9ceaccd1507b1e2b4d\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_hppa.deb\n Size/MD5 checksum: 106132 b21e7b60ef507b75d4e75cecf01507b4\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_hppa.deb\n Size/MD5 checksum: 409632 8ad83b2450a8224287708d08fb0e3349\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_hppa.deb\n Size/MD5 checksum: 222406 cc644de6ffb2987c4d3290760d851c3f\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_hppa.deb\n Size/MD5 checksum: 50959494 30e6201361ab450cce9c1ae5767b7d00\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_hppa.deb\n Size/MD5 checksum: 900224 98b504ea16f93598810cff8dd753c7cc\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_hppa.deb\n Size/MD5 checksum: 3625060 bb06476c2dfef959c573a67f910f500a\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_hppa.deb\n Size/MD5 checksum: 71008 d61063712c37cfde51b3944f1dbd311f\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_hppa.deb\n Size/MD5 checksum: 157864 c9b9587d5b0582b35a1ccff76445f13f\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_hppa.deb\n Size/MD5 checksum: 9487824 ebcb840996d1d69d6836e6d1aec2f81d\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_i386.deb\n Size/MD5 checksum: 6581370 480961b3e126e36c1d4087df2c2fb6d9\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_i386.deb\n Size/MD5 checksum: 141498 729642753ad2a51d17983b3583f740b6\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_i386.deb\n Size/MD5 checksum: 3572938 f0bf3224b2c681417ba6dd8dcac5f96d\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_i386.deb\n Size/MD5 checksum: 846308 06e3b0690f2f3a868375f4d58a7b8614\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_i386.deb\n Size/MD5 checksum: 348812 acc2f219abb68286432720315861ed53\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_i386.deb\n Size/MD5 checksum: 82002 77b4ffe73322bf5ead4bc24ee3fc76d2\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_i386.deb\n Size/MD5 checksum: 222556 85fee1ce9133cb7ab9ce99f62b70e447\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_i386.deb\n Size/MD5 checksum: 67810 0eb6b02984351fa3bf02640d7ff1d4e6\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_i386.deb\n Size/MD5 checksum: 49248242 64fb21f6c3a2411743222fc26e304b76\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_ia64.deb\n Size/MD5 checksum: 49419026 7cb040fbbef113cd5c8a1c5c443df6fd\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_ia64.deb\n Size/MD5 checksum: 179458 82249a7cb150fce22af5f5681d3164fe\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_ia64.deb\n Size/MD5 checksum: 11270206 be3c0b80f22210fa2a53236cbde9ceb9\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_ia64.deb\n Size/MD5 checksum: 538492 e75c766e0666c1604805f8c4c97cc256\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_ia64.deb\n Size/MD5 checksum: 75446 94f2c55150101f7a5811c9429364bd1b\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_ia64.deb\n Size/MD5 checksum: 222198 62ba8960b8326d21523dc7c76cc1f9d8\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_ia64.deb\n Size/MD5 checksum: 808982 3038817adea449b7715164cad73a5f16\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_ia64.deb\n Size/MD5 checksum: 3391518 26decf00e4fb05e3dbfc61c9dd933f5b\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_ia64.deb\n Size/MD5 checksum: 120932 e3af6d0b86f8d21a9fbb43986a5c79b3\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_mips.deb\n Size/MD5 checksum: 914808 749779b5620ceffb2845ac170699a866\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_mips.deb\n Size/MD5 checksum: 221900 63c93f91cf4ee34e307bd06c5675c460\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_mips.deb\n Size/MD5 checksum: 377372 1c527a4b63e3eb729124f54764261310\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_mips.deb\n Size/MD5 checksum: 51596012 c6b8d6fed635039a75e553a59164b0de\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_mips.deb\n Size/MD5 checksum: 7652050 4464324acfeaf2019722f4bddc980a64\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_mips.deb\n Size/MD5 checksum: 144160 3217dab8582a83c2e8db5ed0a2894c9a\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_mips.deb\n Size/MD5 checksum: 69328 7d17be8a925e42469ce3d46009eb0437\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_mips.deb\n Size/MD5 checksum: 3607854 683f1204c14aa14f72927e2babf2afc2\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_mips.deb\n Size/MD5 checksum: 96506 95148e457d3a554935ae2771553378d8\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_mipsel.deb\n Size/MD5 checksum: 896502 7293da4f42af7c5faadaff3d00e024ad\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_mipsel.deb\n Size/MD5 checksum: 222202 8ab7c65e1b6e67481b885951bf7b06ee\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_mipsel.deb\n Size/MD5 checksum: 96170 02b28ff5c4af5b3c5ab241e6ada57895\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_mipsel.deb\n Size/MD5 checksum: 144424 34f4f9236099f217f309dd3404cd32fc\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_mipsel.deb\n Size/MD5 checksum: 375064 c324513cb22e6bf942308fec5d6ffc44\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_mipsel.deb\n Size/MD5 checksum: 3303026 c9f09e3ac15cea9522e16d7606832417\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_mipsel.deb\n Size/MD5 checksum: 7359744 20955f26918492c6060f5196608cecca\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_mipsel.deb\n Size/MD5 checksum: 68948 e564d5ad298fa7f2eb43c3d142421b23\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_mipsel.deb\n Size/MD5 checksum: 49718170 f305c87d9f9f0a4bb25c782fbca0e553\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_powerpc.deb\n Size/MD5 checksum: 51145940 d4450ede3188d085537b34912a130fc8\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_powerpc.deb\n Size/MD5 checksum: 222214 a193661cfee9a9baf937e51fa8927852\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_powerpc.deb\n Size/MD5 checksum: 7259520 7a5a2eb42cf43a3859c886f6604e7bb0\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_powerpc.deb\n Size/MD5 checksum: 94176 0f27b080d4ef6e907e97926d9bde09d8\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_powerpc.deb\n Size/MD5 checksum: 151634 eb3b55bb033dd21e3a395b5455fed3a3\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_powerpc.deb\n Size/MD5 checksum: 72114 856bcc9a079008a00f502c037f7e075b\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_powerpc.deb\n Size/MD5 checksum: 3278706 141fbb356a9b0ee7ddee52b32b250021\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_powerpc.deb\n Size/MD5 checksum: 359602 e678dd18f6fac0aad286a5d455e6d84f\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_powerpc.deb\n Size/MD5 checksum: 885062 6682354b8d0e8f25e6897bcfee801579\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_s390.deb\n Size/MD5 checksum: 50926930 5066e277c6bb2f1435cd92ba4c09dc8f\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_s390.deb\n Size/MD5 checksum: 222190 c62253da00b92ab339f524ef6d525767\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_s390.deb\n Size/MD5 checksum: 404064 4f0c71caf3242ca9f1878ac6df71b414\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_s390.deb\n Size/MD5 checksum: 104972 ecefd67cf04623d0bd9deb66645ece52\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_s390.deb\n Size/MD5 checksum: 155536 33869ff68336fde0594bb45661f85c03\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_s390.deb\n Size/MD5 checksum: 3300930 9cf7bde0ab1e0c507566a88fd2a6562f\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_s390.deb\n Size/MD5 checksum: 906248 a03086436351f5085905acd1d4084f40\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_s390.deb\n Size/MD5 checksum: 8371150 b731e930186033123c928eeb52c186ba\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_s390.deb\n Size/MD5 checksum: 71936 426ddd3166525fdf235448bddcba413b\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_sparc.deb\n Size/MD5 checksum: 68258 8c14ad467b7a590f0262ad0636b7a90b\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_sparc.deb\n Size/MD5 checksum: 87020 d7241f5f6ae1a92e9bfe819955c42b88\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_sparc.deb\n Size/MD5 checksum: 3571244 a50b84de8fe3f268e33882b5b325945d\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_sparc.deb\n Size/MD5 checksum: 817342 554bd07b8f90071d36ac57c01c24b6a9\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_sparc.deb\n Size/MD5 checksum: 220812 1edcd284a1520e8fdfdf68f015dd2211\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_sparc.deb\n Size/MD5 checksum: 7152698 d33c5b929d5d98a02f0ce021b5bb1531\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_sparc.deb\n Size/MD5 checksum: 346378 e617288c62da4165ed5230adbc9d7890\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_sparc.deb\n Size/MD5 checksum: 141340 606be0ab05095515bbb3070d7543e1ca\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_sparc.deb\n Size/MD5 checksum: 49112986 1c799dc5e9059379adadf2380bf5d0e2\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2009-03-29T18:03:08", "published": "2009-03-29T18:03:08", "id": "DEBIAN:DSA-1756-1:9438A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00066.html", "title": "[SECURITY] [DSA 1756-1] New xulrunner packages fix multiple vulnerabilities", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:13", "bulletinFamily": "unix", "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications such as Firefox and Thunderbird. NSS is Mozilla\u2019s Network Security Services library that implements PKI support. IceCat is the GNU version of Firefox. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL\u2019s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser\u2019s font, conduct clickjacking attacks, or have other unspecified impact. \n\nA local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nAll users of the Mozilla Firefox binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nAll users of the Mozilla Thunderbird binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nAll Mozilla SeaMonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.14-r1\"\n \n\nAll users of the Mozilla SeaMonkey binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.14\"\n \n\nAll NSS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nss-3.14\"\n \n\nThe \u201cwww-client/mozilla-firefox\u201d package has been merged into the \u201cwww-client/firefox\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox\u201d and then emerge the latest \u201cwww-client/firefox\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nThe \u201cwww-client/mozilla-firefox-bin\u201d package has been merged into the \u201cwww-client/firefox-bin\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox-bin\u201d and then emerge the latest \u201cwww-client/firefox-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox-bin\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird\u201d package has been merged into the \u201cmail-client/thunderbird\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird\u201d and then emerge the latest \u201cmail-client/thunderbird\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird\"\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird-bin\u201d package has been merged into the \u201cmail-client/thunderbird-bin\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird-bin\u201d and then emerge the latest \u201cmail-client/thunderbird-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird-bin\"\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nGentoo discontinued support for GNU IceCat. We recommend that users unmerge GNU IceCat: \n \n \n # emerge --unmerge \"www-client/icecat\"\n \n\nGentoo discontinued support for XULRunner. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner\"\n \n\nGentoo discontinued support for the XULRunner binary package. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner-bin\"", "modified": "2013-01-08T00:00:00", "published": "2013-01-08T00:00:00", "id": "GLSA-201301-01", "href": "https://security.gentoo.org/glsa/201301-01", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
