ID OPENVAS:1361412562310804045 Type openvas Reporter Copyright (C) 2013 Greenbone Networks GmbH Modified 2020-04-21T00:00:00
Description
This host is installed with SeaMonkey and is prone to multiple
vulnerabilities.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_sea_monkey_mult_vuln01_dec13_win.nasl 33846 2013-12-23 18:34:28Z dec$
#
# SeaMonkey Multiple Vulnerabilities-01 Dec13 (Windows)
#
# Authors:
# Thanga Prakash S <tprakash@secpod.com>
#
# Copyright:
# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
CPE = "cpe:/a:mozilla:seamonkey";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.804045");
script_version("2020-04-21T11:03:03+0000");
script_cve_id("CVE-2013-5609", "CVE-2013-5610", "CVE-2013-5612", "CVE-2013-5613",
"CVE-2013-5614", "CVE-2013-5615", "CVE-2013-5616", "CVE-2013-5618",
"CVE-2013-5619", "CVE-2013-6671", "CVE-2013-6672", "CVE-2013-6673");
script_bugtraq_id(64204, 64206, 64205, 64203, 64207, 64216,
64209, 64211, 64215, 64212, 64210, 64213);
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"last_modification", value:"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)");
script_tag(name:"creation_date", value:"2013-12-23 18:34:28 +0530 (Mon, 23 Dec 2013)");
script_name("SeaMonkey Multiple Vulnerabilities-01 Dec13 (Windows)");
script_tag(name:"summary", value:"This host is installed with SeaMonkey and is prone to multiple
vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"solution", value:"Upgrade to SeaMonkey version 2.23 or later.");
script_tag(name:"insight", value:"For more details about the vulnerabilities, refer the reference section.");
script_tag(name:"affected", value:"SeaMonkey version before 2.23 on Windows");
script_tag(name:"impact", value:"Successful exploitation will allow attackers to conduct cross-site scripting
attacks, bypass certain security restrictions, disclose potentially sensitive
information, and compromise a user's system.");
script_tag(name:"qod_type", value:"registry");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"http://secunia.com/advisories/56002");
script_xref(name:"URL", value:"http://www.mozilla.org/security/announce/2013/mfsa2013-104.html");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2013 Greenbone Networks GmbH");
script_family("General");
script_dependencies("gb_seamonkey_detect_win.nasl");
script_mandatory_keys("Seamonkey/Win/Ver");
script_xref(name:"URL", value:"http://www.mozilla.com/en-US/seamonkey");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if(!smVer = get_app_version(cpe:CPE)){
exit(0);
}
if(version_is_less(version:smVer, test_version:"2.23"))
{
report = report_fixed_ver(installed_version:smVer, fixed_version:"2.23");
security_message(port: 0, data: report);
exit(0);
}
{"id": "OPENVAS:1361412562310804045", "type": "openvas", "bulletinFamily": "scanner", "title": "SeaMonkey Multiple Vulnerabilities-01 Dec13 (Windows)", "description": "This host is installed with SeaMonkey and is prone to multiple\nvulnerabilities.", "published": "2013-12-23T00:00:00", "modified": "2020-04-21T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804045", "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "references": ["http://www.mozilla.org/security/announce/2013/mfsa2013-104.html", "http://secunia.com/advisories/56002", "http://www.mozilla.com/en-US/seamonkey"], "cvelist": ["CVE-2013-5612", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-5618"], "lastseen": "2020-04-23T19:05:30", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310804042", "OPENVAS:841651", "OPENVAS:1361412562310804043", "OPENVAS:1361412562310850559", "OPENVAS:1361412562310804040", "OPENVAS:850559", "OPENVAS:1361412562310804039", "OPENVAS:1361412562310804041", "OPENVAS:1361412562310804046", "OPENVAS:1361412562310841651"]}, {"type": "suse", "idList": ["SUSE-SU-2013:1919-1", "OPENSUSE-SU-2013:1871-1"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_DD116B1964B311E3868F0025905A4771.NASL", "OPENSUSE-2013-994.NASL", "SUSE_11_FIREFOX24-201312-131215.NASL", "FEDORA_2013-23519.NASL", "UBUNTU_USN-2052-1.NASL", "OPENSUSE-2013-995.NASL", "OPENSUSE-2014-2.NASL", "FEDORA_2013-23127.NASL", "SUSE_11_FIREFOX24-201312-131216.NASL", "OPENSUSE-2013-993.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13460"]}, {"type": "freebsd", "idList": ["DD116B19-64B3-11E3-868F-0025905A4771"]}, {"type": "ubuntu", "idList": ["USN-2053-1", "USN-2052-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-1823", "ELSA-2013-1812"]}, {"type": "centos", "idList": ["CESA-2013:1812", "CESA-2013:1823"]}, {"type": "redhat", "idList": ["RHSA-2013:1823", "RHSA-2013:1812"]}, {"type": "cve", "idList": ["CVE-2013-5612", "CVE-2013-5619", "CVE-2013-6672", "CVE-2013-5609", "CVE-2013-5614", "CVE-2013-5610", "CVE-2013-5615", "CVE-2013-5613", "CVE-2013-6671", "CVE-2013-6673"]}, {"type": "mozilla", "idList": ["MFSA2013-114", "MFSA2013-113", "MFSA2013-106", "MFSA2013-115", "MFSA2013-110", "MFSA2013-109", "MFSA2013-111", "MFSA2013-104", "MFSA2013-107", "MFSA2013-112"]}, {"type": "seebug", "idList": ["SSV:61090", "SSV:61094", "SSV:61089", "SSV:61092", "SSV:61091"]}, {"type": "gentoo", "idList": ["GLSA-201504-01"]}], "modified": "2020-04-23T19:05:30", "rev": 2}, "score": {"value": 8.6, "vector": "NONE", "modified": "2020-04-23T19:05:30", "rev": 2}, "vulnersScore": 8.6}, "pluginID": "1361412562310804045", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sea_monkey_mult_vuln01_dec13_win.nasl 33846 2013-12-23 18:34:28Z dec$\n#\n# SeaMonkey Multiple Vulnerabilities-01 Dec13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:seamonkey\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804045\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5612\", \"CVE-2013-5613\",\n \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\",\n \"CVE-2013-5619\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n script_bugtraq_id(64204, 64206, 64205, 64203, 64207, 64216,\n 64209, 64211, 64215, 64212, 64210, 64213);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-12-23 18:34:28 +0530 (Mon, 23 Dec 2013)\");\n script_name(\"SeaMonkey Multiple Vulnerabilities-01 Dec13 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with SeaMonkey and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to SeaMonkey version 2.23 or later.\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities, refer the reference section.\");\n script_tag(name:\"affected\", value:\"SeaMonkey version before 2.23 on Windows\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct cross-site scripting\nattacks, bypass certain security restrictions, disclose potentially sensitive\ninformation, and compromise a user's system.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/56002\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-104.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_seamonkey_detect_win.nasl\");\n script_mandatory_keys(\"Seamonkey/Win/Ver\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/seamonkey\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!smVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:smVer, test_version:\"2.23\"))\n{\n report = report_fixed_ver(installed_version:smVer, fixed_version:\"2.23\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "naslFamily": "General"}
{"openvas": [{"lastseen": "2020-04-23T19:05:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5612", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-5618"], "description": "This host is installed with SeaMonkey and is prone to multiple\nvulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2013-12-23T00:00:00", "id": "OPENVAS:1361412562310804046", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804046", "type": "openvas", "title": "SeaMonkey Multiple Vulnerabilities-01 Dec13 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sea_monkey_mult_vuln01_dec13_macosx.nasl 33846 2013-12-23 18:38:58Z dec$\n#\n# SeaMonkey Multiple Vulnerabilities-01 Dec13 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:seamonkey\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804046\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5612\", \"CVE-2013-5613\",\n \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\",\n \"CVE-2013-5619\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n script_bugtraq_id(64204, 64206, 64205, 64203, 64207, 64216,\n 64209, 64211, 64215, 64212, 64210, 64213);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-12-23 18:38:58 +0530 (Mon, 23 Dec 2013)\");\n script_name(\"SeaMonkey Multiple Vulnerabilities-01 Dec13 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with SeaMonkey and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to SeaMonkey version 2.23 or later.\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities, refer the reference section.\");\n script_tag(name:\"affected\", value:\"SeaMonkey version before 2.23 on Mac OS X\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct cross-site scripting\nattacks, bypass certain security restrictions, disclose potentially sensitive\ninformation, and compromise a user's system.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/56002\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-104.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"SeaMonkey/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/seamonkey\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!smVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:smVer, test_version:\"2.23\"))\n{\n report = report_fixed_ver(installed_version:smVer, fixed_version:\"2.23\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-23T19:05:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-5618"], "description": "This host is installed with Mozilla Firefox and is prone to multiple\nvulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2013-12-23T00:00:00", "id": "OPENVAS:1361412562310804040", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804040", "type": "openvas", "title": "Mozilla Firefox Multiple Vulnerabilities-01 Dec13 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_mult_vuln01_dec13_macosx.nasl 33846 2013-12-23 16:51:47Z dec$\n#\n# Mozilla Firefox Multiple Vulnerabilities-01 Dec13 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804040\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\",\n \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\",\n \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6671\", \"CVE-2013-6672\",\n \"CVE-2013-6673\");\n script_bugtraq_id(64204, 64206, 64214, 64205, 64203, 64207, 64216, 64209, 64211, 64215, 64212, 64210, 64213);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-12-23 16:51:47 +0530 (Mon, 23 Dec 2013)\");\n script_name(\"Mozilla Firefox Multiple Vulnerabilities-01 Dec13 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 26.0 or later.\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities, refer the reference section.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 26.0 on Mac OS X\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct cross-site scripting\nattacks, bypass certain security restrictions, disclose potentially sensitive\ninformation, and compromise a user's system.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/56002\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-104.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"26.0\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"26.0\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-23T19:05:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-5618"], "description": "This host is installed with Mozilla Firefox and is prone to multiple\nvulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2013-12-24T00:00:00", "id": "OPENVAS:1361412562310804039", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804039", "type": "openvas", "title": "Mozilla Firefox Multiple Vulnerabilities-01 Dec13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_mult_vuln01_dec13_win.nasl 33846 2013-12-24 12:51:53Z dec$\n#\n# Mozilla Firefox Multiple Vulnerabilities-01 Dec13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804039\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\",\n \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\",\n \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6671\", \"CVE-2013-6672\",\n \"CVE-2013-6673\");\n script_bugtraq_id(64204, 64206, 64214, 64205, 64203, 64207, 64216, 64209, 64211, 64215, 64212, 64210, 64213);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-12-24 12:51:53 +0530 (Tue, 24 Dec 2013)\");\n script_name(\"Mozilla Firefox Multiple Vulnerabilities-01 Dec13 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 26.0 or later.\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities, refer the reference section.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 26.0 on Windows\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct cross-site scripting\nattacks, bypass certain security restrictions, disclose potentially sensitive\ninformation, and compromise a user's system.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/56002\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-104.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"26.0\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"26.0\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-24T11:10:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6630", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-6629", "CVE-2013-5618"], "description": "Check for the Version of firefox", "modified": "2018-01-24T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:841651", "href": "http://plugins.openvas.org/nasl.php?oid=841651", "type": "openvas", "title": "Ubuntu Update for firefox USN-2052-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2052_1.nasl 8509 2018-01-24 06:57:46Z teissa $\n#\n# Ubuntu Update for firefox USN-2052-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841651);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 12:05:51 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\",\n \"CVE-2013-5614\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\",\n \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\", \"CVE-2013-5613\",\n \"CVE-2013-5615\", \"CVE-2013-6629\", \"CVE-2013-6630\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for firefox USN-2052-1\");\n\n tag_insight = \"Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler\nand Christoph Diehl discovered multiple memory safety issues in Firefox. If\na user were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2013-5609, CVE-2013-5610)\n\nMyk Melez discovered that the doorhanger notification for web app\ninstallation could persist between page navigations. An attacker could\npotentially exploit this to conduct clickjacking attacks. (CVE-2013-5611)\n\nMasato Kinugawa discovered that pages with missing character set encoding\ninformation can inherit character encodings across navigations from\nanother domain. An attacker could potentially exploit this to conduct\ncross-site scripting attacks. (CVE-2013-5612)\n\nDaniel Veditz discovered that a sandboxed iframe could use an object\nelement to bypass its own restrictions. (CVE-2013-5614)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in\nevent listeners. An attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An\nattacker could potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2013-5618)\n\nDan Gohman discovered that binary search algorithms in Spidermonkey\nused arithmetic prone to overflow in several places. However, this\nis issue not believed to be exploitable. (CVE-2013-5619)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when inserting\nan ordered list in to a document using script. An attacker could\npotentially exploit this to execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-6671)\n\nVincent Lefevre discovered that web content could access clipboard data\nunder certain circumstances, resulting in information disclosure.\n(CVE-2013-6672)\n\nSijie Xia discovered that trust settings for built-in EV root certificates\nwere ignored under certain circumstances, removing the ability for a user\nto manually untrust certificates from specific authorities.\n(CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a\nuse-after-free in functions for synthetic mouse movement handling. An\nattacker could potentially exploit this to cause a denial of service via\napplication crash, ...\n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"firefox on Ubuntu 13.10 ,\n Ubuntu 13.04 ,\n Ubuntu 12.10 ,\n Ubuntu 12.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2052-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2052-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"26.0+build2-0ubuntu0.12.10.2\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"26.0+build2-0ubuntu0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"26.0+build2-0ubuntu0.13.10.2\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"26.0+build2-0ubuntu0.13.04.2\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6630", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-6629", "CVE-2013-5618"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:1361412562310841651", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841651", "type": "openvas", "title": "Ubuntu Update for firefox USN-2052-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2052_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for firefox USN-2052-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841651\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 12:05:51 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\",\n \"CVE-2013-5614\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\",\n \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\", \"CVE-2013-5613\",\n \"CVE-2013-5615\", \"CVE-2013-6629\", \"CVE-2013-6630\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for firefox USN-2052-1\");\n\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 13.10,\n Ubuntu 13.04,\n Ubuntu 12.10,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler\nand Christoph Diehl discovered multiple memory safety issues in Firefox. If\na user were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2013-5609, CVE-2013-5610)\n\nMyk Melez discovered that the doorhanger notification for web app\ninstallation could persist between page navigations. An attacker could\npotentially exploit this to conduct clickjacking attacks. (CVE-2013-5611)\n\nMasato Kinugawa discovered that pages with missing character set encoding\ninformation can inherit character encodings across navigations from\nanother domain. An attacker could potentially exploit this to conduct\ncross-site scripting attacks. (CVE-2013-5612)\n\nDaniel Veditz discovered that a sandboxed iframe could use an object\nelement to bypass its own restrictions. (CVE-2013-5614)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in\nevent listeners. An attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An\nattacker could potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2013-5618)\n\nDan Gohman discovered that binary search algorithms in Spidermonkey\nused arithmetic prone to overflow in several places. However, this\nis issue not believed to be exploitable. (CVE-2013-5619)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when inserting\nan ordered list in to a document using script. An attacker could\npotentially exploit this to execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-6671)\n\nVincent Lefevre discovered that web content could access clipboard data\nunder certain circumstances, resulting in information disclosure.\n(CVE-2013-6672)\n\nSijie Xia discovered that trust settings for built-in EV root certificates\nwere ignored under certain circumstances, removing the ability for a user\nto manually untrust certificates from specific authorities.\n(CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a\nuse-after-free in functions for synthetic mouse movement handling. An\nattacker could potentially exploit this to cause a denial of service via\napplication crash, ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2052-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2052-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.10|12\\.04 LTS|13\\.10|13\\.04)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"26.0+build2-0ubuntu0.12.10.2\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"26.0+build2-0ubuntu0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"26.0+build2-0ubuntu0.13.10.2\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"26.0+build2-0ubuntu0.13.04.2\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:40:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6630", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-6629", "CVE-2013-5618"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:1361412562310850559", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850559", "type": "openvas", "title": "openSUSE: Security Advisory for Mozilla (openSUSE-SU-2013:1871-1)", "sourceData": "# Copyright (C) 2013 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850559\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 12:03:27 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5613\", \"CVE-2013-5615\",\n \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-6629\", \"CVE-2013-6630\",\n \"CVE-2013-6671\", \"CVE-2013-6673\", \"CVE-2013-5611\", \"CVE-2013-5612\",\n \"CVE-2013-5614\", \"CVE-2013-5619\", \"CVE-2013-6672\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"openSUSE: Security Advisory for Mozilla (openSUSE-SU-2013:1871-1)\");\n\n script_tag(name:\"affected\", value:\"Mozilla on openSUSE 11.4\");\n\n script_tag(name:\"insight\", value:\"This patch contains\n\n * mozilla-nss 3.15.3.1 which includes a certstore update\n (1.95) to explicitly revoke AC DG Tresor SSL\n intermediate CA which was misused.\n\n * Firefox 24.2esr\n\n * Thunderbird 24.2\n\n * Seamonkey 2.23\n\n These updates fix several security issues:\n\n * CVE-2013-5611 Mozilla: Application Installation\n doorhanger persists on navigation (MFSA 2013-105)\n\n * CVE-2013-5609 Mozilla: Miscellaneous memory safety\n hazards (rv:24.2) (MFSA 2013-104)\n\n * CVE-2013-5610 Mozilla: Miscellaneous memory safety\n hazards (rv:26.0) (MFSA 2013-104)\n\n * CVE-2013-5612 Mozilla: Character encoding cross-origin\n XSS attack (MFSA 2013-106)\n\n * CVE-2013-5614 Mozilla: Sandbox restrictions not applied\n to nested object elements (MFSA 2013-107)\n\n * CVE-2013-5616 Mozilla: Use-after-free in event listeners\n (MFSA 2013-108)\n\n * CVE-2013-5619 Mozilla: Potential overflow in JavaScript\n binary search algorithms (MFSA 2013-110)\n\n * CVE-2013-6671 Mozilla: Segmentation violation when\n replacing ordered list elements (MFSA 2013-111)\n\n * CVE-2013-6673 Mozilla: Trust settings for built-in roots\n ignored during EV certificate validation (MFSA 2013-113)\n\n * CVE-2013-5613 Mozilla: Use-after-free in synthetic mouse\n movement (MFSA 2013-114)\n\n * CVE-2013-5615 Mozilla: GetElementIC typed array stubs can\n be generated outside observed typesets (MFSA 2013-115)\n\n * CVE-2013-6672 Mozilla: Linux clipboard information\n disclosure though selection paste (MFSA 2013-112)\n\n * CVE-2013-5618 Mozilla: Use-after-free during Table\n Editing (MFSA 2013-109)\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2013:1871-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Mozilla'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE11\\.4\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE11.4\") {\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~24.2.0~95.2\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~24.2.0~95.2\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~24.2.0~95.2\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~24.2.0~95.2\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~24.2.0~95.2\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~24.2.0~95.2\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~24.2.0~95.2\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~24.2.0~95.2\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~24.2.0~81.2\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-buildsymbols\", rpm:\"MozillaThunderbird-buildsymbols~24.2.0~81.2\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debuginfo\", rpm:\"MozillaThunderbird-debuginfo~24.2.0~81.2\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debugsource\", rpm:\"MozillaThunderbird-debugsource~24.2.0~81.2\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~24.2.0~81.2\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~24.2.0~81.2\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~24.2.0~81.2\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"enigmail\", rpm:\"enigmail~1.6.0+24.2.0~81.2\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo\", rpm:\"libfreebl3-debuginfo~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3\", rpm:\"libsoftokn3~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo\", rpm:\"libsoftokn3-debuginfo~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs\", rpm:\"mozilla-nss-certs~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo\", rpm:\"mozilla-nss-certs-debuginfo~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo\", rpm:\"mozilla-nss-debuginfo~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debugsource\", rpm:\"mozilla-nss-debugsource~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-devel\", rpm:\"mozilla-nss-devel~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit\", rpm:\"mozilla-nss-sysinit~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo\", rpm:\"mozilla-nss-sysinit-debuginfo~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools-debuginfo\", rpm:\"mozilla-nss-tools-debuginfo~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~2.23~85.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~2.23~85.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"seamonkey-debugsource\", rpm:\"seamonkey-debugsource~2.23~85.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~2.23~85.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"seamonkey-irc\", rpm:\"seamonkey-irc~2.23~85.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"seamonkey-translations-common\", rpm:\"seamonkey-translations-common~2.23~85.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"seamonkey-translations-other\", rpm:\"seamonkey-translations-other~2.23~85.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"seamonkey-venkman\", rpm:\"seamonkey-venkman~2.23~85.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo-32bit\", rpm:\"libfreebl3-debuginfo-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-32bit\", rpm:\"libsoftokn3-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-32bit\", rpm:\"libsoftokn3-debuginfo-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-32bit\", rpm:\"mozilla-nss-certs-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-32bit\", rpm:\"mozilla-nss-certs-debuginfo-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-32bit\", rpm:\"mozilla-nss-debuginfo-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-32bit\", rpm:\"mozilla-nss-sysinit-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-32bit\", rpm:\"mozilla-nss-sysinit-debuginfo-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo-x86\", rpm:\"libfreebl3-debuginfo-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-x86\", rpm:\"libfreebl3-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-x86\", rpm:\"libsoftokn3-debuginfo-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-x86\", rpm:\"libsoftokn3-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-x86\", rpm:\"mozilla-nss-certs-debuginfo-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-x86\", rpm:\"mozilla-nss-certs-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-x86\", rpm:\"mozilla-nss-debuginfo-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-x86\", rpm:\"mozilla-nss-sysinit-debuginfo-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-x86\", rpm:\"mozilla-nss-sysinit-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-x86\", rpm:\"mozilla-nss-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-12T11:15:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6630", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-6629", "CVE-2013-5618"], "description": "Check for the Version of Mozilla", "modified": "2017-12-08T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:850559", "href": "http://plugins.openvas.org/nasl.php?oid=850559", "type": "openvas", "title": "SuSE Update for Mozilla openSUSE-SU-2013:1871-1 (Mozilla)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2013_1871_1.nasl 8045 2017-12-08 08:39:37Z santu $\n#\n# SuSE Update for Mozilla openSUSE-SU-2013:1871-1 (Mozilla)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(850559);\n script_version(\"$Revision: 8045 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:39:37 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 12:03:27 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5613\", \"CVE-2013-5615\",\n \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-6629\", \"CVE-2013-6630\",\n \"CVE-2013-6671\", \"CVE-2013-6673\", \"CVE-2013-5611\", \"CVE-2013-5612\",\n \"CVE-2013-5614\", \"CVE-2013-5619\", \"CVE-2013-6672\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Update for Mozilla openSUSE-SU-2013:1871-1 (Mozilla)\");\n\n tag_insight = \"\n This patch contains\n * mozilla-nss 3.15.3.1 which includes a certstore update\n (1.95) to explicitely revoke AC DG Tresor SSL\n intermediate CA which was misused.\n * Firefox 24.2esr\n * Thunderbird 24.2\n * Seamonkey 2.23\n\n These updates fix several security issues:\n\n * CVE-2013-5611 Mozilla: Application Installation\n doorhanger persists on navigation (MFSA 2013-105)\n * CVE-2013-5609 Mozilla: Miscellaneous memory safety\n hazards (rv:24.2) (MFSA 2013-104)\n * CVE-2013-5610 Mozilla: Miscellaneous memory safety\n hazards (rv:26.0) (MFSA 2013-104)\n * CVE-2013-5612 Mozilla: Character encoding cross-origin\n XSS attack (MFSA 2013-106)\n * CVE-2013-5614 Mozilla: Sandbox restrictions not applied\n to nested object elements (MFSA 2013-107)\n * CVE-2013-5616 Mozilla: Use-after-free in event listeners\n (MFSA 2013-108)\n * CVE-2013-5619 Mozilla: Potential overflow in JavaScript\n binary search algorithms (MFSA 2013-110)\n * CVE-2013-6671 Mozilla: Segmentation violation when\n replacing ordered list elements (MFSA 2013-111)\n * CVE-2013-6673 Mozilla: Trust settings for built-in roots\n ignored during EV certificate validation (MFSA 2013-113)\n * CVE-2013-5613 Mozilla: Use-after-free in synthetic mouse\n movement (MFSA 2013-114)\n * CVE-2013-5615 Mozilla: GetElementIC typed array stubs can\n be generated outside observed typesets (MFSA 2013-115)\n * CVE-2013-6672 Mozilla: Linux clipboard information\n disclosure though selection paste (MFSA 2013-112)\n * CVE-2013-5618 Mozilla: Use-after-free during Table\n Editing (MFSA 2013-109)\";\n\n tag_affected = \"Mozilla on openSUSE 11.4\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"openSUSE-SU\", value: \"2013:1871_1\");\n script_summary(\"Check for the Version of Mozilla\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~24.2.0~95.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~24.2.0~95.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~24.2.0~95.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~24.2.0~95.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~24.2.0~95.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~24.2.0~95.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~24.2.0~95.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~24.2.0~95.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~24.2.0~81.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-buildsymbols\", rpm:\"MozillaThunderbird-buildsymbols~24.2.0~81.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-debuginfo\", rpm:\"MozillaThunderbird-debuginfo~24.2.0~81.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-debugsource\", rpm:\"MozillaThunderbird-debugsource~24.2.0~81.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~24.2.0~81.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~24.2.0~81.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~24.2.0~81.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"enigmail\", rpm:\"enigmail~1.6.0+24.2.0~81.2\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-debuginfo\", rpm:\"libfreebl3-debuginfo~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3\", rpm:\"libsoftokn3~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-debuginfo\", rpm:\"libsoftokn3-debuginfo~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs\", rpm:\"mozilla-nss-certs~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo\", rpm:\"mozilla-nss-certs-debuginfo~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debuginfo\", rpm:\"mozilla-nss-debuginfo~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debugsource\", rpm:\"mozilla-nss-debugsource~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-devel\", rpm:\"mozilla-nss-devel~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit\", rpm:\"mozilla-nss-sysinit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo\", rpm:\"mozilla-nss-sysinit-debuginfo~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-tools-debuginfo\", rpm:\"mozilla-nss-tools-debuginfo~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~2.23~85.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~2.23~85.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debugsource\", rpm:\"seamonkey-debugsource~2.23~85.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~2.23~85.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-irc\", rpm:\"seamonkey-irc~2.23~85.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-translations-common\", rpm:\"seamonkey-translations-common~2.23~85.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-translations-other\", rpm:\"seamonkey-translations-other~2.23~85.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-venkman\", rpm:\"seamonkey-venkman~2.23~85.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-debuginfo-32bit\", rpm:\"libfreebl3-debuginfo-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-32bit\", rpm:\"libsoftokn3-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-32bit\", rpm:\"libsoftokn3-debuginfo-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-32bit\", rpm:\"mozilla-nss-certs-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-32bit\", rpm:\"mozilla-nss-certs-debuginfo-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-32bit\", rpm:\"mozilla-nss-debuginfo-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-32bit\", rpm:\"mozilla-nss-sysinit-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-32bit\", rpm:\"mozilla-nss-sysinit-debuginfo-32bit~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-debuginfo-x86\", rpm:\"libfreebl3-debuginfo-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-x86\", rpm:\"libfreebl3-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-x86\", rpm:\"libsoftokn3-debuginfo-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-x86\", rpm:\"libsoftokn3-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-x86\", rpm:\"mozilla-nss-certs-debuginfo-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-x86\", rpm:\"mozilla-nss-certs-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-x86\", rpm:\"mozilla-nss-debuginfo-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-x86\", rpm:\"mozilla-nss-sysinit-debuginfo-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-x86\", rpm:\"mozilla-nss-sysinit-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-x86\", rpm:\"mozilla-nss-x86~3.15.3.1~74.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-07-19T22:15:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5615", "CVE-2013-6671", "CVE-2013-6673", "CVE-2013-5618"], "description": "This host is installed with Mozilla Firefox ESR and is prone to multiple\nvulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2013-12-23T00:00:00", "id": "OPENVAS:1361412562310804041", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804041", "type": "openvas", "title": "Mozilla Firefox ESR Multiple Vulnerabilities-01 Dec13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_esr_mult_vuln01_dec13_win.nasl 33846 2013-12-23 17:01:32Z dec$\n#\n# Mozilla Firefox ESR Multiple Vulnerabilities-01 Dec13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804041\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5613\", \"CVE-2013-5615\", \"CVE-2013-5616\",\n \"CVE-2013-5618\", \"CVE-2013-6671\", \"CVE-2013-6673\");\n script_bugtraq_id(64204, 64203, 64216, 64209, 64211, 64212, 64213);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-12-23 17:09:32 +0530 (Mon, 23 Dec 2013)\");\n script_name(\"Mozilla Firefox ESR Multiple Vulnerabilities-01 Dec13 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox ESR and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 24.2 or later.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove\n function.\n\n - JavaScript implementation does not properly enforce certain\n typeset restrictions on the generation of GetElementIC typed array stubs.\n\n - Use-after-free vulnerability in the nsEventListenerManager::HandleEvent\n SubType function\n\n - unspecified error in nsGfxScrollFrameInner::IsLTR function.\n\n - Flaw is due to the program ignoring the setting to remove the trust for\n extended validation (EV) capable root certificates.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version 24.x before 24.2 on Windows\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct cross-site scripting\nattacks, bypass certain security restrictions, disclose potentially sensitive\ninformation, and compromise a user's system.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/56002\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-104.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(ffVer =~ \"^24\\.\" && version_in_range(version:ffVer,\n test_version:\"24.0\",\n test_version2:\"24.1\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-23T19:05:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5615", "CVE-2013-6671", "CVE-2013-6673", "CVE-2013-5618"], "description": "This host is installed with Mozilla Thunderbird and is prone to multiple\nvulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2013-12-23T00:00:00", "id": "OPENVAS:1361412562310804043", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804043", "type": "openvas", "title": "Mozilla Thunderbird Multiple Vulnerabilities-01 Dec13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_thunderbird_mult_vuln01_dec13_win.nasl 33846 2013-12-23 17:28:34Z dec$\n#\n# Mozilla Thunderbird Multiple Vulnerabilities-01 Dec13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804043\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5613\", \"CVE-2013-5615\", \"CVE-2013-5616\",\n \"CVE-2013-5618\", \"CVE-2013-6671\", \"CVE-2013-6673\");\n script_bugtraq_id(64204, 64203, 64216, 64209, 64211, 64212, 64213);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-12-23 17:30:34 +0530 (Mon, 23 Dec 2013)\");\n script_name(\"Mozilla Thunderbird Multiple Vulnerabilities-01 Dec13 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Thunderbird and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird version 24.2 or later.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove\n function.\n\n - JavaScript implementation does not properly enforce certain\n typeset restrictions on the generation of GetElementIC typed array stubs.\n\n - Use-after-free vulnerability in the nsEventListenerManager::HandleEvent\n SubType function\n\n - unspecified error in nsGfxScrollFrameInner::IsLTR function.\n\n - Flaw is due to the program ignoring the setting to remove the trust for\n extended validation (EV) capable root certificates.\");\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird version before 24.2 on Windows\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct cross-site scripting\nattacks, bypass certain security restrictions, disclose potentially sensitive\ninformation, and compromise a user's system.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/56002\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-104.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Thunderbird/Win/Ver\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/thunderbird\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"24.2\"))\n{\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"24.2\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-23T19:06:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5615", "CVE-2013-6671", "CVE-2013-6673", "CVE-2013-5618"], "description": "This host is installed with Mozilla Thunderbird and is prone to multiple\nvulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2013-12-23T00:00:00", "id": "OPENVAS:1361412562310804044", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804044", "type": "openvas", "title": "Mozilla Thunderbird Multiple Vulnerabilities-01 Dec13 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_thunderbird_mult_vuln01_dec13_macosx.nasl 33846 2013-12-23 18:21:56Z dec$\n#\n# Mozilla Thunderbird Multiple Vulnerabilities-01 Dec13 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804044\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5613\", \"CVE-2013-5615\", \"CVE-2013-5616\",\n \"CVE-2013-5618\", \"CVE-2013-6671\", \"CVE-2013-6673\");\n script_bugtraq_id(64204, 64203, 64216, 64209, 64211, 64212, 64213);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-12-23 18:21:56 +0530 (Mon, 23 Dec 2013)\");\n script_name(\"Mozilla Thunderbird Multiple Vulnerabilities-01 Dec13 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Thunderbird and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird version 24.2 or later.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove\n function.\n\n - JavaScript implementation does not properly enforce certain\n typeset restrictions on the generation of GetElementIC typed array stubs.\n\n - Use-after-free vulnerability in the nsEventListenerManager::HandleEvent\n SubType function\n\n - unspecified error in nsGfxScrollFrameInner::IsLTR function.\n\n - Flaw is due to the program ignoring the setting to remove the trust for\n extended validation (EV) capable root certificates.\");\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird version before 24.2 on Mac OS X\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct cross-site scripting\nattacks, bypass certain security restrictions, disclose potentially sensitive\ninformation, and compromise a user's system.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/56002\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-104.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Thunderbird/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/thunderbird\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"24.2\"))\n{\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"24.2\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:08:02", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-5618"], "description": "MozillaFirefox has been updated to the 24.2.0 ESR security\n release.\n\n This is a major upgrade from the 17 ESR release branch.\n\n Security issues fixed:\n\n * CVE-2013-5611 Application Installation doorhanger\n persists on navigation (MFSA 2013-105)\n * CVE-2013-5609 Miscellaneous memory safety hazards\n (rv:24.2) (MFSA 2013-104)\n * CVE-2013-5610 Miscellaneous memory safety hazards\n (rv:26.0) (MFSA 2013-104)\n * CVE-2013-5612 Character encoding cross-origin XSS\n attack (MFSA 2013-106)\n * CVE-2013-5614 Sandbox restrictions not applied to\n nested object elements (MFSA 2013-107)\n * CVE-2013-5616 Use-after-free in event listeners (MFSA\n 2013-108)\n * CVE-2013-5619 Potential overflow in JavaScript binary\n search algorithms (MFSA 2013-110)\n * CVE-2013-6671 Segmentation violation when replacing\n ordered list elements (MFSA 2013-111)\n * CVE-2013-6673 Trust settings for built-in roots\n ignored during EV certificate validation (MFSA 2013-113)\n * CVE-2013-5613 Use-after-free in synthetic mouse\n movement (MFSA 2013-114)\n * CVE-2013-5615 GetElementIC typed array stubs can be\n generated outside observed typesets (MFSA 2013-115)\n * CVE-2013-6672 Linux clipboard information disclosure\n though selection paste (MFSA 2013-112)\n * CVE-2013-5618 Use-after-free during Table Editing\n (MFSA 2013-109)\n", "edition": 1, "modified": "2013-12-19T18:04:13", "published": "2013-12-19T18:04:13", "id": "SUSE-SU-2013:1919-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html", "title": "Security update for Mozilla Firefox (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:32:46", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6630", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-6629", "CVE-2013-5618"], "description": "This patch contains\n * mozilla-nss 3.15.3.1 which includes a certstore update\n (1.95) to explicitely revoke AC DG Tresor SSL\n intermediate CA which was misused.\n * Firefox 24.2esr\n * Thunderbird 24.2\n * Seamonkey 2.23\n\n These updates fix several security issues:\n\n * CVE-2013-5611 Mozilla: Application Installation\n doorhanger persists on navigation (MFSA 2013-105)\n * CVE-2013-5609 Mozilla: Miscellaneous memory safety\n hazards (rv:24.2) (MFSA 2013-104)\n * CVE-2013-5610 Mozilla: Miscellaneous memory safety\n hazards (rv:26.0) (MFSA 2013-104)\n * CVE-2013-5612 Mozilla: Character encoding cross-origin\n XSS attack (MFSA 2013-106)\n * CVE-2013-5614 Mozilla: Sandbox restrictions not applied\n to nested object elements (MFSA 2013-107)\n * CVE-2013-5616 Mozilla: Use-after-free in event listeners\n (MFSA 2013-108)\n * CVE-2013-5619 Mozilla: Potential overflow in JavaScript\n binary search algorithms (MFSA 2013-110)\n * CVE-2013-6671 Mozilla: Segmentation violation when\n replacing ordered list elements (MFSA 2013-111)\n * CVE-2013-6673 Mozilla: Trust settings for built-in roots\n ignored during EV certificate validation (MFSA 2013-113)\n * CVE-2013-5613 Mozilla: Use-after-free in synthetic mouse\n movement (MFSA 2013-114)\n * CVE-2013-5615 Mozilla: GetElementIC typed array stubs can\n be generated outside observed typesets (MFSA 2013-115)\n * CVE-2013-6672 Mozilla: Linux clipboard information\n disclosure though selection paste (MFSA 2013-112)\n * CVE-2013-5618 Mozilla: Use-after-free during Table\n Editing (MFSA 2013-109)\n\n", "edition": 1, "modified": "2013-12-13T15:04:36", "published": "2013-12-13T15:04:36", "id": "OPENSUSE-SU-2013:1871-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00004.html", "type": "suse", "title": "Mozilla updates 2013/12 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2020-06-05T12:28:58", "description": "Mozilla Firefox has been updated to the 24.2.0 ESR security release.\n\nThis is a major upgrade from the 17 ESR release branch.\n\nSecurity issues fixed :\n\n - Application Installation doorhanger persists on\n navigation. (MFSA 2013-105). (CVE-2013-5611)\n\n - Miscellaneous memory safety hazards (rv:24.2). (MFSA\n 2013-104). (CVE-2013-5609)\n\n - Miscellaneous memory safety hazards (rv:26.0). (MFSA\n 2013-104). (CVE-2013-5610)\n\n - Character encoding cross-origin XSS attack. (MFSA\n 2013-106). (CVE-2013-5612)\n\n - Sandbox restrictions not applied to nested object\n elements. (MFSA 2013-107). (CVE-2013-5614)\n\n - Use-after-free in event listeners. (MFSA 2013-108).\n (CVE-2013-5616)\n\n - Potential overflow in JavaScript binary search\n algorithms. (MFSA 2013-110). (CVE-2013-5619)\n\n - Segmentation violation when replacing ordered list\n elements. (MFSA 2013-111). (CVE-2013-6671)\n\n - Trust settings for built-in roots ignored during EV\n certificate validation. (MFSA 2013-113). (CVE-2013-6673)\n\n - Use-after-free in synthetic mouse movement. (MFSA\n 2013-114). (CVE-2013-5613)\n\n - GetElementIC typed array stubs can be generated outside\n observed typesets. (MFSA 2013-115). (CVE-2013-5615)\n\n - Linux clipboard information disclosure though selection\n paste. (MFSA 2013-112). (CVE-2013-6672)\n\n - Use-after-free during Table Editing (MFSA 2013-109).\n (CVE-2013-5618)", "edition": 16, "published": "2013-12-20T00:00:00", "title": "SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8657)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-5618"], "modified": "2013-12-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:MozillaFirefox-branding-SLED", "p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit", "p-cpe:/a:novell:suse_linux:11:libsoftokn3", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-nss", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox", "p-cpe:/a:novell:suse_linux:11:libsoftokn3-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools", "p-cpe:/a:novell:suse_linux:11:libfreebl3", "p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit"], "id": "SUSE_11_FIREFOX24-201312-131216.NASL", "href": "https://www.tenable.com/plugins/nessus/71560", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71560);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n\n script_name(english:\"SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8657)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox has been updated to the 24.2.0 ESR security release.\n\nThis is a major upgrade from the 17 ESR release branch.\n\nSecurity issues fixed :\n\n - Application Installation doorhanger persists on\n navigation. (MFSA 2013-105). (CVE-2013-5611)\n\n - Miscellaneous memory safety hazards (rv:24.2). (MFSA\n 2013-104). (CVE-2013-5609)\n\n - Miscellaneous memory safety hazards (rv:26.0). (MFSA\n 2013-104). (CVE-2013-5610)\n\n - Character encoding cross-origin XSS attack. (MFSA\n 2013-106). (CVE-2013-5612)\n\n - Sandbox restrictions not applied to nested object\n elements. (MFSA 2013-107). (CVE-2013-5614)\n\n - Use-after-free in event listeners. (MFSA 2013-108).\n (CVE-2013-5616)\n\n - Potential overflow in JavaScript binary search\n algorithms. (MFSA 2013-110). (CVE-2013-5619)\n\n - Segmentation violation when replacing ordered list\n elements. (MFSA 2013-111). (CVE-2013-6671)\n\n - Trust settings for built-in roots ignored during EV\n certificate validation. (MFSA 2013-113). (CVE-2013-6673)\n\n - Use-after-free in synthetic mouse movement. (MFSA\n 2013-114). (CVE-2013-5613)\n\n - GetElementIC typed array stubs can be generated outside\n observed typesets. (MFSA 2013-115). (CVE-2013-5615)\n\n - Linux clipboard information disclosure though selection\n paste. (MFSA 2013-112). (CVE-2013-6672)\n\n - Use-after-free during Table Editing (MFSA 2013-109).\n (CVE-2013-5618)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-105.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-107.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-108.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-109.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-110.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-111.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-112.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-113.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-115.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5609.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5610.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5611.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5612.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5613.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5614.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5615.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5616.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5618.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5619.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6671.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6672.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6673.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 8657.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-branding-SLED\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-24.2.0esr-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-branding-SLED-24-0.7.4\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-24.2.0esr-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libfreebl3-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libsoftokn3-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nss-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nss-tools-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"MozillaFirefox-24.2.0esr-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"MozillaFirefox-branding-SLED-24-0.7.4\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"MozillaFirefox-translations-24.2.0esr-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libfreebl3-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libfreebl3-32bit-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libsoftokn3-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libsoftokn3-32bit-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"mozilla-nss-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"mozilla-nss-32bit-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"mozilla-nss-tools-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-24.2.0esr-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-branding-SLED-24-0.7.4\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-24.2.0esr-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libfreebl3-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libsoftokn3-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nss-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nss-tools-3.15.3.1-0.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T12:28:58", "description": "Mozilla Firefox has been updated to the 24.2.0 ESR security release.\n\nThis is a major upgrade from the 17 ESR release branch.\n\nSecurity issues fixed :\n\n - Application Installation doorhanger persists on\n navigation. (MFSA 2013-105). (CVE-2013-5611)\n\n - Miscellaneous memory safety hazards (rv:24.2). (MFSA\n 2013-104). (CVE-2013-5609)\n\n - Miscellaneous memory safety hazards (rv:26.0). (MFSA\n 2013-104). (CVE-2013-5610)\n\n - Character encoding cross-origin XSS attack. (MFSA\n 2013-106). (CVE-2013-5612)\n\n - Sandbox restrictions not applied to nested object\n elements. (MFSA 2013-107). (CVE-2013-5614)\n\n - Use-after-free in event listeners. (MFSA 2013-108).\n (CVE-2013-5616)\n\n - Potential overflow in JavaScript binary search\n algorithms. (MFSA 2013-110). (CVE-2013-5619)\n\n - Segmentation violation when replacing ordered list\n elements. (MFSA 2013-111). (CVE-2013-6671)\n\n - Trust settings for built-in roots ignored during EV\n certificate validation. (MFSA 2013-113). (CVE-2013-6673)\n\n - Use-after-free in synthetic mouse movement. (MFSA\n 2013-114). (CVE-2013-5613)\n\n - GetElementIC typed array stubs can be generated outside\n observed typesets. (MFSA 2013-115). (CVE-2013-5615)\n\n - Linux clipboard information disclosure though selection\n paste. (MFSA 2013-112). (CVE-2013-6672)\n\n - Use-after-free during Table Editing (MFSA 2013-109).\n (CVE-2013-5618)", "edition": 16, "published": "2013-12-20T00:00:00", "title": "SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8657)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-5618"], "modified": "2013-12-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:MozillaFirefox-branding-SLED", "p-cpe:/a:novell:suse_linux:11:libsoftokn3", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-nss", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox", "p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools", "p-cpe:/a:novell:suse_linux:11:libfreebl3"], "id": "SUSE_11_FIREFOX24-201312-131215.NASL", "href": "https://www.tenable.com/plugins/nessus/71559", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71559);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n\n script_name(english:\"SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8657)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox has been updated to the 24.2.0 ESR security release.\n\nThis is a major upgrade from the 17 ESR release branch.\n\nSecurity issues fixed :\n\n - Application Installation doorhanger persists on\n navigation. (MFSA 2013-105). (CVE-2013-5611)\n\n - Miscellaneous memory safety hazards (rv:24.2). (MFSA\n 2013-104). (CVE-2013-5609)\n\n - Miscellaneous memory safety hazards (rv:26.0). (MFSA\n 2013-104). (CVE-2013-5610)\n\n - Character encoding cross-origin XSS attack. (MFSA\n 2013-106). (CVE-2013-5612)\n\n - Sandbox restrictions not applied to nested object\n elements. (MFSA 2013-107). (CVE-2013-5614)\n\n - Use-after-free in event listeners. (MFSA 2013-108).\n (CVE-2013-5616)\n\n - Potential overflow in JavaScript binary search\n algorithms. (MFSA 2013-110). (CVE-2013-5619)\n\n - Segmentation violation when replacing ordered list\n elements. (MFSA 2013-111). (CVE-2013-6671)\n\n - Trust settings for built-in roots ignored during EV\n certificate validation. (MFSA 2013-113). (CVE-2013-6673)\n\n - Use-after-free in synthetic mouse movement. (MFSA\n 2013-114). (CVE-2013-5613)\n\n - GetElementIC typed array stubs can be generated outside\n observed typesets. (MFSA 2013-115). (CVE-2013-5615)\n\n - Linux clipboard information disclosure though selection\n paste. (MFSA 2013-112). (CVE-2013-6672)\n\n - Use-after-free during Table Editing (MFSA 2013-109).\n (CVE-2013-5618)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-105.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-107.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-108.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-109.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-110.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-111.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-112.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-113.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-115.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5609.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5610.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5611.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5612.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5613.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5614.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5615.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5616.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5618.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5619.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6671.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6672.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6673.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 8657.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-branding-SLED\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-24.2.0esr-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-branding-SLED-24-0.7.4\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-translations-24.2.0esr-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libfreebl3-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libsoftokn3-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"mozilla-nss-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"mozilla-nss-tools-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-24.2.0esr-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-branding-SLED-24-0.7.4\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-translations-24.2.0esr-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"libfreebl3-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"libsoftokn3-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"mozilla-nss-3.15.3.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"mozilla-nss-tools-3.15.3.1-0.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T11:12:16", "description": "This update fixes the following security issues with SeaMonkey :\n\n - update to SeaMonkey 2.23 (bnc#854370))\n\n - requires NSPR 4.10.2 and NSS 3.15.3.1\n\n - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous\n memory safety hazards\n\n - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application\n Installation doorhanger persists on navigation\n\n - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character\n encoding cross-origin XSS attack\n\n - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox\n restrictions not applied to nested object elements\n\n - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free\n in event listeners\n\n - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free\n during Table Editing\n\n - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential\n overflow in JavaScript binary search algorithms\n\n - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation\n violation when replacing ordered list elements\n\n - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard\n information disclosure though selection paste\n\n - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings\n for built-in roots ignored during EV certificate\n validation\n\n - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)\n Use-after-free in synthetic mouse movement\n\n - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC\n typed array stubs can be generated outside observed\n typesets\n\n - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)\n JPEG information leak\n\n - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI\n certificate (fixed via NSS 3.15.3.1)\n\n - rebased patches :\n\n - mozilla-nongnome-proxies.patch\n\n - mozilla-shared-nss-db.patch", "edition": 18, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : seamonkey (openSUSE-SU-2014:0008-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6630", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-6629", "CVE-2013-5618"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2014-2.NASL", "href": "https://www.tenable.com/plugins/nessus/75327", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-2.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75327);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n script_bugtraq_id(63676, 63679, 64203, 64204, 64205, 64206, 64207, 64209, 64210, 64211, 64212, 64213, 64214, 64215, 64216);\n\n script_name(english:\"openSUSE Security Update : seamonkey (openSUSE-SU-2014:0008-1)\");\n script_summary(english:\"Check for the openSUSE-2014-2 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues with SeaMonkey :\n\n - update to SeaMonkey 2.23 (bnc#854370))\n\n - requires NSPR 4.10.2 and NSS 3.15.3.1\n\n - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous\n memory safety hazards\n\n - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application\n Installation doorhanger persists on navigation\n\n - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character\n encoding cross-origin XSS attack\n\n - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox\n restrictions not applied to nested object elements\n\n - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free\n in event listeners\n\n - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free\n during Table Editing\n\n - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential\n overflow in JavaScript binary search algorithms\n\n - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation\n violation when replacing ordered list elements\n\n - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard\n information disclosure though selection paste\n\n - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings\n for built-in roots ignored during EV certificate\n validation\n\n - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)\n Use-after-free in synthetic mouse movement\n\n - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC\n typed array stubs can be generated outside observed\n typesets\n\n - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)\n JPEG information leak\n\n - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI\n certificate (fixed via NSS 3.15.3.1)\n\n - rebased patches :\n\n - mozilla-nongnome-proxies.patch\n\n - mozilla-shared-nss-db.patch\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2|SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2 / 12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-2.23-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debuginfo-2.23-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debugsource-2.23-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-dom-inspector-2.23-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-irc-2.23-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-common-2.23-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-other-2.23-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-venkman-2.23-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"seamonkey-2.23-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"seamonkey-debuginfo-2.23-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"seamonkey-debugsource-2.23-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"seamonkey-dom-inspector-2.23-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"seamonkey-irc-2.23-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"seamonkey-translations-common-2.23-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"seamonkey-translations-other-2.23-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"seamonkey-venkman-2.23-1.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-2.23-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-debuginfo-2.23-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-debugsource-2.23-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-dom-inspector-2.23-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-irc-2.23-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-translations-common-2.23-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-translations-other-2.23-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-venkman-2.23-4.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-debuginfo / seamonkey-debugsource / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:11:37", "description": "New upstream.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-12-18T00:00:00", "title": "Fedora 20 : firefox-26.0-3.fc20 / thunderbird-24.2.0-3.fc20 / xulrunner-26.0-2.fc20 (2013-23519)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6630", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-6629", "CVE-2013-5618"], "modified": "2013-12-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xulrunner", "p-cpe:/a:fedoraproject:fedora:firefox", "cpe:/o:fedoraproject:fedora:20", "p-cpe:/a:fedoraproject:fedora:thunderbird"], "id": "FEDORA_2013-23519.NASL", "href": "https://www.tenable.com/plugins/nessus/71505", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-23519.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71505);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n script_xref(name:\"FEDORA\", value:\"2013-23519\");\n\n script_name(english:\"Fedora 20 : firefox-26.0-3.fc20 / thunderbird-24.2.0-3.fc20 / xulrunner-26.0-2.fc20 (2013-23519)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New upstream.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124255.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4eabafc3\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124256.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9e57c332\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?776a9916\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox, thunderbird and / or xulrunner packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"firefox-26.0-3.fc20\")) flag++;\nif (rpm_check(release:\"FC20\", reference:\"thunderbird-24.2.0-3.fc20\")) flag++;\nif (rpm_check(release:\"FC20\", reference:\"xulrunner-26.0-2.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / thunderbird / xulrunner\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:40:17", "description": "Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and\nChristoph Diehl discovered multiple memory safety issues in Firefox.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit these to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5609, CVE-2013-5610)\n\nMyk Melez discovered that the doorhanger notification for web app\ninstallation could persist between page navigations. An attacker could\npotentially exploit this to conduct clickjacking attacks.\n(CVE-2013-5611)\n\nMasato Kinugawa discovered that pages with missing character set\nencoding information can inherit character encodings across\nnavigations from another domain. An attacker could potentially exploit\nthis to conduct cross-site scripting attacks. (CVE-2013-5612)\n\nDaniel Veditz discovered that a sandboxed iframe could use an object\nelement to bypass its own restrictions. (CVE-2013-5614)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in\nevent listeners. An attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5618)\n\nDan Gohman discovered that binary search algorithms in Spidermonkey\nused arithmetic prone to overflow in several places. However, this is\nissue not believed to be exploitable. (CVE-2013-5619)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when\ninserting an ordered list in to a document using script. An attacker\ncould potentially exploit this to execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2013-6671)\n\nVincent Lefevre discovered that web content could access clipboard\ndata under certain circumstances, resulting in information disclosure.\n(CVE-2013-6672)\n\nSijie Xia discovered that trust settings for built-in EV root\ncertificates were ignored under certain circumstances, removing the\nability for a user to manually untrust certificates from specific\nauthorities. (CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a\nuse-after-free in functions for synthetic mouse movement handling. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5613)\n\nEric Faust discovered that GetElementIC typed array stubs can be\ngenerated outside observed typesets. An attacker could possibly\nexploit this to cause undefined behaviour with a potential security\nimpact. (CVE-2013-5615)\n\nMichal Zalewski discovered several issues with JPEG image handling. An\nattacker could potentially exploit these to obtain sensitive\ninformation. (CVE-2013-6629, CVE-2013-6630).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2013-12-12T00:00:00", "title": "Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2052-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6630", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-6629", "CVE-2013-5618"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:13.10", "p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2052-1.NASL", "href": "https://www.tenable.com/plugins/nessus/71374", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2052-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71374);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n script_bugtraq_id(63676, 63679, 64203, 64204, 64205, 64206, 64207, 64209, 64210, 64211, 64212, 64213, 64214, 64215, 64216);\n script_xref(name:\"USN\", value:\"2052-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2052-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and\nChristoph Diehl discovered multiple memory safety issues in Firefox.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit these to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5609, CVE-2013-5610)\n\nMyk Melez discovered that the doorhanger notification for web app\ninstallation could persist between page navigations. An attacker could\npotentially exploit this to conduct clickjacking attacks.\n(CVE-2013-5611)\n\nMasato Kinugawa discovered that pages with missing character set\nencoding information can inherit character encodings across\nnavigations from another domain. An attacker could potentially exploit\nthis to conduct cross-site scripting attacks. (CVE-2013-5612)\n\nDaniel Veditz discovered that a sandboxed iframe could use an object\nelement to bypass its own restrictions. (CVE-2013-5614)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in\nevent listeners. An attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5618)\n\nDan Gohman discovered that binary search algorithms in Spidermonkey\nused arithmetic prone to overflow in several places. However, this is\nissue not believed to be exploitable. (CVE-2013-5619)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when\ninserting an ordered list in to a document using script. An attacker\ncould potentially exploit this to execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2013-6671)\n\nVincent Lefevre discovered that web content could access clipboard\ndata under certain circumstances, resulting in information disclosure.\n(CVE-2013-6672)\n\nSijie Xia discovered that trust settings for built-in EV root\ncertificates were ignored under certain circumstances, removing the\nability for a user to manually untrust certificates from specific\nauthorities. (CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a\nuse-after-free in functions for synthetic mouse movement handling. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2013-5613)\n\nEric Faust discovered that GetElementIC typed array stubs can be\ngenerated outside observed typesets. An attacker could possibly\nexploit this to cause undefined behaviour with a potential security\nimpact. (CVE-2013-5615)\n\nMichal Zalewski discovered several issues with JPEG image handling. An\nattacker could potentially exploit these to obtain sensitive\ninformation. (CVE-2013-6629, CVE-2013-6630).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2052-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|12\\.10|13\\.04|13\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 12.10 / 13.04 / 13.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.12.10.2\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.13.04.2\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"firefox\", pkgver:\"26.0+build2-0ubuntu0.13.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:50:43", "description": "The Mozilla Project reports :\n\nMFSA 2013-116 JPEG information leak\n\nMFSA 2013-105 Application Installation doorhanger persists on\nnavigation\n\nMFSA 2013-106 Character encoding cross-origin XSS attack\n\nMFSA 2013-107 Sandbox restrictions not applied to nested object\nelements\n\nMFSA 2013-108 Use-after-free in event listeners\n\nMFSA 2013-109 Use-after-free during Table Editing\n\nMFSA 2013-110 Potential overflow in JavaScript binary search\nalgorithms\n\nMFSA 2013-111 Segmentation violation when replacing ordered list\nelements\n\nMFSA 2013-112 Linux clipboard information disclosure though selection\npaste\n\nMFSA 2013-113 Trust settings for built-in roots ignored during EV\ncertificate validation\n\nMFSA 2013-114 Use-after-free in synthetic mouse movement\n\nMFSA 2013-115 GetElementIC typed array stubs can be generated outside\nobserved typesets\n\nMFSA 2013-116 JPEG information leak\n\nMFSA 2013-117 Mis-issued ANSSI/DCSSI certificate", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2013-12-16T00:00:00", "title": "FreeBSD : mozilla -- multiple vulnerabilities (dd116b19-64b3-11e3-868f-0025905a4771)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6630", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-6629", "CVE-2013-5618"], "modified": "2013-12-16T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-thunderbird", "p-cpe:/a:freebsd:freebsd:linux-firefox", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:seamonkey", "p-cpe:/a:freebsd:freebsd:linux-seamonkey", "p-cpe:/a:freebsd:freebsd:firefox", "p-cpe:/a:freebsd:freebsd:thunderbird"], "id": "FREEBSD_PKG_DD116B1964B311E3868F0025905A4771.NASL", "href": "https://www.tenable.com/plugins/nessus/71452", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71452);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n\n script_name(english:\"FreeBSD : mozilla -- multiple vulnerabilities (dd116b19-64b3-11e3-868f-0025905a4771)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The Mozilla Project reports :\n\nMFSA 2013-116 JPEG information leak\n\nMFSA 2013-105 Application Installation doorhanger persists on\nnavigation\n\nMFSA 2013-106 Character encoding cross-origin XSS attack\n\nMFSA 2013-107 Sandbox restrictions not applied to nested object\nelements\n\nMFSA 2013-108 Use-after-free in event listeners\n\nMFSA 2013-109 Use-after-free during Table Editing\n\nMFSA 2013-110 Potential overflow in JavaScript binary search\nalgorithms\n\nMFSA 2013-111 Segmentation violation when replacing ordered list\nelements\n\nMFSA 2013-112 Linux clipboard information disclosure though selection\npaste\n\nMFSA 2013-113 Trust settings for built-in roots ignored during EV\ncertificate validation\n\nMFSA 2013-114 Use-after-free in synthetic mouse movement\n\nMFSA 2013-115 GetElementIC typed array stubs can be generated outside\nobserved typesets\n\nMFSA 2013-116 JPEG information leak\n\nMFSA 2013-117 Mis-issued ANSSI/DCSSI certificate\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-104.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-104/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-105.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-105/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-106.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-106/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-107.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-107/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-108.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-108/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-109.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-109/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-110.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-110/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-111.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-111/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-112.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-112/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-113.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-113/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-114.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-114/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-115.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-115/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-116.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-116/\"\n );\n # https://www.mozilla.org/security/announce/2013/mfsa2013-117.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-117/\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/known-vulnerabilities/\"\n );\n # https://vuxml.freebsd.org/freebsd/dd116b19-64b3-11e3-868f-0025905a4771.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2d1f23a6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox>25.0,1<26.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"firefox<24.2.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<26.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey<2.23\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-thunderbird<24.2.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<2.23\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<24.2.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:11:33", "description": "Update to Firefox 26.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-12-12T00:00:00", "title": "Fedora 19 : firefox-26.0-2.fc19 / xulrunner-26.0-1.fc19 (2013-23127)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6630", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-6629", "CVE-2013-5618"], "modified": "2013-12-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xulrunner", "p-cpe:/a:fedoraproject:fedora:firefox", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2013-23127.NASL", "href": "https://www.tenable.com/plugins/nessus/71365", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-23127.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71365);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n script_bugtraq_id(63676, 63679, 64203, 64204, 64205, 64206, 64207, 64209, 64210, 64211, 64212, 64213, 64214, 64215, 64216);\n script_xref(name:\"FEDORA\", value:\"2013-23127\");\n\n script_name(english:\"Fedora 19 : firefox-26.0-2.fc19 / xulrunner-26.0-1.fc19 (2013-23127)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to Firefox 26.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123436.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?60424139\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dcdf3aa2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or xulrunner packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"firefox-26.0-2.fc19\")) flag++;\nif (rpm_check(release:\"FC19\", reference:\"xulrunner-26.0-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T11:12:14", "description": " - update to Firefox 26.0 (bnc#854367, bnc#854370)\n\n - rebased patches\n\n - requires NSPR 4.10.2 and NSS 3.15.3.1\n\n - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous\n memory safety hazards\n\n - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application\n Installation doorhanger persists on navigation\n\n - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character\n encoding cross-origin XSS attack\n\n - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox\n restrictions not applied to nested object elements\n\n - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free\n in event listeners\n\n - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free\n during Table Editing\n\n - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential\n overflow in JavaScript binary search algorithms\n\n - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation\n violation when replacing ordered list elements\n\n - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard\n information disclosure though selection paste\n\n - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings\n for built-in roots ignored during EV certificate\n validation\n\n - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)\n Use-after-free in synthetic mouse movement\n\n - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC\n typed array stubs can be generated outside observed\n typesets\n\n - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)\n JPEG information leak\n\n - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI\n certificate (fixed via NSS 3.15.3.1)\n\n - removed gecko.js preference file as GStreamer is enabled\n by default now", "edition": 18, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1916-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6630", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-6629", "CVE-2013-5618"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2013-993.NASL", "href": "https://www.tenable.com/plugins/nessus/75239", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-993.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75239);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1916-1)\");\n script_summary(english:\"Check for the openSUSE-2013-993 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to Firefox 26.0 (bnc#854367, bnc#854370)\n\n - rebased patches\n\n - requires NSPR 4.10.2 and NSS 3.15.3.1\n\n - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous\n memory safety hazards\n\n - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application\n Installation doorhanger persists on navigation\n\n - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character\n encoding cross-origin XSS attack\n\n - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox\n restrictions not applied to nested object elements\n\n - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free\n in event listeners\n\n - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free\n during Table Editing\n\n - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential\n overflow in JavaScript binary search algorithms\n\n - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation\n violation when replacing ordered list elements\n\n - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard\n information disclosure though selection paste\n\n - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings\n for built-in roots ignored during EV certificate\n validation\n\n - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)\n Use-after-free in synthetic mouse movement\n\n - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC\n typed array stubs can be generated outside observed\n typesets\n\n - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)\n JPEG information leak\n\n - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI\n certificate (fixed via NSS 3.15.3.1)\n\n - removed gecko.js preference file as GStreamer is enabled\n by default now\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-26.0-2.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-branding-upstream-26.0-2.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-buildsymbols-26.0-2.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debuginfo-26.0-2.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debugsource-26.0-2.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-devel-26.0-2.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-common-26.0-2.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-other-26.0-2.67.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T11:12:14", "description": " - update to Firefox 26.0 (bnc#854367, bnc#854370)\n\n - rebased patches\n\n - requires NSPR 4.10.2 and NSS 3.15.3.1\n\n - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous\n memory safety hazards\n\n - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application\n Installation doorhanger persists on navigation\n\n - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character\n encoding cross-origin XSS attack\n\n - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox\n restrictions not applied to nested object elements\n\n - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free\n in event listeners\n\n - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free\n during Table Editing\n\n - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential\n overflow in JavaScript binary search algorithms\n\n - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation\n violation when replacing ordered list elements\n\n - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard\n information disclosure though selection paste\n\n - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings\n for built-in roots ignored during EV certificate\n validation\n\n - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)\n Use-after-free in synthetic mouse movement\n\n - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC\n typed array stubs can be generated outside observed\n typesets\n\n - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)\n JPEG information leak\n\n - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI\n certificate (fixed via NSS 3.15.3.1)\n\n - removed gecko.js preference file as GStreamer is enabled\n by default now", "edition": 18, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1917-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6630", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-6629", "CVE-2013-5618"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox"], "id": "OPENSUSE-2013-994.NASL", "href": "https://www.tenable.com/plugins/nessus/75240", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-994.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75240);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1917-1)\");\n script_summary(english:\"Check for the openSUSE-2013-994 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to Firefox 26.0 (bnc#854367, bnc#854370)\n\n - rebased patches\n\n - requires NSPR 4.10.2 and NSS 3.15.3.1\n\n - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous\n memory safety hazards\n\n - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application\n Installation doorhanger persists on navigation\n\n - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character\n encoding cross-origin XSS attack\n\n - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox\n restrictions not applied to nested object elements\n\n - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free\n in event listeners\n\n - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free\n during Table Editing\n\n - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential\n overflow in JavaScript binary search algorithms\n\n - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation\n violation when replacing ordered list elements\n\n - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard\n information disclosure though selection paste\n\n - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings\n for built-in roots ignored during EV certificate\n validation\n\n - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)\n Use-after-free in synthetic mouse movement\n\n - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC\n typed array stubs can be generated outside observed\n typesets\n\n - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)\n JPEG information leak\n\n - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI\n certificate (fixed via NSS 3.15.3.1)\n\n - removed gecko.js preference file as GStreamer is enabled\n by default now\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaFirefox-26.0-1.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaFirefox-branding-upstream-26.0-1.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaFirefox-buildsymbols-26.0-1.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaFirefox-debuginfo-26.0-1.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaFirefox-debugsource-26.0-1.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaFirefox-devel-26.0-1.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaFirefox-translations-common-26.0-1.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaFirefox-translations-other-26.0-1.43.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T11:12:14", "description": " - update to Firefox 26.0 (bnc#854367, bnc#854370)\n\n - rebased patches\n\n - requires NSPR 4.10.2 and NSS 3.15.3.1\n\n - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous\n memory safety hazards\n\n - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application\n Installation doorhanger persists on navigation\n\n - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character\n encoding cross-origin XSS attack\n\n - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox\n restrictions not applied to nested object elements\n\n - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free\n in event listeners\n\n - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free\n during Table Editing\n\n - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential\n overflow in JavaScript binary search algorithms\n\n - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation\n violation when replacing ordered list elements\n\n - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard\n information disclosure though selection paste\n\n - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings\n for built-in roots ignored during EV certificate\n validation\n\n - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)\n Use-after-free in synthetic mouse movement\n\n - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC\n typed array stubs can be generated outside observed\n typesets\n\n - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)\n JPEG information leak\n\n - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI\n certificate (fixed via NSS 3.15.3.1)\n\n - removed gecko.js preference file as GStreamer is enabled\n by default now", "edition": 17, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1918-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6630", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-6629", "CVE-2013-5618"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2013-995.NASL", "href": "https://www.tenable.com/plugins/nessus/75241", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-995.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75241);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5611\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1918-1)\");\n script_summary(english:\"Check for the openSUSE-2013-995 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to Firefox 26.0 (bnc#854367, bnc#854370)\n\n - rebased patches\n\n - requires NSPR 4.10.2 and NSS 3.15.3.1\n\n - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous\n memory safety hazards\n\n - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application\n Installation doorhanger persists on navigation\n\n - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character\n encoding cross-origin XSS attack\n\n - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox\n restrictions not applied to nested object elements\n\n - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free\n in event listeners\n\n - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free\n during Table Editing\n\n - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential\n overflow in JavaScript binary search algorithms\n\n - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation\n violation when replacing ordered list elements\n\n - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard\n information disclosure though selection paste\n\n - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings\n for built-in roots ignored during EV certificate\n validation\n\n - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)\n Use-after-free in synthetic mouse movement\n\n - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC\n typed array stubs can be generated outside observed\n typesets\n\n - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)\n JPEG information leak\n\n - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI\n certificate (fixed via NSS 3.15.3.1)\n\n - removed gecko.js preference file as GStreamer is enabled\n by default now\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-26.0-4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-branding-upstream-26.0-4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-buildsymbols-26.0-4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debuginfo-26.0-4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debugsource-26.0-4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-devel-26.0-4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-common-26.0-4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-other-26.0-4.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:31", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6630", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-6629", "CVE-2013-5618"], "description": "\nThe Mozilla Project reports:\n\nMFSA 2013-116 JPEG information leak\nMFSA 2013-105 Application Installation doorhanger persists on\n\t navigation\nMFSA 2013-106 Character encoding cross-origin XSS attack\nMFSA 2013-107 Sandbox restrictions not applied to nested object\n\t elements\nMFSA 2013-108 Use-after-free in event listeners\nMFSA 2013-109 Use-after-free during Table Editing\nMFSA 2013-110 Potential overflow in JavaScript binary search\n\t algorithms\nMFSA 2013-111 Segmentation violation when replacing ordered list\n\t elements\nMFSA 2013-112 Linux clipboard information disclosure though\n\t selection paste\nMFSA 2013-113 Trust settings for built-in roots ignored during EV\n\t certificate validation\nMFSA 2013-114 Use-after-free in synthetic mouse movement\nMFSA 2013-115 GetElementIC typed array stubs can be generated\n\t outside observed typesets\nMFSA 2013-116 JPEG information leak\nMFSA 2013-117 Mis-issued ANSSI/DCSSI certificate\n\n", "edition": 4, "modified": "2013-12-09T00:00:00", "published": "2013-12-09T00:00:00", "id": "DD116B19-64B3-11E3-868F-0025905A4771", "href": "https://vuxml.freebsd.org/freebsd/dd116b19-64b3-11e3-868f-0025905a4771.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:37:34", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6630", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-6629", "CVE-2013-5618"], "description": "Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph \nDiehl discovered multiple memory safety issues in Firefox. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit these to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2013-5609, CVE-2013-5610)\n\nMyk Melez discovered that the doorhanger notification for web app \ninstallation could persist between page navigations. An attacker could \npotentially exploit this to conduct clickjacking attacks. (CVE-2013-5611)\n\nMasato Kinugawa discovered that pages with missing character set encoding \ninformation can inherit character encodings across navigations from \nanother domain. An attacker could potentially exploit this to conduct \ncross-site scripting attacks. (CVE-2013-5612)\n\nDaniel Veditz discovered that a sandboxed iframe could use an object \nelement to bypass its own restrictions. (CVE-2013-5614)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in \nevent listeners. An attacker could potentially exploit this to cause a \ndenial of service via application crash, or execute arbitrary code with \nthe privileges of the user invoking Firefox. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2013-5618)\n\nDan Gohman discovered that binary search algorithms in Spidermonkey \nused arithmetic prone to overflow in several places. However, this \nis issue not believed to be exploitable. (CVE-2013-5619)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when inserting \nan ordered list in to a document using script. An attacker could \npotentially exploit this to execute arbitrary code with the privileges \nof the user invoking Firefox. (CVE-2013-6671)\n\nVincent Lefevre discovered that web content could access clipboard data \nunder certain circumstances, resulting in information disclosure. \n(CVE-2013-6672)\n\nSijie Xia discovered that trust settings for built-in EV root certificates \nwere ignored under certain circumstances, removing the ability for a user \nto manually untrust certificates from specific authorities. \n(CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a \nuse-after-free in functions for synthetic mouse movement handling. An \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2013-5613)\n\nEric Faust discovered that GetElementIC typed array stubs can be generated \noutside observed typesets. An attacker could possibly exploit this to \ncause undefined behaviour with a potential security impact. \n(CVE-2013-5615)\n\nMichal Zalewski discovered several issues with JPEG image handling. An \nattacker could potentially exploit these to obtain sensitive information. \n(CVE-2013-6629, CVE-2013-6630)", "edition": 5, "modified": "2013-12-11T00:00:00", "published": "2013-12-11T00:00:00", "id": "USN-2052-1", "href": "https://ubuntu.com/security/notices/USN-2052-1", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5615", "CVE-2013-6671", "CVE-2013-6630", "CVE-2013-6673", "CVE-2013-6629", "CVE-2013-5618"], "description": "Ben Turner, Bobby Holley, Jesse Ruderman and Christian Holler discovered \nmultiple memory safety issues in Thunderbird. If a user were tricked in to \nopening a specially crafted message with scripting enabled, an attacker \ncould potentially exploit these to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Thunderbird. (CVE-2013-5609)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in \nevent listeners. If a user had enabled scripting, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nThunderbird. (CVE-2013-5616)\n\nA use-after-free was discovered in the table editing interface. An \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Thunderbird. (CVE-2013-5618)\n\nTyson Smith and Jesse Schwartzentruber discovered a crash when inserting \nan ordered list in to a document using script. If a user had enabled \nscripting, an attacker could potentially exploit this to execute \narbitrary code with the privileges of the user invoking Thunderbird. \n(CVE-2013-6671)\n\nSijie Xia discovered that trust settings for built-in EV root certificates \nwere ignored under certain circumstances, removing the ability for a user \nto manually untrust certificates from specific authorities. \n(CVE-2013-6673)\n\nTyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a \nuse-after-free in functions for synthetic mouse movement handling. If a \nuser had enabled scripting, an attacker could potentially exploit this \nto cause a denial of service via application crash, or execute arbitrary \ncode with the privileges of the user invoking Thunderbird. (CVE-2013-5613)\n\nEric Faust discovered that GetElementIC typed array stubs can be generated \noutside observed typesets. If a user had enabled scripting, an attacker \ncould possibly exploit this to cause undefined behaviour with a potential \nsecurity impact. (CVE-2013-5615)\n\nMichal Zalewski discovered several issues with JPEG image handling. An \nattacker could potentially exploit these to obtain sensitive information. \n(CVE-2013-6629, CVE-2013-6630)", "edition": 5, "modified": "2013-12-11T00:00:00", "published": "2013-12-11T00:00:00", "id": "USN-2053-1", "href": "https://ubuntu.com/security/notices/USN-2053-1", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:53", "bulletinFamily": "software", "cvelist": ["CVE-2013-5612", "CVE-2013-5611", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-5619", "CVE-2013-5615", "CVE-2013-5610", "CVE-2013-6671", "CVE-2013-6630", "CVE-2013-6673", "CVE-2013-6672", "CVE-2013-5614", "CVE-2013-6629", "CVE-2013-5618"], "description": "Multiple memory corruptions, XSS, information leakage, certificate check bypass.", "edition": 1, "modified": "2013-12-23T00:00:00", "published": "2013-12-23T00:00:00", "id": "SECURITYVULNS:VULN:13460", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13460", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:06", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5612", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-6671", "CVE-2013-5614", "CVE-2013-5618"], "description": "[24.2.0-1.0.1.el6_4]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one\n- Build with nspr-devel >= 4.10.0 to fix build failure\n[24.2.0-1]\n- Update to 24.2.0 ESR\n[24.1.0-4]\n- Fixed mozbz#938730 - avoid mix of memory allocators (crashes)\n when using system sqlite\n[24.1.0-3]\n- Fixed locale pickup (rhbz#1034541)\n[24.1.0-2]\n- Fixed package reinstall issue\n[24.1.0-1]\n- Update to 24.1.0 ESR\n[24.0-0.1]\n- Update to 24.0 ESR", "edition": 4, "modified": "2013-12-11T00:00:00", "published": "2013-12-11T00:00:00", "id": "ELSA-2013-1812", "href": "http://linux.oracle.com/errata/ELSA-2013-1812.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-22T17:09:11", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5612", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-6671", "CVE-2013-5614", "CVE-2013-5618"], "description": "[24.2.0-1.0.1.el6_5]\r\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\r\n- Make sure build with nspr-devel >= 4.10.0\r\n \n[24.2.0-1]\r\n- Update to 24.2.0 ESR\r\n \n[24.1.0-1]\r\n- Update to 24.1.0 ESR", "edition": 5, "modified": "2013-12-11T00:00:00", "published": "2013-12-11T00:00:00", "id": "ELSA-2013-1823", "href": "http://linux.oracle.com/errata/ELSA-2013-1823.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-07-17T03:28:07", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5612", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-5609", "CVE-2013-6671", "CVE-2013-5614", "CVE-2013-0772", "CVE-2013-5618"], "description": "**CentOS Errata and Security Advisory** CESA-2013:1812\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to terminate\nunexpectedly or, potentially, execute arbitrary code with the privileges of\nthe user running Firefox. (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618,\nCVE-2013-6671, CVE-2013-5613)\n\nA flaw was found in the way Firefox rendered web content with missing\ncharacter encoding information. An attacker could use this flaw to possibly\nbypass same-origin inheritance and perform cross-site scripting (XSS)\nattacks. (CVE-2013-5612)\n\nIt was found that certain malicious web content could bypass restrictions\napplied by sandboxed iframes. An attacker could combine this flaw with\nother vulnerabilities to execute arbitrary code with the privileges of the\nuser running Firefox. (CVE-2013-5614)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Ben Turner, Bobby Holley, Jesse Ruderman, Christian\nHoller, Masato Kinugawa, Daniel Veditz, Jesse Schwartzentruber, Nils, Tyson\nSmith, and Atte Kettunen as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 24.2.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 24.2.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-December/032105.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-December/032111.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1812.html", "edition": 7, "modified": "2013-12-13T00:08:28", "published": "2013-12-11T11:44:39", "href": "http://lists.centos.org/pipermail/centos-announce/2013-December/032105.html", "id": "CESA-2013:1812", "title": "firefox security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:26:36", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5612", "CVE-2013-5616", "CVE-2013-5613", "CVE-2013-6674", "CVE-2013-5609", "CVE-2013-6671", "CVE-2013-5614", "CVE-2013-0772", "CVE-2013-5618"], "description": "**CentOS Errata and Security Advisory** CESA-2013:1823\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613)\n\nA flaw was found in the way Thunderbird rendered web content with missing\ncharacter encoding information. An attacker could use this flaw to possibly\nbypass same-origin inheritance and perform cross site-scripting (XSS)\nattacks. (CVE-2013-5612)\n\nIt was found that certain malicious web content could bypass restrictions\napplied by sandboxed iframes. An attacker could combine this flaw with\nother vulnerabilities to execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2013-5614)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Ben Turner, Bobby Holley, Jesse Ruderman, Christian\nHoller, Masato Kinugawa, Daniel Veditz, Jesse Schwartzentruber, Nils, Tyson\nSmith, and Atte Kettunen as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 24.2.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 24.2.0 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-December/032106.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-December/032110.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1823.html", "edition": 5, "modified": "2013-12-13T00:07:12", "published": "2013-12-11T23:13:52", "href": "http://lists.centos.org/pipermail/centos-announce/2013-December/032106.html", "id": "CESA-2013:1823", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-12-11T13:30:58", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0772", "CVE-2013-5609", "CVE-2013-5612", "CVE-2013-5613", "CVE-2013-5614", "CVE-2013-5616", "CVE-2013-5618", "CVE-2013-6671"], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to terminate\nunexpectedly or, potentially, execute arbitrary code with the privileges of\nthe user running Firefox. (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618,\nCVE-2013-6671, CVE-2013-5613)\n\nA flaw was found in the way Firefox rendered web content with missing\ncharacter encoding information. An attacker could use this flaw to possibly\nbypass same-origin inheritance and perform cross-site scripting (XSS)\nattacks. (CVE-2013-5612)\n\nIt was found that certain malicious web content could bypass restrictions\napplied by sandboxed iframes. An attacker could combine this flaw with\nother vulnerabilities to execute arbitrary code with the privileges of the\nuser running Firefox. (CVE-2013-5614)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Ben Turner, Bobby Holley, Jesse Ruderman, Christian\nHoller, Masato Kinugawa, Daniel Veditz, Jesse Schwartzentruber, Nils, Tyson\nSmith, and Atte Kettunen as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 24.2.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 24.2.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "modified": "2018-06-06T20:24:37", "published": "2013-12-11T05:00:00", "id": "RHSA-2013:1812", "href": "https://access.redhat.com/errata/RHSA-2013:1812", "type": "redhat", "title": "(RHSA-2013:1812) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:32:27", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0772", "CVE-2013-5609", "CVE-2013-5612", "CVE-2013-5613", "CVE-2013-5614", "CVE-2013-5616", "CVE-2013-5618", "CVE-2013-6671", "CVE-2013-6674"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613)\n\nA flaw was found in the way Thunderbird rendered web content with missing\ncharacter encoding information. An attacker could use this flaw to possibly\nbypass same-origin inheritance and perform cross site-scripting (XSS)\nattacks. (CVE-2013-5612)\n\nIt was found that certain malicious web content could bypass restrictions\napplied by sandboxed iframes. An attacker could combine this flaw with\nother vulnerabilities to execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2013-5614)\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Ben Turner, Bobby Holley, Jesse Ruderman, Christian\nHoller, Masato Kinugawa, Daniel Veditz, Jesse Schwartzentruber, Nils, Tyson\nSmith, and Atte Kettunen as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 24.2.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 24.2.0 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n", "modified": "2018-06-06T20:24:20", "published": "2013-12-11T05:00:00", "id": "RHSA-2013:1823", "href": "https://access.redhat.com/errata/RHSA-2013:1823", "type": "redhat", "title": "(RHSA-2013:1823) Important: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-12-09T19:52:49", "description": "Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations.\nPer: http://www.mozilla.org/security/announce/2013/mfsa2013-112.html\n\n\"Windows and OS X systems are not affected by this issue. \"", "edition": 6, "cvss3": {}, "published": "2013-12-11T15:55:00", "title": "CVE-2013-6672", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6672"], "modified": "2020-08-21T18:40:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/o:suse:linux_enterprise_software_development_kit:11", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:opensuse:opensuse:12.2", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/o:suse:linux_enterprise_desktop:11", "cpe:/o:opensuse:opensuse:12.3", "cpe:/o:oracle:solaris:11.3"], "id": "CVE-2013-6672", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6672", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*"]}, {"lastseen": "2020-12-09T19:52:46", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "edition": 6, "cvss3": {}, "published": "2013-12-11T15:55:00", "title": "CVE-2013-5610", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5610"], "modified": "2020-08-21T18:43:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "cpe:/o:fedoraproject:fedora:19", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/o:suse:linux_enterprise_software_development_kit:11", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:opensuse:opensuse:12.2", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/o:suse:linux_enterprise_desktop:11", "cpe:/o:opensuse:opensuse:12.3", "cpe:/o:oracle:solaris:11.3"], "id": "CVE-2013-5610", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5610", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:49", "description": "Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.", "edition": 6, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2013-12-11T15:55:00", "title": "CVE-2013-6673", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6673"], "modified": "2020-08-12T14:49:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "cpe:/o:fedoraproject:fedora:19", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/a:suse:suse_linux_enterprise_software_development_kit:11.0", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:opensuse:opensuse:12.2", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/o:suse:linux_enterprise_desktop:11", "cpe:/o:opensuse:opensuse:12.3"], "id": "CVE-2013-6673", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6673", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:49", "description": "The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2013-12-11T15:55:00", "title": "CVE-2013-6671", "type": "cve", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6671"], "modified": "2020-08-12T14:39:00", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:5.0", "cpe:/o:fedoraproject:fedora:18", "cpe:/o:redhat:enterprise_linux_workstation:5.0", "cpe:/o:redhat:enterprise_linux_eus:6.5", "cpe:/o:fedoraproject:fedora:19", "cpe:/o:redhat:enterprise_linux_server_eus:6.5", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/a:suse:suse_linux_enterprise_software_development_kit:11.0", "cpe:/o:suse:suse_linux_enterprise_desktop:11", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:redhat:enterprise_linux_server_aus:6.5", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:redhat:enterprise_linux_server:5.0", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:opensuse:opensuse:12.2", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_tus:6.5", "cpe:/o:suse:suse_linux_enterprise_server:11", "cpe:/o:opensuse:opensuse:12.3"], "id": "CVE-2013-6671", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6671", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:-:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp3:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:46", "description": "Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.", "edition": 6, "cvss3": {}, "published": "2013-12-11T15:55:00", "title": "CVE-2013-5614", "type": "cve", "cwe": ["CWE-1021"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5614"], "modified": "2020-08-21T18:41:00", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:5.0", "cpe:/o:redhat:enterprise_linux_workstation:5.0", "cpe:/o:redhat:enterprise_linux_eus:6.5", "cpe:/o:fedoraproject:fedora:19", "cpe:/o:redhat:enterprise_linux_server_eus:6.5", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/o:suse:linux_enterprise_software_development_kit:11", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:redhat:enterprise_linux_server_aus:6.5", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:redhat:enterprise_linux_server:5.0", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:opensuse:opensuse:12.2", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:suse:linux_enterprise_desktop:11", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_tus:6.5", "cpe:/o:opensuse:opensuse:12.3", "cpe:/o:oracle:solaris:11.3"], "id": "CVE-2013-5614", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5614", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*"]}, {"lastseen": "2020-12-09T19:52:46", "description": "The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2013-12-11T15:55:00", "title": "CVE-2013-5615", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5615"], "modified": "2020-08-12T14:49:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "cpe:/o:fedoraproject:fedora:19", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/a:suse:suse_linux_enterprise_software_development_kit:11.0", "cpe:/o:suse:suse_linux_enterprise_desktop:11", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:opensuse:opensuse:12.2", "cpe:/o:suse:suse_linux_enterprise_server:11", "cpe:/o:opensuse:opensuse:12.3"], "id": "CVE-2013-5615", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5615", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:-:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp3:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:46", "description": "Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function.\nCWE-416: Use After Free", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2013-12-11T15:55:00", "title": "CVE-2013-5613", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5613"], "modified": "2020-08-12T14:45:00", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:5.0", "cpe:/o:fedoraproject:fedora:18", "cpe:/o:redhat:enterprise_linux_workstation:5.0", "cpe:/o:redhat:enterprise_linux_eus:6.5", "cpe:/o:fedoraproject:fedora:19", "cpe:/o:redhat:enterprise_linux_server_eus:6.5", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/a:suse:suse_linux_enterprise_software_development_kit:11.0", "cpe:/o:suse:suse_linux_enterprise_desktop:11", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:redhat:enterprise_linux_server_aus:6.5", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:redhat:enterprise_linux_server:5.0", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:opensuse:opensuse:12.2", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_tus:6.5", "cpe:/o:suse:suse_linux_enterprise_server:11", "cpe:/o:opensuse:opensuse:12.3"], "id": "CVE-2013-5613", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5613", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:-:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp3:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:46", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2013-12-11T15:55:00", "title": "CVE-2013-5609", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5609"], "modified": "2020-08-12T14:42:00", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:5.0", "cpe:/o:fedoraproject:fedora:18", "cpe:/o:redhat:enterprise_linux_workstation:5.0", "cpe:/o:redhat:enterprise_linux_eus:6.5", "cpe:/o:fedoraproject:fedora:19", "cpe:/o:redhat:enterprise_linux_server_eus:6.5", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/a:suse:suse_linux_enterprise_software_development_kit:11.0", "cpe:/o:suse:suse_linux_enterprise_desktop:11", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:redhat:enterprise_linux_server_aus:6.5", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:redhat:enterprise_linux_server:5.0", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:opensuse:opensuse:12.2", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_tus:6.5", "cpe:/o:suse:suse_linux_enterprise_server:11", "cpe:/o:opensuse:opensuse:12.3"], "id": "CVE-2013-5609", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5609", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:-:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp3:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:46", "description": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.", "edition": 6, "cvss3": {}, "published": "2013-12-11T15:55:00", "title": "CVE-2013-5612", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5612"], "modified": "2020-08-21T18:42:00", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:5.0", "cpe:/o:redhat:enterprise_linux_workstation:5.0", "cpe:/o:redhat:enterprise_linux_eus:6.5", "cpe:/o:fedoraproject:fedora:19", "cpe:/o:redhat:enterprise_linux_server_eus:6.5", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/o:suse:linux_enterprise_software_development_kit:11", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:redhat:enterprise_linux_server_aus:6.5", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:redhat:enterprise_linux_server:5.0", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:opensuse:opensuse:12.2", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:suse:linux_enterprise_desktop:11", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_tus:6.5", "cpe:/o:opensuse:opensuse:12.3", "cpe:/o:oracle:solaris:11.3"], "id": "CVE-2013-5612", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5612", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*"]}, {"lastseen": "2020-12-09T19:52:46", "description": "Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.", "edition": 6, "cvss3": {}, "published": "2013-12-11T15:55:00", "title": "CVE-2013-5619", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5619"], "modified": "2020-08-21T18:41:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/o:suse:linux_enterprise_software_development_kit:11", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:opensuse:opensuse:12.2", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/o:suse:linux_enterprise_desktop:11", "cpe:/o:oracle:solaris:11.3"], "id": "CVE-2013-5619", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5619", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*"]}], "mozilla": [{"lastseen": "2016-09-05T13:37:50", "bulletinFamily": "software", "cvelist": ["CVE-2013-5609", "CVE-2013-5610"], "description": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.\nIn general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "edition": 1, "modified": "2013-12-10T00:00:00", "published": "2013-12-10T00:00:00", "id": "MFSA2013-104", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2013-104/", "type": "mozilla", "title": "Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-05T13:37:49", "bulletinFamily": "software", "cvelist": ["CVE-2013-6672"], "description": "Mozilla community member Vincent Lefevre reported that on\nLinux systems, web content can access data saved to the clipboard when a user\nattempts to paste a selection with a middle-click instead of pasting the\nselection content. This allows for possibly private data in the clipboard to be\ninadvertently disclosed to web content. Windows and OS X systems are not\naffected by this issue.\n\nIn general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "edition": 1, "modified": "2013-12-10T00:00:00", "published": "2013-12-10T00:00:00", "id": "MFSA2013-112", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2013-112/", "type": "mozilla", "title": "Linux clipboard information disclosure though selection paste", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-05T13:37:45", "bulletinFamily": "software", "cvelist": ["CVE-2013-6673"], "edition": 1, "description": "Firefox user Sijie Xia reported that if a user\nexplicitly removes the trust for extended validation (EV) capable root\ncertificates in the certificate manager, the change is not properly used when\nvalidating EV certificates, causing the setting to be ignored. This removes the\nability of users to explicitly untrust root certificates from specific\ncertificate authorities.\n\nThis flaw does not affect certificates that are not extended\nvalidation certificates. All other certificate validation checks do occur, the\nerror is the assumption that if Mozilla trusted the certificate, the user would\nalso.", "modified": "2013-12-10T00:00:00", "published": "2013-12-10T00:00:00", "id": "MFSA2013-113", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2013-113/", "type": "mozilla", "title": "Trust settings for built-in roots ignored during EV certificate validation", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-05T13:37:40", "bulletinFamily": "software", "cvelist": ["CVE-2013-6671"], "edition": 1, "description": "Security researchers Tyson Smith and Jesse\nSchwartzentruber of the BlackBerry Security Automated Analysis Team\nused the Address Sanitizer tool while fuzzing to discover a mechanism where\ninserting an ordered list into a document through script could lead to a\npotentially exploitable crash that can be triggered by web content. \n\nIn general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "modified": "2013-12-10T00:00:00", "published": "2013-12-10T00:00:00", "id": "MFSA2013-111", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2013-111/", "type": "mozilla", "title": "Segmentation violation when replacing ordered list elements", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-05T13:37:44", "bulletinFamily": "software", "cvelist": ["CVE-2013-5619"], "edition": 1, "description": "Compiler Engineer Dan Gohman of Google reported that binary\nsearch algorithms in the SpiderMonkey JavaScript engine were prone to overflow\nin several places, leading to potential out-of-bounds array access. While none\nof these are known to be directly exploitable, they are unsafe in theory and\nhave been changed as part of general security improvements. \n\nIn general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "modified": "2013-12-10T00:00:00", "published": "2013-12-10T00:00:00", "id": "MFSA2013-110", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2013-110/", "type": "mozilla", "title": "Potential overflow in JavaScript binary search algorithms", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-05T13:37:49", "bulletinFamily": "software", "cvelist": ["CVE-2013-5618"], "description": "Security researcher Nils used the Address Sanitizer tool\nwhile fuzzing to discover a use-after-free problem in the table editing user\ninterface of the editor during garbage collection. This leads to a potentially\nexploitable crash.", "edition": 1, "modified": "2013-12-10T00:00:00", "published": "2013-12-10T00:00:00", "id": "MFSA2013-109", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2013-109/", "type": "mozilla", "title": "Use-after-free during Table Editing", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-05T13:37:44", "bulletinFamily": "software", "cvelist": ["CVE-2013-5614"], "edition": 1, "description": "Mozilla security developer Daniel Veditz discovered that\n<iframe sandbox> restrictions are not applied to an\n<object> element contained within a sandboxed iframe. This\ncould allow content hosted within a sandboxed iframe to use\n<object> element to bypass the sandbox restrictions that\nshould be applied.", "modified": "2013-12-10T00:00:00", "published": "2013-12-10T00:00:00", "id": "MFSA2013-107", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2013-107/", "type": "mozilla", "title": "Sandbox restrictions not applied to nested object elements", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-05T13:37:46", "bulletinFamily": "software", "cvelist": ["CVE-2013-5613"], "edition": 1, "description": "Security researchers Tyson Smith and Jesse\nSchwartzentruber of the BlackBerry Security Automated Analysis Team\nused the Address Sanitizer tool while fuzzing to discover a user-after-free in\nthe functions for synthetic mouse movement handling. Security researcher\nAtte Kettunen from OUSPG also reported a variant of the same\nflaw. This issue leads to a potentially exploitable crash.\n\nIn general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "modified": "2013-12-10T00:00:00", "published": "2013-12-10T00:00:00", "id": "MFSA2013-114", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2013-114/", "type": "mozilla", "title": "Use-after-free in synthetic mouse movement", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-05T13:37:45", "bulletinFamily": "software", "cvelist": ["CVE-2013-5615"], "edition": 1, "description": "Mozilla developer Eric Faust reported that during JavaScript compilation GetElementIC typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact.\n\nIn general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "modified": "2013-12-10T00:00:00", "published": "2013-12-10T00:00:00", "id": "MFSA2013-115", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2013-115/", "type": "mozilla", "title": "GetElementIC typed array stubs can be generated outside observed typesets", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-05T13:37:47", "bulletinFamily": "software", "cvelist": ["CVE-2013-5612"], "edition": 1, "description": "Security researcher Masato Kinugawa discovered that if a web\npage is missing character set encoding information it can inherit character\nencodings across navigations into another domain from an earlier site. Only\nsame-origin inheritance is allowed according to the HTML5 specification. This\nissue allows an attacker to add content that will be interpreted one way on the\nvictim site, but which may then behave differently, evading cross-site scripting\n(XSS) filtering, when forced into an unexpected character set. Web site authors\nshould always explicitly declare a character encoding to avoid similar issues.\n\nIn general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "modified": "2013-12-10T00:00:00", "published": "2013-12-10T00:00:00", "id": "MFSA2013-106", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2013-106/", "type": "mozilla", "title": "Character encoding cross-origin XSS attack", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "seebug": [{"lastseen": "2017-11-19T17:38:31", "description": "BUGTRAQ ID: 64213\r\nCVE(CAN) ID: CVE-2013-6673\r\n\r\nMozilla Firefox/SeaMonkey/Thunderbird\u662fMozilla\u6240\u53d1\u5e03\u7684WEB\u6d4f\u89c8\u5668/\u65b0\u95fb\u7ec4\u5ba2\u6237\u7aef/\u90ae\u4ef6\u5ba2\u6237\u7aef\u3002\r\n\r\nFirefox 26\u3001Firefox ESR 24.2\u3001Thunderbird 24.2\u3001Seamonkey 2.23\u4e4b\u524d\u7248\u672c\u5728\u8bc1\u4e66\u7ba1\u7406\u5668\u7684\u5b9e\u73b0\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u6210\u529f\u5229\u7528\u540e\u53ef\u5bfc\u81f4\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u3002\r\n0\r\nMozilla Firefox < 26\r\nMozilla Thunderbird < 24.2\r\nMozilla SeaMonkey < 2.23\r\nMozilla Firefox ESR < 24.2\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMozilla\r\n-------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.mozilla.org/security/\r\nhttps://www.mozilla.org/security/announce/2013/mfsa2013-113.html", "published": "2013-12-12T00:00:00", "type": "seebug", "title": "Mozilla Firefox/ Thunderbird/SeaMonkey\u5b89\u5168\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-6673"], "modified": "2013-12-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61091", "id": "SSV:61091", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T17:38:29", "description": "CVE(CAN) ID: CVE-2013-5610\r\n\r\nMozilla Firefox/SeaMonkey/Thunderbird\u662fMozilla\u6240\u53d1\u5e03\u7684WEB\u6d4f\u89c8\u5668/\u65b0\u95fb\u7ec4\u5ba2\u6237\u7aef/\u90ae\u4ef6\u5ba2\u6237\u7aef\u3002\r\n\r\nMozilla Firefox/SeaMonkey/Thunderbird\u6240\u4f7f\u7528\u7684\u6d4f\u89c8\u5668\u5f15\u64ce\u5b58\u5728\u672a\u660e\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u6784\u5efa\u6076\u610fWEB\u9875\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4ee5\u5e94\u7528\u7a0b\u5e8f\u4e0a\u4e0b\u6587\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n0\r\nMozilla Firefox < 26\r\nMozilla Thunderbird < 24.2\r\nMozilla SeaMonkey < 2.23\r\nMozilla Firefox ESR < 24.2\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMozilla\r\n-------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.mozilla.org/security/\r\nhttp://www.mozilla.org/security/announce/2013/mfsa2013-104.html", "published": "2013-12-12T00:00:00", "type": "seebug", "title": "Mozilla Firefox/Thunderbird/SeaMonkey\u672a\u660e\u5185\u5b58\u7834\u574f\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-5610"], "modified": "2013-12-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61094", "id": "SSV:61094", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T17:38:26", "description": "BUGTRAQ ID: 64212\r\nCVE(CAN) ID: CVE-2013-6671\r\n\r\nMozilla Firefox/SeaMonkey/Thunderbird\u662fMozilla\u6240\u53d1\u5e03\u7684WEB\u6d4f\u89c8\u5668/\u65b0\u95fb\u7ec4\u5ba2\u6237\u7aef/\u90ae\u4ef6\u5ba2\u6237\u7aef\u3002\r\n\r\nFirefox 26\u3001Firefox ESR 24.2\u3001Thunderbird 24.2\u3001Seamonkey 2.23\u4e4b\u524d\u7248\u672c\u5728libxul.so!nsGfxScrollFrameInner::IsLTR() \u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u6bb5\u9519\u8bef\uff0c\u6210\u529f\u5229\u7528\u540e\u53ef\u4f7f\u653b\u51fb\u8005\u9020\u6210\u53d7\u5f71\u54cd\u5e94\u7528\u5d29\u6e83\u3002\r\n0\r\nMozilla Firefox < 26\r\nMozilla Thunderbird < 24.2\r\nMozilla SeaMonkey < 2.23\r\nMozilla Firefox ESR < 24.2\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMozilla\r\n-------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.mozilla.org/security/\r\nhttp://www.mozilla.org/security/announce/2013/mfsa2013-111.html", "published": "2013-12-12T00:00:00", "type": "seebug", "title": "Mozilla Firefox/Thunderbird/SeaMonkey\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-6671"], "modified": "2013-12-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61090", "id": "SSV:61090", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T17:38:27", "description": "BUGTRAQ ID: 64211\r\nCVE(CAN) ID: CVE-2013-5618\r\n\r\nMozilla Firefox/SeaMonkey/Thunderbird\u662fMozilla\u6240\u53d1\u5e03\u7684WEB\u6d4f\u89c8\u5668/\u65b0\u95fb\u7ec4\u5ba2\u6237\u7aef/\u90ae\u4ef6\u5ba2\u6237\u7aef\u3002\r\n\r\nFirefox 26\u3001Firefox ESR 24.2\u3001Thunderbird 24.2\u3001Seamonkey 2.23\u4e4b\u524d\u7248\u672c\u5728\u7f16\u8f91\u5668\u8868\u683c\u7f16\u8f91\u7528\u6237\u63a5\u53e3\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u91ca\u653e\u540e\u91cd\u5229\u7528\u6f0f\u6d1e\uff0c\u6210\u529f\u5229\u7528\u540e\u53ef\u4f7f\u653b\u51fb\u8005\u9020\u6210\u53d7\u5f71\u54cd\u5e94\u7528\u5d29\u6e83\u3002\r\n0\r\nMozilla Firefox < 26\r\nMozilla Thunderbird < 24.2\r\nMozilla SeaMonkey < 2.23\r\nMozilla Firefox ESR < 24.2\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMozilla\r\n-------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.mozilla.org/security/\r\nhttp://www.mozilla.org/security/announce/2013/mfsa2013-109.html", "published": "2013-12-12T00:00:00", "type": "seebug", "title": "Mozilla Firefox/Thunderbird/SeaMonkey\u91ca\u653e\u540e\u91cd\u5229\u7528\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-5618"], "modified": "2013-12-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61089", "id": "SSV:61089", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T17:38:28", "description": "CVE(CAN) ID: CVE-2013-5612\r\n\r\nMozilla Firefox/SeaMonkey\u662fMozilla\u6240\u53d1\u5e03\u7684WEB\u6d4f\u89c8\u5668/\u65b0\u95fb\u7ec4\u5ba2\u6237\u7aef\u3002\r\n\r\nMozilla Firefox/SeaMonkey\u5904\u7406\u76f8\u5173\u5b57\u7b26\u96c6\u7f16\u7801\u4fe1\u606f\u7ee7\u627f\u5b58\u5728\u4e00\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4f9b\u7f3a\u5c11\u5b57\u7b26\u96c6\u53c2\u6570\u7684Content-Type HTTP\u5934\u5b57\u6bb5\uff0c\u7ed5\u8fc7\u8de8\u7ad9\u811a\u672c\u8fc7\u6ee4\u6ce8\u5165\u4efb\u610fWEB\u811a\u672c\u6216HTML\u3002\n0\nMozilla Firefox < 26\r\nMozilla SeaMonkey < 2.23\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMozilla\r\n-------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.mozilla.org/security/\r\nhttp://www.mozilla.org/security/announce/2013/mfsa2013-106.html", "published": "2013-12-12T00:00:00", "type": "seebug", "title": "Mozilla Firefox/SeaMonkey\u8de8\u57dfXSS\u653b\u51fb\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-5612"], "modified": "2013-12-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61092", "id": "SSV:61092", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:40", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0824", "CVE-2014-1505", "CVE-2014-1536", "CVE-2014-1577", "CVE-2014-1513", "CVE-2013-5601", "CVE-2013-5612", "CVE-2015-0831", "CVE-2013-5595", "CVE-2014-1530", "CVE-2014-1590", "CVE-2014-1586", "CVE-2014-1583", "CVE-2015-0832", "CVE-2013-5616", "CVE-2013-5607", "CVE-2014-1510", "CVE-2014-1566", "CVE-2013-5598", "CVE-2013-5613", "CVE-2014-1522", "CVE-2014-1587", "CVE-2014-1567", "CVE-2014-1481", "CVE-2014-1539", "CVE-2014-1487", "CVE-2015-0825", "CVE-2014-1594", "CVE-2014-1538", "CVE-2013-5609", "CVE-2015-0821", "CVE-2014-1525", "CVE-2013-5619", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1559", "CVE-2014-1537", "CVE-2014-1582", "CVE-2014-1523", "CVE-2014-1576", "CVE-2014-8631", "CVE-2013-5615", "CVE-2014-1529", "CVE-2015-0828", "CVE-2013-5597", "CVE-2014-1543", "CVE-2014-1486", "CVE-2013-5590", "CVE-2013-5605", "CVE-2013-5610", "CVE-2014-1532", "CVE-2013-6671", "CVE-2014-1548", "CVE-2014-1584", "CVE-2014-1588", "CVE-2015-0826", "CVE-2014-1531", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1542", "CVE-2014-1477", "CVE-2014-1578", "CVE-2013-1741", "CVE-2014-1540", "CVE-2014-1534", "CVE-2014-8642", "CVE-2014-1482", "CVE-2014-8637", "CVE-2014-1479", "CVE-2014-1504", "CVE-2014-8636", "CVE-2014-1580", "CVE-2014-1511", "CVE-2015-0819", "CVE-2014-1520", "CVE-2015-0834", "CVE-2014-1545", "CVE-2013-5592", "CVE-2014-1492", "CVE-2014-1556", "CVE-2013-5606", "CVE-2015-0818", "CVE-2014-1563", "CVE-2014-1524", "CVE-2014-8632", "CVE-2014-1512", "CVE-2014-1581", "CVE-2013-5604", "CVE-2014-1514", "CVE-2014-1592", "CVE-2014-8641", "CVE-2014-1490", "CVE-2015-0835", "CVE-2014-1498", "CVE-2014-1589", "CVE-2014-1565", "CVE-2014-1568", "CVE-2014-1555", "CVE-2014-1564", "CVE-2014-1574", "CVE-2014-1558", "CVE-2014-1551", "CVE-2014-1519", "CVE-2014-1547", "CVE-2014-1480", "CVE-2014-5369", "CVE-2014-1500", "CVE-2014-1497", "CVE-2013-5596", "CVE-2014-1478", "CVE-2014-1485", "CVE-2015-0817", "CVE-2014-1493", "CVE-2014-1544", "CVE-2014-8634", "CVE-2013-2566", "CVE-2015-0823", "CVE-2013-5603", "CVE-2013-6673", "CVE-2014-1562", "CVE-2015-0836", "CVE-2014-1541", "CVE-2014-1488", "CVE-2014-1552", "CVE-2013-5599", "CVE-2014-1553", "CVE-2014-8639", "CVE-2015-0829", "CVE-2014-1549", "CVE-2013-5591", "CVE-2013-5602", "CVE-2015-0822", "CVE-2014-1496", "CVE-2014-1554", "CVE-2015-0830", "CVE-2015-0827", "CVE-2014-8640", "CVE-2014-1557", "CVE-2014-1526", "CVE-2013-5593", "CVE-2014-1550", "CVE-2014-1533", "CVE-2014-1491", "CVE-2013-6672", "CVE-2013-5614", "CVE-2014-1575", "CVE-2014-8635", "CVE-2014-8638", "CVE-2014-1560", "CVE-2014-1585", "CVE-2014-1483", "CVE-2014-1489", "CVE-2014-1591", "CVE-2014-1593", "CVE-2015-0820", "CVE-2013-5600", "CVE-2014-1499", "CVE-2014-1518", "CVE-2014-1561", "CVE-2015-0833", "CVE-2013-5618"], "edition": 1, "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-31.5.3\"\n \n\nAll firefox-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-31.5.3\"\n \n\nAll thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-31.5.0\"\n \n\nAll thunderbird-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-31.5.0\"\n \n\nAll seamonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.33.1\"\n \n\nAll seamonkey-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.33.1\"\n \n\nAll nspr users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nspr-4.10.6\"", "modified": "2015-04-08T00:00:00", "published": "2015-04-07T00:00:00", "id": "GLSA-201504-01", "href": "https://security.gentoo.org/glsa/201504-01", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
