{"id": "OPENVAS:1361412562310805513", "bulletinFamily": "scanner", "title": "SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)", "description": "This host is installed with SeaMonkey and\n is prone to multiple vulnerabilities.", "published": "2015-03-27T00:00:00", "modified": "2018-10-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805513", "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "references": ["http://www.securitytracker.com/id/1031958", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-29", "http://www.mozilla.com/en-US/seamonkey", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-28"], "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "type": "openvas", "lastseen": "2018-10-22T16:39:19", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This host is installed with SeaMonkey and\n is prone to multiple vulnerabilities.", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "f5a60443b3248a82098e20b034bdadbac77ef421f5f0250b41c0131012542eed", "hashmap": [{"hash": "0ed3708ae6e6fd21964b11319b8b26d1", "key": "cvelist"}, {"hash": "398ea4ea706db579b812f88ff355eb96", "key": "published"}, {"hash": "e4d338cc9e254d62b252e6d895233a18", "key": "pluginID"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "8a43622064c682f018053a5f469051ef", "key": "href"}, {"hash": "0db377921f4ce762c62526131097968f", "key": "naslFamily"}, {"hash": "f7e11b795b6d3fd1d3a23769e66233e8", "key": "title"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "483242fc3231729981ae7d585b543f53", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "0a0a51d2b6c1534ed609ef84334987e6", "key": "description"}, {"hash": "0d8fc67a430144bb0ae55d6d8831a37e", "key": "references"}, {"hash": "a9069448ea3b6467fdc33d0498b565f3", "key": "modified"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805513", "id": "OPENVAS:1361412562310805513", "lastseen": "2018-09-20T16:08:57", "modified": "2018-09-18T00:00:00", "naslFamily": "General", "objectVersion": "1.3", "pluginID": "1361412562310805513", "published": "2015-03-27T00:00:00", "references": ["http://www.securitytracker.com/id/1031958", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-29", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-28"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sea_monkey_mult_vuln01_mar15_macosx.nasl 11452 2018-09-18 11:24:16Z mmartin $\n#\n# SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:seamonkey\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805513\");\n script_version(\"$Revision: 11452 $\");\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-18 13:24:16 +0200 (Tue, 18 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-27 14:54:29 +0530 (Fri, 27 Mar 2015)\");\n script_name(\"SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with SeaMonkey and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An out-of-bounds access error in asmjs/AsmJSValidate.cpp within the JavaScript\n Just-in-time Compilation (JIT).\n\n - An error in docshell/base/nsDocShell.cpp within the SVG format content navigation\n functionality.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to gain elevated privileges and conduct arbitrary code execution.\");\n\n script_tag(name:\"affected\", value:\"SeaMonkey version before 2.33.1 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to SeaMonkey version 2.33.1 or later,\n For updates refer to http://www.mozilla.com/en-US/seamonkey\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1031958\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-29\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-28\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"SeaMonkey/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!smVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:smVer, test_version:\"2.33.1\"))\n{\n report = 'Installed version: ' + smVer + '\\n' +\n 'Fixed version: ' + \"2.33.1\" + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "title": "SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)", "type": "openvas", "viewCount": 0}, "differentElements": ["references", "modified", "sourceData"], "edition": 5, "lastseen": "2018-09-20T16:08:57"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This host is installed with SeaMonkey and\n is prone to multiple vulnerabilities.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "20cac744754967507ed559732d40eb431c406d3243f3baaf832fbb8c7af7a1b4", "hashmap": [{"hash": "7f86b488cde79959076c92cafc9748f6", "key": "modified"}, {"hash": "0ed3708ae6e6fd21964b11319b8b26d1", "key": "cvelist"}, {"hash": "398ea4ea706db579b812f88ff355eb96", "key": "published"}, {"hash": "e4d338cc9e254d62b252e6d895233a18", "key": "pluginID"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "528b92677f07ea05f378be6e936b3cf2", "key": "sourceData"}, {"hash": "8a43622064c682f018053a5f469051ef", "key": "href"}, {"hash": "0db377921f4ce762c62526131097968f", "key": "naslFamily"}, {"hash": "f7e11b795b6d3fd1d3a23769e66233e8", "key": "title"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "0a0a51d2b6c1534ed609ef84334987e6", "key": "description"}, {"hash": "0d8fc67a430144bb0ae55d6d8831a37e", "key": "references"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805513", "id": "OPENVAS:1361412562310805513", "lastseen": "2018-09-11T11:35:45", "modified": "2018-09-10T00:00:00", "naslFamily": "General", "objectVersion": "1.3", "pluginID": "1361412562310805513", "published": "2015-03-27T00:00:00", "references": ["http://www.securitytracker.com/id/1031958", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-29", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-28"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sea_monkey_mult_vuln01_mar15_macosx.nasl 11296 2018-09-10 09:08:51Z mmartin $\n#\n# SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:seamonkey\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805513\");\n script_version(\"$Revision: 11296 $\");\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-10 11:08:51 +0200 (Mon, 10 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-27 14:54:29 +0530 (Fri, 27 Mar 2015)\");\n script_name(\"SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with SeaMonkey and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n - An out-of-bounds access error in asmjs/AsmJSValidate.cpp within the JavaScript\n Just-in-time Compilation (JIT).\n - An error in docshell/base/nsDocShell.cpp within the SVG format content navigation\n functionality.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to gain elevated privileges and conduct arbitrary code execution.\n\n Impact Level: System/Application\");\n\n script_tag(name:\"affected\", value:\"SeaMonkey version before 2.33.1 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to SeaMonkey version 2.33.1 or later,\n For updates refer to http://www.mozilla.com/en-US/seamonkey\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1031958\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-29\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-28\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"SeaMonkey/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!smVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:smVer, test_version:\"2.33.1\"))\n{\n report = 'Installed version: ' + smVer + '\\n' +\n 'Fixed version: ' + \"2.33.1\" + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "title": "SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2018-09-11T11:35:45"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This host is installed with SeaMonkey and\n is prone to multiple vulnerabilities.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "f02d741b06290d02f1c6359cc0518f62970c3049029905e7ed7d5fb614d4f3c5", "hashmap": [{"hash": "0ed3708ae6e6fd21964b11319b8b26d1", "key": "cvelist"}, {"hash": "398ea4ea706db579b812f88ff355eb96", "key": "published"}, {"hash": "e4d338cc9e254d62b252e6d895233a18", "key": "pluginID"}, {"hash": "54c80a447982dbedec92463c7532b29f", "key": "modified"}, {"hash": "8a43622064c682f018053a5f469051ef", "key": "href"}, {"hash": "0db377921f4ce762c62526131097968f", "key": "naslFamily"}, {"hash": "f7e11b795b6d3fd1d3a23769e66233e8", "key": "title"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "0a0a51d2b6c1534ed609ef84334987e6", "key": "description"}, {"hash": "0d8fc67a430144bb0ae55d6d8831a37e", "key": "references"}, {"hash": "5d5772885e099f458637d86bb692a9ba", "key": "sourceData"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805513", "id": "OPENVAS:1361412562310805513", "lastseen": "2018-08-30T19:22:34", "modified": "2017-06-13T00:00:00", "naslFamily": "General", "objectVersion": "1.3", "pluginID": "1361412562310805513", "published": "2015-03-27T00:00:00", "references": ["http://www.securitytracker.com/id/1031958", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-29", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-28"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sea_monkey_mult_vuln01_mar15_macosx.nasl 6329 2017-06-13 15:39:42Z teissa $\n#\n# SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:seamonkey\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805513\");\n script_version(\"$Revision: 6329 $\");\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-13 17:39:42 +0200 (Tue, 13 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-27 14:54:29 +0530 (Fri, 27 Mar 2015)\");\n script_name(\"SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)\");\n\n script_tag(name: \"summary\" , value:\"This host is installed with SeaMonkey and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the installed version with the help of\n detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value:\"Multiple flaws are due to,\n - An out-of-bounds access error in asmjs/AsmJSValidate.cpp within the JavaScript\n Just-in-time Compilation (JIT).\n - An error in docshell/base/nsDocShell.cpp within the SVG format content navigation\n functionality.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote\n attackers to gain elevated privileges and conduct arbitrary code execution.\n\n Impact Level: System/Application\");\n\n script_tag(name: \"affected\" , value:\"SeaMonkey version before 2.33.1 on Mac OS X.\");\n\n script_tag(name: \"solution\" , value:\"Upgrade to SeaMonkey version 2.33.1 or later,\n For updates refer to http://www.mozilla.com/en-US/seamonkey\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1031958\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-29\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-28\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"SeaMonkey/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nsmVer = \"\";\n\n## Get version\nif(!smVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\n# Check for vulnerable version\nif(version_is_less(version:smVer, test_version:\"2.33.1\"))\n{\n report = 'Installed version: ' + smVer + '\\n' +\n 'Fixed version: ' + \"2.33.1\" + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "title": "SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:22:34"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This host is installed with SeaMonkey and\n is prone to multiple vulnerabilities.", "edition": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "35da17b8bb04c83e72dc4ad07a8d3b296204fe85887ed1c5b3d8e64bfd087008", "hashmap": [{"hash": "0ed3708ae6e6fd21964b11319b8b26d1", "key": "cvelist"}, {"hash": "398ea4ea706db579b812f88ff355eb96", "key": "published"}, {"hash": "e4d338cc9e254d62b252e6d895233a18", "key": "pluginID"}, {"hash": "54c80a447982dbedec92463c7532b29f", "key": "modified"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "8a43622064c682f018053a5f469051ef", "key": "href"}, {"hash": "0db377921f4ce762c62526131097968f", "key": "naslFamily"}, {"hash": "f7e11b795b6d3fd1d3a23769e66233e8", "key": "title"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "0a0a51d2b6c1534ed609ef84334987e6", "key": "description"}, {"hash": "0d8fc67a430144bb0ae55d6d8831a37e", "key": "references"}, {"hash": "5d5772885e099f458637d86bb692a9ba", "key": "sourceData"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805513", "id": "OPENVAS:1361412562310805513", "lastseen": "2017-07-02T21:11:38", "modified": "2017-06-13T00:00:00", "naslFamily": "General", "objectVersion": "1.3", "pluginID": "1361412562310805513", "published": "2015-03-27T00:00:00", "references": ["http://www.securitytracker.com/id/1031958", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-29", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-28"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sea_monkey_mult_vuln01_mar15_macosx.nasl 6329 2017-06-13 15:39:42Z teissa $\n#\n# SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:seamonkey\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805513\");\n script_version(\"$Revision: 6329 $\");\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-13 17:39:42 +0200 (Tue, 13 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-27 14:54:29 +0530 (Fri, 27 Mar 2015)\");\n script_name(\"SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)\");\n\n script_tag(name: \"summary\" , value:\"This host is installed with SeaMonkey and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the installed version with the help of\n detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value:\"Multiple flaws are due to,\n - An out-of-bounds access error in asmjs/AsmJSValidate.cpp within the JavaScript\n Just-in-time Compilation (JIT).\n - An error in docshell/base/nsDocShell.cpp within the SVG format content navigation\n functionality.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote\n attackers to gain elevated privileges and conduct arbitrary code execution.\n\n Impact Level: System/Application\");\n\n script_tag(name: \"affected\" , value:\"SeaMonkey version before 2.33.1 on Mac OS X.\");\n\n script_tag(name: \"solution\" , value:\"Upgrade to SeaMonkey version 2.33.1 or later,\n For updates refer to http://www.mozilla.com/en-US/seamonkey\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1031958\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-29\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-28\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"SeaMonkey/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nsmVer = \"\";\n\n## Get version\nif(!smVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\n# Check for vulnerable version\nif(version_is_less(version:smVer, test_version:\"2.33.1\"))\n{\n report = 'Installed version: ' + smVer + '\\n' +\n 'Fixed version: ' + \"2.33.1\" + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "title": "SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2017-07-02T21:11:38"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This host is installed with SeaMonkey and\n is prone to multiple vulnerabilities.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "35da17b8bb04c83e72dc4ad07a8d3b296204fe85887ed1c5b3d8e64bfd087008", "hashmap": [{"hash": "0ed3708ae6e6fd21964b11319b8b26d1", "key": "cvelist"}, {"hash": "398ea4ea706db579b812f88ff355eb96", "key": "published"}, {"hash": "e4d338cc9e254d62b252e6d895233a18", "key": "pluginID"}, {"hash": "54c80a447982dbedec92463c7532b29f", "key": "modified"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "8a43622064c682f018053a5f469051ef", "key": "href"}, {"hash": "0db377921f4ce762c62526131097968f", "key": "naslFamily"}, {"hash": "f7e11b795b6d3fd1d3a23769e66233e8", "key": "title"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "0a0a51d2b6c1534ed609ef84334987e6", "key": "description"}, {"hash": "0d8fc67a430144bb0ae55d6d8831a37e", "key": "references"}, {"hash": "5d5772885e099f458637d86bb692a9ba", "key": "sourceData"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805513", "id": "OPENVAS:1361412562310805513", "lastseen": "2018-09-01T23:51:23", "modified": "2017-06-13T00:00:00", "naslFamily": "General", "objectVersion": "1.3", "pluginID": "1361412562310805513", "published": "2015-03-27T00:00:00", "references": ["http://www.securitytracker.com/id/1031958", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-29", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-28"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sea_monkey_mult_vuln01_mar15_macosx.nasl 6329 2017-06-13 15:39:42Z teissa $\n#\n# SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:seamonkey\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805513\");\n script_version(\"$Revision: 6329 $\");\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-13 17:39:42 +0200 (Tue, 13 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-27 14:54:29 +0530 (Fri, 27 Mar 2015)\");\n script_name(\"SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)\");\n\n script_tag(name: \"summary\" , value:\"This host is installed with SeaMonkey and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the installed version with the help of\n detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value:\"Multiple flaws are due to,\n - An out-of-bounds access error in asmjs/AsmJSValidate.cpp within the JavaScript\n Just-in-time Compilation (JIT).\n - An error in docshell/base/nsDocShell.cpp within the SVG format content navigation\n functionality.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote\n attackers to gain elevated privileges and conduct arbitrary code execution.\n\n Impact Level: System/Application\");\n\n script_tag(name: \"affected\" , value:\"SeaMonkey version before 2.33.1 on Mac OS X.\");\n\n script_tag(name: \"solution\" , value:\"Upgrade to SeaMonkey version 2.33.1 or later,\n For updates refer to http://www.mozilla.com/en-US/seamonkey\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1031958\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-29\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-28\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"SeaMonkey/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nsmVer = \"\";\n\n## Get version\nif(!smVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\n# Check for vulnerable version\nif(version_is_less(version:smVer, test_version:\"2.33.1\"))\n{\n report = 'Installed version: ' + smVer + '\\n' +\n 'Fixed version: ' + \"2.33.1\" + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "title": "SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2018-09-01T23:51:23"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "0ed3708ae6e6fd21964b11319b8b26d1"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "0a0a51d2b6c1534ed609ef84334987e6"}, {"key": "href", "hash": "8a43622064c682f018053a5f469051ef"}, {"key": "modified", "hash": "8be90a922e3fddc17514b9fd17f39e9b"}, {"key": "naslFamily", "hash": "0db377921f4ce762c62526131097968f"}, {"key": "pluginID", "hash": "e4d338cc9e254d62b252e6d895233a18"}, {"key": "published", "hash": "398ea4ea706db579b812f88ff355eb96"}, {"key": "references", "hash": "f013c0dc5effacb8e84ef2bcab46394f"}, {"key": "reporter", "hash": "1e898993712db5cf9f9a110102684025"}, {"key": "sourceData", "hash": "b0547c23642735f0b3cc35adae02dbb4"}, {"key": "title", "hash": "f7e11b795b6d3fd1d3a23769e66233e8"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "4ca122ed868d9855e8aae051d8009de6177cd03c00cba88e500d8ac7ab5c31f1", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sea_monkey_mult_vuln01_mar15_macosx.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:seamonkey\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805513\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-27 14:54:29 +0530 (Fri, 27 Mar 2015)\");\n script_name(\"SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with SeaMonkey and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An out-of-bounds access error in asmjs/AsmJSValidate.cpp within the JavaScript\n Just-in-time Compilation (JIT).\n\n - An error in docshell/base/nsDocShell.cpp within the SVG format content navigation\n functionality.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to gain elevated privileges and conduct arbitrary code execution.\");\n\n script_tag(name:\"affected\", value:\"SeaMonkey version before 2.33.1 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to SeaMonkey version 2.33.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1031958\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-29\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-28\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"SeaMonkey/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/seamonkey\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!smVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:smVer, test_version:\"2.33.1\"))\n{\n report = 'Installed version: ' + smVer + '\\n' +\n 'Fixed version: ' + \"2.33.1\" + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "naslFamily": "General", "pluginID": "1361412562310805513"}

{"cve": [{"lastseen": "2017-04-18T15:55:59", "references": ["http://www.ubuntu.com/usn/USN-2538-1", "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00029.html", "http://www.mozilla.org/security/announce/2015/mfsa2015-28.html", "http://www.securitytracker.com/id/1031959", "http://rhn.redhat.com/errata/RHSA-2015-0718.html", "http://lists.opensuse.org/opensuse-updates/2015-03/msg00096.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=1144988", "http://www.debian.org/security/2015/dsa-3201", "http://www.securityfocus.com/bid/73265", "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "https://security.gentoo.org/glsa/201504-01", "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00035.html", "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html"], "edition": 2, "description": "Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.", "reporter": "NVD", "published": "2015-03-23T20:59:07", "title": "CVE-2015-0818", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-0818"], "scanner": [], "modified": "2016-12-21T21:59:27", "cpe": ["cpe:/a:mozilla:firefox_esr:31.3.0", "cpe:/a:mozilla:firefox_esr:31.1", "cpe:/a:mozilla:firefox_esr:31.5", "cpe:/a:mozilla:seamonkey:2.33.0", "cpe:/a:mozilla:firefox_esr:31.5.2", "cpe:/a:mozilla:firefox_esr:31.1.1", "cpe:/a:mozilla:firefox_esr:31.3", "cpe:/a:mozilla:firefox_esr:31.4", "cpe:/a:mozilla:firefox:36.0.3", "cpe:/a:mozilla:firefox_esr:31.0", "cpe:/a:mozilla:firefox_esr:31.2", "cpe:/a:mozilla:firefox_esr:31.5.1", "cpe:/a:mozilla:firefox_esr:31.1.0"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0818", "id": "CVE-2015-0818", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-18T15:55:59", "references": ["http://www.ubuntu.com/usn/USN-2538-1", "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00029.html", "http://rhn.redhat.com/errata/RHSA-2015-0718.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=1145255", "http://lists.opensuse.org/opensuse-updates/2015-03/msg00096.html", "http://www.securityfocus.com/bid/73263", "http://www.debian.org/security/2015/dsa-3201", "http://www.securitytracker.com/id/1031958", "http://www.mozilla.org/security/announce/2015/mfsa2015-29.html", "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "https://security.gentoo.org/glsa/201504-01", "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00035.html", "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html"], "edition": 2, "description": "The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.", "reporter": "NVD", "published": "2015-03-23T20:59:05", "title": "CVE-2015-0817", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-0817"], "scanner": [], "modified": "2017-01-02T21:59:43", "cpe": ["cpe:/a:mozilla:firefox_esr:31.3.0", "cpe:/a:mozilla:firefox_esr:31.1", "cpe:/a:mozilla:firefox_esr:31.5", "cpe:/a:mozilla:seamonkey:2.33.0", "cpe:/a:mozilla:firefox_esr:31.1.1", "cpe:/a:mozilla:firefox_esr:31.3", "cpe:/a:mozilla:firefox_esr:31.4", "cpe:/a:mozilla:firefox_esr:31.0", "cpe:/a:mozilla:firefox_esr:31.2", "cpe:/a:mozilla:firefox_esr:31.5.1", "cpe:/a:mozilla:firefox:36.0.1", "cpe:/a:mozilla:firefox_esr:31.1.0"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0817", "id": "CVE-2015-0817", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2018-04-10T05:09:01", "references": ["https://rhn.redhat.com/errata/RHSA-2015-0718.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "7", "packageVersion": "31.5.3-3.el7.centos", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-31.5.3-3.el7.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "31.5.3-3.el7.centos", "arch": "i686", "packageName": "firefox", "packageFilename": "firefox-31.5.3-3.el7.centos.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "31.5.3-3.el7.centos", "arch": "any", "packageName": "firefox", "packageFilename": "firefox-31.5.3-3.el7.centos.src.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2015:0718\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nTwo flaws were found in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2015-0817, CVE-2015-0818)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges ilxu1a and Mariusz Mlynski as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 31.5.3 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/021044.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0718.html", "edition": 5, "reporter": "CentOS Project", "published": "2015-04-01T04:07:06", "title": "firefox security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-04-01T04:07:06", "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/021044.html", "id": "CESA-2015:0718", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:39:21", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/"], "pluginID": "82042", "description": "The version of Mozilla SeaMonkey installed on the remote host is prior to 2.33.1. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists due to an out-of-bounds error in typed array bounds checking within 'asmjs/AsmJSValidate.cpp', which relates to just-in-time compilation for JavaScript. A remote attacker, using a specially crafted web page, can exploit this to execute arbitrary code by reading and writing to memory. (CVE-2015-0817)\n\n - A privilege escalation vulnerability exists due to a flaw within 'docshell/base/nsDocShell.cpp', which relates to SVG format content navigation. A remote attacker can exploit this to bypass same-origin policy protections, allowing a possible execution of arbitrary scripts in a privileged context. (CVE-2015-0818)", "edition": 5, "reporter": "Tenable", "published": "2015-03-24T00:00:00", "title": "SeaMonkey < 2.33.1 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2018-07-27T00:00:00", "cpe": ["cpe:/a:mozilla:seamonkey"], "id": "SEAMONKEY_2_33_1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82042", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82042);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_bugtraq_id(73263, 73265);\n\n script_name(english:\"SeaMonkey < 2.33.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of SeaMonkey.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla SeaMonkey installed on the remote host is prior\nto 2.33.1. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists due to an\n out-of-bounds error in typed array bounds checking\n within 'asmjs/AsmJSValidate.cpp', which relates to\n just-in-time compilation for JavaScript. A remote\n attacker, using a specially crafted web page, can\n exploit this to execute arbitrary code by reading and\n writing to memory. (CVE-2015-0817)\n\n - A privilege escalation vulnerability exists due to a\n flaw within 'docshell/base/nsDocShell.cpp', which\n relates to SVG format content navigation. A remote\n attacker can exploit this to bypass same-origin policy\n protections, allowing a possible execution of arbitrary\n scripts in a privileged context. (CVE-2015-0818)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to SeaMonkey 2.33.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:seamonkey\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"SeaMonkey/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/SeaMonkey/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"SeaMonkey\");\n\nmozilla_check_version(installs:installs, product:'seamonkey', fix:'2.33.1', severity:SECURITY_HOLE, xss:FALSE, xsrf:TRUE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-13T16:47:03", "references": ["https://access.redhat.com/errata/RHSA-2015:0718", "https://access.redhat.com/security/cve/cve-2015-0817", "http://www.nessus.org/u?8b5eaff4", "https://access.redhat.com/security/cve/cve-2015-0818"], "pluginID": "82067", "description": "Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.\n\nTwo flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0817, CVE-2015-0818)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges ilxu1a and Mariusz Mlynski as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain Firefox version 31.5.3 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.", "edition": 8, "reporter": "Tenable", "published": "2015-03-25T00:00:00", "title": "RHEL 5 / 7 : firefox (RHSA-2015:0718)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.1", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.6"], "id": "REDHAT-RHSA-2015-0718.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82067", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0718. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82067);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:54\");\n\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_xref(name:\"RHSA\", value:\"2015:0718\");\n\n script_name(english:\"RHEL 5 / 7 : firefox (RHSA-2015:0718)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nTwo flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-0817, CVE-2015-0818)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges ilxu1a and Mariusz Mlynski as the\noriginal reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 31.5.3 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b5eaff4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0818\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0718\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-31.5.3-1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-debuginfo-31.5.3-1.el5_11\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-31.5.3-3.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-debuginfo-31.5.3-3.el7_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:58:33", "references": ["http://www.nessus.org/u?522d76ad"], "pluginID": "82264", "description": "Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0817, CVE-2015-0818)\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", "edition": 4, "reporter": "Tenable", "published": "2015-03-26T00:00:00", "title": "Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-04-05T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150324_FIREFOX_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82264", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82264);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/04/05 04:38:20 $\");\n\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-0817, CVE-2015-0818)\n\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1503&L=scientific-linux-errata&T=0&P=1780\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?522d76ad\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"firefox-31.5.3-1.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"firefox-debuginfo-31.5.3-1.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"firefox-31.5.3-1.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"firefox-debuginfo-31.5.3-1.el6_6\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-31.5.3-3.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-debuginfo-31.5.3-3.el7_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:42:14", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=923534", "http://www.mozilla.org/security/announce/2015/mfsa2015-28.html", "http://support.novell.com/security/cve/CVE-2015-0818.html", "http://support.novell.com/security/cve/CVE-2015-0817.html", "http://www.mozilla.org/security/announce/2015/mfsa2015-29.html"], "pluginID": "82068", "description": "Mozilla Firefox was updated to the 31.5.3ESR release to fix two security vulnerabilities :\n\n - Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation (JIT) and its management of bounds checking for heap access. This flaw can be leveraged into the reading and writing of memory allowing for arbitary code execution on the local system. (MFSA 2015-29 / CVE-2015-0817)\n\n - Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation. (MFSA 2015-28 / CVE-2015-0818)", "edition": 4, "reporter": "Tenable", "published": "2015-03-25T00:00:00", "title": "SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 10524)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-04-05T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox"], "id": "SUSE_11_FIREFOX-20150323-150324.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82068", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82068);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/04/05 04:38:20 $\");\n\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n\n script_name(english:\"SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 10524)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was updated to the 31.5.3ESR release to fix two\nsecurity vulnerabilities :\n\n - Security researcher ilxu1a reported, through HP Zero Day\n Initiative's Pwn2Own contest, a flaw in Mozilla's\n implementation of typed array bounds checking in\n JavaScript just-in-time compilation (JIT) and its\n management of bounds checking for heap access. This flaw\n can be leveraged into the reading and writing of memory\n allowing for arbitary code execution on the local\n system. (MFSA 2015-29 / CVE-2015-0817)\n\n - Security researcher Mariusz Mlynski reported, through HP\n Zero Day Initiative's Pwn2Own contest, a method to run\n arbitrary scripts in a privileged context. This bypassed\n the same-origin policy protections by using a flaw in\n the processing of SVG format content navigation. (MFSA\n 2015-28 / CVE-2015-0818)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2015/mfsa2015-28.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2015/mfsa2015-29.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=923534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0818.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10524.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-31.5.3esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-translations-31.5.3esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-31.5.3esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-31.5.3esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"MozillaFirefox-31.5.3esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"MozillaFirefox-translations-31.5.3esr-0.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:48:20", "references": ["https://oss.oracle.com/pipermail/el-errata/2015-March/004929.html", "https://oss.oracle.com/pipermail/el-errata/2015-March/004932.html", "https://oss.oracle.com/pipermail/el-errata/2015-March/004930.html"], "pluginID": "82065", "description": "From Red Hat Security Advisory 2015:0718 :\n\nUpdated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.\n\nTwo flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0817, CVE-2015-0818)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges ilxu1a and Mariusz Mlynski as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain Firefox version 31.5.3 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.", "edition": 4, "reporter": "Tenable", "published": "2015-03-25T00:00:00", "title": "Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-0718)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-12-04T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-0718.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82065", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0718 and \n# Oracle Linux Security Advisory ELSA-2015-0718 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82065);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2015/12/04 14:37:59 $\");\n\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_xref(name:\"RHSA\", value:\"2015:0718\");\n\n script_name(english:\"Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-0718)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0718 :\n\nUpdated firefox packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nTwo flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-0817, CVE-2015-0818)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges ilxu1a and Mariusz Mlynski as the\noriginal reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 31.5.3 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-March/004929.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-March/004930.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-March/004932.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"firefox-31.5.3-1.0.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"firefox-31.5.3-1.0.1.el6_6\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"firefox-31.5.3-3.0.1.el7_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:33:09", "references": [], "pluginID": "82022", "description": "A flaw was discovered in the implementation of typed array bounds checking in the JavaScript just-in-time compilation. If a user were tricked in to opening a specially crafted website, an attacked could exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0817)\n\nMariusz Mlynski discovered a flaw in the processing of SVG format content navigation. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to run arbitrary script in a privileged context. (CVE-2015-0818).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2015-03-24T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : firefox vulnerabilities (USN-2538-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2016-05-24T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2538-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82022", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2538-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82022);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2016/05/24 17:37:08 $\");\n\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_bugtraq_id(73263, 73265);\n script_xref(name:\"USN\", value:\"2538-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : firefox vulnerabilities (USN-2538-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was discovered in the implementation of typed array bounds\nchecking in the JavaScript just-in-time compilation. If a user were\ntricked in to opening a specially crafted website, an attacked could\nexploit this to execute arbitrary code with the privileges of the user\ninvoking Firefox. (CVE-2015-0817)\n\nMariusz Mlynski discovered a flaw in the processing of SVG format\ncontent navigation. If a user were tricked in to opening a specially\ncrafted website, an attacker could exploit this to run arbitrary\nscript in a privileged context. (CVE-2015-0818).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2016 Canonical, Inc. / NASL script (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"36.0.4+build1-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"firefox\", pkgver:\"36.0.4+build1-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"firefox\", pkgver:\"36.0.4+build1-0ubuntu0.14.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:35:23", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=923534"], "pluginID": "82463", "description": "SeaMonkey was updated to 2.33.1 to fix several vulnerabilities.\n\nThe following vulnerabilities were fixed :\n\n - Privilege escalation through SVG navigation (CVE-2015-0818)\n\n - Code execution through incorrect JavaScript bounds checking elimination (CVE-2015-0817)", "edition": 4, "reporter": "Tenable", "published": "2015-03-31T00:00:00", "title": "openSUSE Security Update : seamonkey (openSUSE-2015-279)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-04-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2015-279.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82463", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-279.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82463);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/04/05 04:38:20 $\");\n\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (openSUSE-2015-279)\");\n script_summary(english:\"Check for the openSUSE-2015-279 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SeaMonkey was updated to 2.33.1 to fix several vulnerabilities.\n\nThe following vulnerabilities were fixed :\n\n - Privilege escalation through SVG navigation\n (CVE-2015-0818)\n\n - Code execution through incorrect JavaScript bounds\n checking elimination (CVE-2015-0817)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=923534\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-2.33.1-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-debuginfo-2.33.1-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-debugsource-2.33.1-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-dom-inspector-2.33.1-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-irc-2.33.1-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-translations-common-2.33.1-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-translations-other-2.33.1-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"seamonkey-2.33.1-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"seamonkey-debuginfo-2.33.1-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"seamonkey-debugsource-2.33.1-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"seamonkey-dom-inspector-2.33.1-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"seamonkey-irc-2.33.1-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"seamonkey-translations-common-2.33.1-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"seamonkey-translations-other-2.33.1-17.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-debuginfo / seamonkey-debugsource / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-13T16:44:24", "references": ["https://www.debian.org/security/2015/dsa-3201", "https://security-tracker.debian.org/tracker/CVE-2015-0817", "https://packages.debian.org/source/wheezy/iceweasel", "https://security-tracker.debian.org/tracker/CVE-2015-0818"], "pluginID": "81999", "description": "Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2015-0817 ilxu1a reported a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation (JIT) and its management of bounds checking for heap access. This flaw can be leveraged into the reading and writing of memory allowing for arbitary code execution on the local system.\n\n - CVE-2015-0818 Mariusz Mlynski discovered a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation.", "edition": 5, "reporter": "Tenable", "published": "2015-03-24T00:00:00", "title": "Debian DSA-3201-1 : iceweasel - security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:iceweasel", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3201.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81999", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3201. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81999);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_bugtraq_id(73263, 73265);\n script_xref(name:\"DSA\", value:\"3201\");\n\n script_name(english:\"Debian DSA-3201-1 : iceweasel - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Iceweasel, Debian's\nversion of the Mozilla Firefox web browser. The Common Vulnerabilities\nand Exposures project identifies the following problems :\n\n - CVE-2015-0817\n ilxu1a reported a flaw in Mozilla's implementation of\n typed array bounds checking in JavaScript just-in-time\n compilation (JIT) and its management of bounds checking\n for heap access. This flaw can be leveraged into the\n reading and writing of memory allowing for arbitary code\n execution on the local system.\n\n - CVE-2015-0818\n Mariusz Mlynski discovered a method to run arbitrary\n scripts in a privileged context. This bypassed the\n same-origin policy protections by using a flaw in the\n processing of SVG format content navigation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-0817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-0818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/iceweasel\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3201\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the iceweasel packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 31.5.3esr-1~deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-dbg\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-dev\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ach\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-af\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-all\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-an\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ar\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-as\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ast\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-be\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bg\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-br\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bs\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ca\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-cs\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-csb\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-cy\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-da\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-de\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-el\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-eo\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-et\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-eu\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fa\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ff\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fi\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fr\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gd\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gl\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-he\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hr\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hu\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-id\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-is\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-it\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ja\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-kk\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-km\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-kn\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ko\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ku\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lij\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lt\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lv\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mai\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mk\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ml\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mr\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ms\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nl\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-or\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pl\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-rm\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ro\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ru\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-si\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sk\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sl\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-son\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sq\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sr\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ta\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-te\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-th\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-tr\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-uk\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-vi\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-xh\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zu\", reference:\"31.5.3esr-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-13T17:11:33", "references": ["https://www.mozilla.org/security/advisories/mfsa2015-29/", "https://www.mozilla.org/security/advisories/mfsa2015-28/", "https://www.mozilla.org/security/advisories/", "http://www.nessus.org/u?612a12b1"], "pluginID": "82002", "description": "The Mozilla Project reports :\n\nMFSA-2015-28 Privilege escalation through SVG navigation\n\nMFSA-2015-29 Code execution through incorrect JavaScript bounds checking elimination", "edition": 5, "reporter": "Tenable", "published": "2015-03-24T00:00:00", "title": "FreeBSD : mozilla -- multiple vulnerabilities (76ff65f4-17ca-4d3f-864a-a3d6026194fb)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-firefox", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:libxul", "p-cpe:/a:freebsd:freebsd:seamonkey", "p-cpe:/a:freebsd:freebsd:linux-seamonkey", "p-cpe:/a:freebsd:freebsd:firefox", "p-cpe:/a:freebsd:freebsd:firefox-esr"], "id": "FREEBSD_PKG_76FF65F417CA4D3F864AA3D6026194FB.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82002", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82002);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:44\");\n\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n\n script_name(english:\"FreeBSD : mozilla -- multiple vulnerabilities (76ff65f4-17ca-4d3f-864a-a3d6026194fb)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla Project reports :\n\nMFSA-2015-28 Privilege escalation through SVG navigation\n\nMFSA-2015-29 Code execution through incorrect JavaScript bounds\nchecking elimination\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/security/advisories/mfsa2015-28/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/security/advisories/mfsa2015-29/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/security/advisories/\"\n );\n # https://vuxml.freebsd.org/freebsd/76ff65f4-17ca-4d3f-864a-a3d6026194fb.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?612a12b1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxul\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox<36.0.4,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"firefox-esr<31.5.3,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<36.0.4,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey<2.33.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<2.33.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libxul<31.5.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-11T13:03:35", "references": ["http://www.nessus.org/u?b5b01178", "http://www.nessus.org/u?8cd90531", "http://www.nessus.org/u?384039dc", "http://www.nessus.org/u?047828af"], "pluginID": "82083", "description": "Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.\n\nTwo flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0817, CVE-2015-0818)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges ilxu1a and Mariusz Mlynski as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain Firefox version 31.5.3 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.", "edition": 6, "reporter": "Tenable", "published": "2015-03-26T00:00:00", "title": "CentOS 5 / 6 / 7 : firefox (CESA-2015:0718)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2015-0718.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82083", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0718 and \n# CentOS Errata and Security Advisory 2015:0718 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82083);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:31\");\n\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_xref(name:\"RHSA\", value:\"2015:0718\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : firefox (CESA-2015:0718)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nTwo flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-0817, CVE-2015-0818)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges ilxu1a and Mariusz Mlynski as the\noriginal reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 31.5.3 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-April/021044.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?047828af\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-March/020994.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8cd90531\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-March/020996.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?384039dc\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-March/001860.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b5b01178\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-31.5.3-1.el5.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"firefox-31.5.3-1.el6.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"firefox-31.5.3-3.el7.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-01T23:50:43", "references": ["2015:0718", "http://lists.centos.org/pipermail/centos-announce/2015-March/020994.html"], "pluginID": "1361412562310882133", "description": "Check the version of firefox", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-03-26T00:00:00", "title": "CentOS Update for firefox CESA-2015:0718 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882133", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882133", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2015:0718 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882133\");\n script_version(\"$Revision: 6657 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-26 05:47:22 +0100 (Thu, 26 Mar 2015)\");\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2015:0718 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of firefox\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nTwo flaws were found in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2015-0817, CVE-2015-0818)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges ilxu1a and Mariusz Mlynski as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 31.5.3 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\");\n script_tag(name: \"affected\", value: \"firefox on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:0718\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-March/020994.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.3~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:40:05", "references": ["http://www.securitytracker.com/id/1031958", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-29", "http://www.mozilla.com/en-US/seamonkey", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-28"], "pluginID": "1361412562310805512", "description": "This host is installed with SeaMonkey and\n is prone to multiple vulnerabilities.", "edition": 6, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-03-27T00:00:00", "title": "SeaMonkey Multiple Vulnerabilities -01 Mar15 (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310805512", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805512", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sea_monkey_mult_vuln01_mar15_win.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# SeaMonkey Multiple Vulnerabilities -01 Mar15 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:seamonkey\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805512\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-27 11:46:34 +0530 (Fri, 27 Mar 2015)\");\n script_name(\"SeaMonkey Multiple Vulnerabilities -01 Mar15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with SeaMonkey and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An out-of-bounds access error in asmjs/AsmJSValidate.cpp within the JavaScript\n Just-in-time Compilation (JIT).\n\n - An error in docshell/base/nsDocShell.cpp within the SVG format content navigation\n functionality.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to gain elevated privileges and conduct arbitrary code execution.\");\n\n script_tag(name:\"affected\", value:\"SeaMonkey version before 2.33.1 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to SeaMonkey version 2.33.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1031958\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-29\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-28\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_seamonkey_detect_win.nasl\");\n script_mandatory_keys(\"Seamonkey/Win/Ver\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/seamonkey\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!smVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:smVer, test_version:\"2.33.1\"))\n{\n report = 'Installed version: ' + smVer + '\\n' +\n 'Fixed version: ' + \"2.33.1\" + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:25:27", "references": ["http://linux.oracle.com/errata/ELSA-2015-0718.html"], "pluginID": "1361412562310123152", "description": "Oracle Linux Local Security Checks ELSA-2015-0718", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2015-0718", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123152", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123152", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-0718.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123152\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:00:00 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-0718\");\n script_tag(name:\"insight\", value:\"ELSA-2015-0718 - firefox security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-0718\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-0718.html\");\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.3~3.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.3~1.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.3~1.0.1.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-12T12:47:07", "references": ["2015:0636_1"], "pluginID": "1361412562310850646", "description": "Check the version of seamonkey", "edition": 6, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-04-01T00:00:00", "title": "SuSE Update for seamonkey openSUSE-SU-2015:0636-1 (seamonkey)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2018-11-09T00:00:00", "id": "OPENVAS:1361412562310850646", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850646", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_0636_1.nasl 12294 2018-11-09 15:31:55Z cfischer $\n#\n# SuSE Update for seamonkey openSUSE-SU-2015:0636-1 (seamonkey)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850646\");\n script_version(\"$Revision: 12294 $\");\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-09 16:31:55 +0100 (Fri, 09 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-01 07:19:02 +0200 (Wed, 01 Apr 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for seamonkey openSUSE-SU-2015:0636-1 (seamonkey)\");\n script_tag(name:\"summary\", value:\"Check the version of seamonkey\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"SeaMonkey was updated to 2.33.1 to fix several vulnerabilities.\n\n The following vulnerabilities were fixed:\n\n * Privilege escalation through SVG navigation (CVE-2015-0818)\n\n * Code execution through incorrect JavaScript bounds checking elimination\n (CVE-2015-0817)\");\n script_tag(name:\"affected\", value:\"seamonkey on openSUSE 13.1\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"openSUSE-SU\", value:\"2015:0636_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~2.33.1~53.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~2.33.1~53.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debugsource\", rpm:\"seamonkey-debugsource~2.33.1~53.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~2.33.1~53.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-irc\", rpm:\"seamonkey-irc~2.33.1~53.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-translations-common\", rpm:\"seamonkey-translations-common~2.33.1~53.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-translations-other\", rpm:\"seamonkey-translations-other~2.33.1~53.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:01", "references": ["http://www.debian.org/security/2015/dsa-3201.html"], "pluginID": "1361412562310703201", "description": "Multiple security issues have been\nfound in Iceweasel, Debian", "edition": 3, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-03-22T00:00:00", "title": "Debian Security Advisory DSA 3201-1 (iceweasel - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310703201", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703201", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3201.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3201-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703201\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_name(\"Debian Security Advisory DSA 3201-1 (iceweasel - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-03-22 00:00:00 +0100 (Sun, 22 Mar 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3201.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"iceweasel on Debian Linux\");\n script_tag(name: \"insight\", value: \"Iceweasel is Firefox, rebranded. It\nis a powerful, extensible web browser with support for modern web application\ntechnologies.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 31.5.3esr-1~deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 31.5.3esr-1.\n\nWe recommend that you upgrade your iceweasel packages.\");\n script_tag(name: \"summary\", value: \"Multiple security issues have been\nfound in Iceweasel, Debian's version of the Mozilla Firefox web browser. The\nCommon Vulnerabilities and Exposures project identifies the following problems:\n\nCVE-2015-0817 \nilxu1a reported a flaw in Mozilla's implementation of typed array\nbounds checking in JavaScript just-in-time compilation (JIT) and its\nmanagement of bounds checking for heap access. This flaw can be\nleveraged into the reading and writing of memory allowing for\narbitrary code execution on the local system.\n\nCVE-2015-0818 \nMariusz Mlynski discovered a method to run arbitrary scripts in a\nprivileged context. This bypassed the same-origin policy protections\nby using a flaw in the processing of SVG format content navigation.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-csb\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ku\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zu\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs17d\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs17d-dbg\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-17.0\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-17.0-dbg\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:07", "references": ["2015:0718-01", "https://www.redhat.com/archives/rhsa-announce/2015-March/msg00047.html"], "pluginID": "1361412562310871341", "description": "Check the version of firefox", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-03-25T00:00:00", "title": "RedHat Update for firefox RHSA-2015:0718-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:1361412562310871341", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871341", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2015:0718-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871341\");\n script_version(\"$Revision: 6689 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:50:06 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-25 06:31:49 +0100 (Wed, 25 Mar 2015)\");\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for firefox RHSA-2015:0718-01\");\n script_tag(name: \"summary\", value: \"Check the version of firefox\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nTwo flaws were found in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2015-0817, CVE-2015-0818)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges ilxu1a and Mariusz Mlynski as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 31.5.3 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\");\n script_tag(name: \"affected\", value: \"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"RHSA\", value: \"2015:0718-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2015-March/msg00047.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.3~3.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~31.5.3~3.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.3~1.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~31.5.3~1.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.3~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~31.5.3~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:54:01", "references": ["http://www.debian.org/security/2015/dsa-3201.html"], "pluginID": "703201", "description": "Multiple security issues have been\nfound in Iceweasel, Debian", "edition": 3, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-03-22T00:00:00", "title": "Debian Security Advisory DSA 3201-1 (iceweasel - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703201", "id": "OPENVAS:703201", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3201.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3201-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703201);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_name(\"Debian Security Advisory DSA 3201-1 (iceweasel - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-03-22 00:00:00 +0100 (Sun, 22 Mar 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3201.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"iceweasel on Debian Linux\");\n script_tag(name: \"insight\", value: \"Iceweasel is Firefox, rebranded. It\nis a powerful, extensible web browser with support for modern web application\ntechnologies.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 31.5.3esr-1~deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 31.5.3esr-1.\n\nWe recommend that you upgrade your iceweasel packages.\");\n script_tag(name: \"summary\", value: \"Multiple security issues have been\nfound in Iceweasel, Debian's version of the Mozilla Firefox web browser. The\nCommon Vulnerabilities and Exposures project identifies the following problems:\n\nCVE-2015-0817 \nilxu1a reported a flaw in Mozilla's implementation of typed array\nbounds checking in JavaScript just-in-time compilation (JIT) and its\nmanagement of bounds checking for heap access. This flaw can be\nleveraged into the reading and writing of memory allowing for\narbitrary code execution on the local system.\n\nCVE-2015-0818 \nMariusz Mlynski discovered a method to run arbitrary scripts in a\nprivileged context. This bypassed the same-origin policy protections\nby using a flaw in the processing of SVG format content navigation.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-csb\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ku\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zu\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs17d\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs17d-dbg\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-17.0\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-17.0-dbg\", ver:\"31.5.3esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-12T12:46:48", "references": ["2015:0593_2"], "pluginID": "1361412562310850971", "description": "Check the version of MozillaFirefox", "edition": 6, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-10-16T00:00:00", "title": "SuSE Update for MozillaFirefox SUSE-SU-2015:0593-2 (MozillaFirefox)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2018-11-09T00:00:00", "id": "OPENVAS:1361412562310850971", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850971", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_0593_2.nasl 12288 2018-11-09 14:02:45Z cfischer $\n#\n# SuSE Update for MozillaFirefox SUSE-SU-2015:0593-2 (MozillaFirefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850971\");\n script_version(\"$Revision: 12288 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-09 15:02:45 +0100 (Fri, 09 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 15:17:54 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for MozillaFirefox SUSE-SU-2015:0593-2 (MozillaFirefox)\");\n script_tag(name:\"summary\", value:\"Check the version of MozillaFirefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"MozillaFirefox was updated to the 31.5.3ESR release to fix two security\n vulnerabilities:\n\n * MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported,\n through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's\n implementation of typed array bounds checking in JavaScript just-in-time\n compilation (JIT) and its management of bounds checking for heap access.\n This flaw can be leveraged into the reading and writing of memory allowing\n for arbitrary code execution on the local system.\n\n * MFSA 2015-28 / CVE-2015-0818: Security researcher Mariusz Mlynski\n reported, through HP Zero Day Initiative's Pwn2Own contest, a method to\n run arbitrary scripts in a privileged context. This bypassed the\n same-origin policy protections by using a flaw in the processing of SVG\n format content navigation.\");\n\n script_tag(name:\"affected\", value:\"MozillaFirefox on SUSE Linux Enterprise Server 11 SP2 LTSS, SUSE Linux Enterprise Server 11 SP1 LTSS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2015:0593_2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLES11\\.0SP2|SLES11\\.0SP1)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLES11.0SP2\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~31.5.3esr~0.3.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~31.5.3esr~0.3.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"SLES11.0SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~31.5.3esr~0.3.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~31.5.3esr~0.3.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:44", "references": ["2015:0718", "http://lists.centos.org/pipermail/centos-announce/2015-April/021044.html"], "pluginID": "1361412562310882139", "description": "Check the version of firefox", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-04-01T00:00:00", "title": "CentOS Update for firefox CESA-2015:0718 centos7 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882139", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882139", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2015:0718 centos7 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882139\");\n script_version(\"$Revision: 6657 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-01 07:22:17 +0200 (Wed, 01 Apr 2015)\");\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2015:0718 centos7 \");\n script_tag(name: \"summary\", value: \"Check the version of firefox\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nTwo flaws were found in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2015-0817, CVE-2015-0818)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges ilxu1a and Mariusz Mlynski as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 31.5.3 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\");\n script_tag(name: \"affected\", value: \"firefox on CentOS 7\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:0718\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-April/021044.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.3~3.el7.centos\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-12T12:45:09", "references": ["2015:0607_1"], "pluginID": "1361412562310850644", "description": "Check the version of MozillaFirefox", "edition": 7, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-03-27T00:00:00", "title": "SuSE Update for MozillaFirefox openSUSE-SU-2015:0607-1 (MozillaFirefox)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2018-11-09T00:00:00", "id": "OPENVAS:1361412562310850644", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850644", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_0607_1.nasl 12294 2018-11-09 15:31:55Z cfischer $\n#\n# SuSE Update for MozillaFirefox openSUSE-SU-2015:0607-1 (MozillaFirefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850644\");\n script_version(\"$Revision: 12294 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-09 16:31:55 +0100 (Fri, 09 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-27 06:46:14 +0100 (Fri, 27 Mar 2015)\");\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for MozillaFirefox openSUSE-SU-2015:0607-1 (MozillaFirefox)\");\n script_tag(name:\"summary\", value:\"Check the version of MozillaFirefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"MozillaFirefox was updated to Firefox 36.0.4 to fix two critical security\n issues found during Pwn2Own:\n\n * MFSA 2015-28/CVE-2015-0818 (bmo#1144988) Privilege escalation through\n SVG navigation\n\n * MFSA 2015-29/CVE-2015-0817 (bmo#1145255) Code execution through\n incorrect JavaScript bounds checking elimination\n\n Also fixed were the following bugs:\n\n - Copy the icons to /usr/share/icons instead of symlinking them: in\n preparation for containerized apps (e.g. xdg-app) as well as AppStream\n metadata extraction, there are a couple locations that need to be real\n files for system integration (.desktop files, icons, mime-type info).\n\n - update to Firefox 36.0.1 Bugfixes:\n\n * Disable the usage of the ANY DNS query type (bmo#1093983)\n\n * Hello may become inactive until restart (bmo#1137469)\n\n * Print preferences may not be preserved (bmo#1136855)\n\n * Hello contact tabs may not be visible (bmo#1137141)\n\n * Accept hostnames that include an underscore character ('_')\n (bmo#1136616)\n\n * WebGL may use significant memory with Canvas2d (bmo#1137251)\n\n * Option -remote has been restored (bmo#1080319)\");\n script_tag(name:\"affected\", value:\"MozillaFirefox on openSUSE 13.1\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"openSUSE-SU\", value:\"2015:0607_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~36.0.4~63.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~36.0.4~63.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~36.0.4~63.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~36.0.4~63.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~36.0.4~63.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~36.0.4~63.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~36.0.4~63.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~36.0.4~63.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-07-10T14:43:33", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "i386", "packageName": "firefox", "packageFilename": "firefox-31.5.3-1.el5_11.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "ia64", "packageName": "firefox", "packageFilename": "firefox-31.5.3-1.el5_11.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "ppc", "packageName": "firefox", "packageFilename": "firefox-31.5.3-1.el5_11.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "s390", "packageName": "firefox", "packageFilename": "firefox-31.5.3-1.el5_11.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "s390x", "packageName": "firefox", "packageFilename": "firefox-31.5.3-1.el5_11.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "src", "packageName": "firefox", "packageFilename": "firefox-31.5.3-1.el5_11.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-31.5.3-1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "31.5.3-3.ael7b_1", "arch": "ppc64le", "packageName": "firefox", "packageFilename": "firefox-31.5.3-3.ael7b_1.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "31.5.3-3.ael7b_1", "arch": "src", "packageName": "firefox", "packageFilename": "firefox-31.5.3-3.ael7b_1.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "i686", "packageName": "firefox", "packageFilename": "firefox-31.5.3-3.el7_1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "ppc", "packageName": "firefox", "packageFilename": "firefox-31.5.3-3.el7_1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "ppc64", "packageName": "firefox", "packageFilename": "firefox-31.5.3-3.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "s390", "packageName": "firefox", "packageFilename": "firefox-31.5.3-3.el7_1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "s390x", "packageName": "firefox", "packageFilename": "firefox-31.5.3-3.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "src", "packageName": "firefox", "packageFilename": "firefox-31.5.3-3.el7_1.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-31.5.3-3.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "i386", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-1.el5_11.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "ia64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-1.el5_11.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "ppc", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-1.el5_11.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "s390", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-1.el5_11.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "s390x", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-1.el5_11.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "x86_64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "31.5.3-3.ael7b_1", "arch": "ppc64le", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-3.ael7b_1.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "i686", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-3.el7_1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "ppc", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-3.el7_1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "ppc64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-3.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "s390", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-3.el7_1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "s390x", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-3.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "x86_64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-3.el7_1.x86_64.rpm", "operator": "lt"}], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nTwo flaws were found in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2015-0817, CVE-2015-0818)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges ilxu1a and Mariusz Mlynski as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 31.5.3 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.", "reporter": "RedHat", "published": "2015-03-24T13:55:07", "type": "redhat", "title": "(RHSA-2015:0718) Critical: firefox security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0817", "CVE-2015-0818"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-07-10T18:11:17", "id": "RHSA-2015:0718", "href": "https://access.redhat.com/errata/RHSA-2015:0718", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:57:33", "references": ["https://download.suse.com/patch/finder/?keywords=b6ab105b8070b709479f15ffdade4cf5", "https://download.suse.com/patch/finder/?keywords=d22145407e04e2836b7712bde079dc1b", "https://bugzilla.suse.com/923534", "https://download.suse.com/patch/finder/?keywords=46e1d668433ddb6f934feef219ec5983"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "31.5.3esr-0.5.2", "arch": "i586", "packageFilename": "MozillaFirefox-31.5.3esr-0.5.2.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "31.5.3esr-0.3.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.3.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "31.5.3esr-0.3.1", "arch": "i586", "packageFilename": "MozillaFirefox-31.5.3esr-0.3.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "31.5.3esr-0.3.1", "arch": "s390x", "packageFilename": "MozillaFirefox-31.5.3esr-0.3.1.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "31.5.3esr-0.3.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.3.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "31.5.3esr-0.3.1", "arch": "s390x", "packageFilename": "MozillaFirefox-31.5.3esr-0.3.1.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "31.5.3esr-0.5.2", "arch": "i586", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.5.2.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "31.5.3esr-0.3.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-31.5.3esr-0.3.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "31.5.3esr-0.3.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.3.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "31.5.3esr-0.5.2", "arch": "s390x", "packageFilename": "MozillaFirefox-31.5.3esr-0.5.2.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "31.5.3esr-0.3.1", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.3.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "31.5.3esr-0.3.1", "arch": "i586", "packageFilename": "MozillaFirefox-31.5.3esr-0.3.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "31.5.3esr-0.5.2", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.5.2.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "31.5.3esr-0.3.1", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.3.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "31.5.3esr-0.3.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-31.5.3esr-0.3.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "31.5.3esr-0.3.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.3.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}], "description": "MozillaFirefox was updated to the 31.5.3ESR release to fix two security\n vulnerabilities:\n\n *\n\n MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported,\n through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's\n implementation of typed array bounds checking in JavaScript just-in-time\n compilation (JIT) and its management of bounds checking for heap access.\n This flaw can be leveraged into the reading and writing of memory allowing\n for arbitrary code execution on the local system.\n\n *\n\n MFSA 2015-28 / CVE-2015-0818: Security researcher Mariusz Mlynski\n reported, through HP Zero Day Initiative's Pwn2Own contest, a method to\n run arbitrary scripts in a privileged context. This bypassed the\n same-origin policy protections by using a flaw in the processing of SVG\n format content navigation.\n\n Security Issues:\n\n * CVE-2015-0817\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817</a>&gt;\n * CVE-2015-0818\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818</a>&gt;\n\n", "edition": 1, "reporter": "Suse", "published": "2015-03-28T01:05:57", "title": "Security update for MozillaFirefox (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-03-28T01:05:57", "id": "SUSE-SU-2015:0593-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00034.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:18:43", "references": ["https://bugzilla.suse.com/923534"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-31.5.3esr-27.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-31.5.3esr-27.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-31.5.3esr-27.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-31.5.3esr-27.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-31.5.3esr-27.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-devel", "packageFilename": "MozillaFirefox-devel-31.5.3esr-27.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-31.5.3esr-27.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-31.5.3esr-27.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-31.5.3esr-27.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-31.5.3esr-27.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-devel", "packageFilename": "MozillaFirefox-devel-31.5.3esr-27.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-31.5.3esr-27.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-31.5.3esr-27.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-31.5.3esr-27.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-31.5.3esr-27.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-31.5.3esr-27.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-31.5.3esr-27.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-31.5.3esr-27.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-31.5.3esr-27.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-31.5.3esr-27.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-devel", "packageFilename": "MozillaFirefox-devel-31.5.3esr-27.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-31.5.3esr-27.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-31.5.3esr-27.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-31.5.3esr-27.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-31.5.3esr-27.1.s390x.rpm", "arch": "s390x", "operator": "lt"}], "description": "MozillaFirefox was updated to the 31.5.3ESR release to fix two security\n vulnerabilities:\n\n MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported, through\n HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's\n implementation of typed array bounds checking in JavaScript just-in-time\n compilation (JIT) and its management of bounds checking for heap access.\n This flaw can be leveraged into the reading and writing of memory allowing\n for arbitary code execution on the local system.\n\n MFSA 2015-28 / CVE-2015-0818: Security researcher Mariusz Mlynski\n reported, through HP Zero Day Initiative's Pwn2Own contest, a method to\n run arbitrary scripts in a privileged context. This bypassed the\n same-origin policy protections by using a flaw in the processing of SVG\n format content navigation.\n\n", "edition": 1, "reporter": "Suse", "published": "2015-03-30T19:04:59", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "suse", "title": "Security update for MozillaFirefox (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-03-30T19:04:59", "id": "SUSE-SU-2015:0630-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00035.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:40:21", "references": ["http://download.suse.com/patch/finder/?keywords=c769ca2ba75baf304d03ef988f02dabf", "https://bugzilla.suse.com/923534"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox-translations", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-31.5.3esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-31.5.3esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-31.5.3esr-0.8.1.ia64.rpm", "packageName": "MozillaFirefox", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.8.1.ia64.rpm", "packageName": "MozillaFirefox-translations", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-31.5.3esr-0.8.1.ppc64.rpm", "packageName": "MozillaFirefox", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.8.1.ppc64.rpm", "packageName": "MozillaFirefox-translations", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-31.5.3esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-devel-31.5.3esr-0.8.1.s390x.rpm", "packageName": "MozillaFirefox-devel", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.8.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-devel-31.5.3esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-31.5.3esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox-translations", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-devel-31.5.3esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-31.5.3esr-0.8.1.s390x.rpm", "packageName": "MozillaFirefox", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-devel-31.5.3esr-0.8.1.ia64.rpm", "packageName": "MozillaFirefox-devel", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-31.5.3esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-31.5.3esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox-translations", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-devel-31.5.3esr-0.8.1.ppc64.rpm", "packageName": "MozillaFirefox-devel", "arch": "ppc64", "operator": "lt"}], "description": "MozillaFirefox was updated to the 31.5.3ESR release to fix two security\n vulnerabilities:\n\n *\n\n MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported,\n through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's\n implementation of typed array bounds checking in JavaScript just-in-time\n compilation (JIT) and its management of bounds checking for heap access.\n This flaw can be leveraged into the reading and writing of memory allowing\n for arbitary code execution on the local system.\n\n *\n\n MFSA 2015-28 / CVE-2015-0818: Security researcher Mariusz Mlynski\n reported, through HP Zero Day Initiative's Pwn2Own contest, a method to\n run arbitrary scripts in a privileged context. This bypassed the\n same-origin policy protections by using a flaw in the processing of SVG\n format content navigation.\n\n Security Issues:\n\n * CVE-2015-0817\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817</a>&gt;\n * CVE-2015-0818\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818</a>&gt;\n\n", "edition": 1, "reporter": "Suse", "published": "2015-03-25T04:04:55", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "suse", "title": "Security update for Mozilla Firefox (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-03-25T04:04:55", "id": "SUSE-SU-2015:0593-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00029.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:27:16", "references": ["https://bugzilla.suse.com/923534"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "x86_64", "packageFilename": "seamonkey-2.33.1-53.1.x86_64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "x86_64", "packageFilename": "seamonkey-2.33.1-17.1.x86_64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "x86_64", "packageFilename": "seamonkey-debugsource-2.33.1-17.1.x86_64.rpm", "packageName": "seamonkey-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "x86_64", "packageFilename": "seamonkey-translations-other-2.33.1-53.1.x86_64.rpm", "packageName": "seamonkey-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "i586", "packageFilename": "seamonkey-2.33.1-53.1.i586.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "i586", "packageFilename": "seamonkey-translations-common-2.33.1-53.1.i586.rpm", "packageName": "seamonkey-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "x86_64", "packageFilename": "seamonkey-debuginfo-2.33.1-17.1.x86_64.rpm", "packageName": "seamonkey-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "x86_64", "packageFilename": "seamonkey-dom-inspector-2.33.1-53.1.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "i586", "packageFilename": "seamonkey-debugsource-2.33.1-53.1.i586.rpm", "packageName": "seamonkey-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "x86_64", "packageFilename": "seamonkey-translations-common-2.33.1-53.1.x86_64.rpm", "packageName": "seamonkey-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "x86_64", "packageFilename": "seamonkey-debugsource-2.33.1-53.1.x86_64.rpm", "packageName": "seamonkey-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "i586", "packageFilename": "seamonkey-translations-other-2.33.1-17.1.i586.rpm", "packageName": "seamonkey-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "i586", "packageFilename": "seamonkey-translations-common-2.33.1-17.1.i586.rpm", "packageName": "seamonkey-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "i586", "packageFilename": "seamonkey-debugsource-2.33.1-17.1.i586.rpm", "packageName": "seamonkey-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "x86_64", "packageFilename": "seamonkey-irc-2.33.1-53.1.x86_64.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "i586", "packageFilename": "seamonkey-irc-2.33.1-17.1.i586.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "x86_64", "packageFilename": "seamonkey-translations-other-2.33.1-17.1.x86_64.rpm", "packageName": "seamonkey-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "i586", "packageFilename": "seamonkey-dom-inspector-2.33.1-53.1.i586.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "x86_64", "packageFilename": "seamonkey-dom-inspector-2.33.1-17.1.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "i586", "packageFilename": "seamonkey-debuginfo-2.33.1-53.1.i586.rpm", "packageName": "seamonkey-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "i586", "packageFilename": "seamonkey-irc-2.33.1-53.1.i586.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "i586", "packageFilename": "seamonkey-translations-other-2.33.1-53.1.i586.rpm", "packageName": "seamonkey-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "x86_64", "packageFilename": "seamonkey-irc-2.33.1-17.1.x86_64.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "i586", "packageFilename": "seamonkey-2.33.1-17.1.i586.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "x86_64", "packageFilename": "seamonkey-translations-common-2.33.1-17.1.x86_64.rpm", "packageName": "seamonkey-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "i586", "packageFilename": "seamonkey-debuginfo-2.33.1-17.1.i586.rpm", "packageName": "seamonkey-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "i586", "packageFilename": "seamonkey-dom-inspector-2.33.1-17.1.i586.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "x86_64", "packageFilename": "seamonkey-debuginfo-2.33.1-53.1.x86_64.rpm", "packageName": "seamonkey-debuginfo", "operator": "lt"}], "description": "SeaMonkey was updated to 2.33.1 to fix several vulnerabilities.\n\n The following vulnerabilities were fixed:\n\n * Privilege escalation through SVG navigation (CVE-2015-0818)\n * Code execution through incorrect JavaScript bounds checking elimination\n (CVE-2015-0817)\n\n", "edition": 1, "reporter": "Suse", "published": "2015-03-30T23:04:47", "title": "Security update for seamonkey (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-03-30T23:04:47", "id": "OPENSUSE-SU-2015:0636-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00036.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:18:23", "references": ["https://bugzilla.suse.com/923534"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-36.0.4-63.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-devel", "packageFilename": "MozillaFirefox-devel-36.0.4-63.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-branding-upstream", "packageFilename": "MozillaFirefox-branding-upstream-36.0.4-63.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-36.0.4-63.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-buildsymbols", "packageFilename": "MozillaFirefox-buildsymbols-36.0.4-63.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-36.0.4-18.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-translations-other", "packageFilename": "MozillaFirefox-translations-other-36.0.4-18.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-branding-upstream", "packageFilename": "MozillaFirefox-branding-upstream-36.0.4-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-buildsymbols", "packageFilename": "MozillaFirefox-buildsymbols-36.0.4-18.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-buildsymbols", "packageFilename": "MozillaFirefox-buildsymbols-36.0.4-63.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-devel", "packageFilename": "MozillaFirefox-devel-36.0.4-63.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-translations-common", "packageFilename": "MozillaFirefox-translations-common-36.0.4-63.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-translations-other", "packageFilename": "MozillaFirefox-translations-other-36.0.4-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-36.0.4-63.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-36.0.4-18.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-36.0.4-63.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-buildsymbols", "packageFilename": "MozillaFirefox-buildsymbols-36.0.4-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-36.0.4-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-devel", "packageFilename": "MozillaFirefox-devel-36.0.4-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-36.0.4-63.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-36.0.4-18.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-translations-other", "packageFilename": "MozillaFirefox-translations-other-36.0.4-63.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-36.0.4-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-translations-common", "packageFilename": "MozillaFirefox-translations-common-36.0.4-63.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-translations-common", "packageFilename": "MozillaFirefox-translations-common-36.0.4-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-devel", "packageFilename": "MozillaFirefox-devel-36.0.4-18.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-translations-common", "packageFilename": "MozillaFirefox-translations-common-36.0.4-18.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-branding-upstream", "packageFilename": "MozillaFirefox-branding-upstream-36.0.4-63.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-36.0.4-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-branding-upstream", "packageFilename": "MozillaFirefox-branding-upstream-36.0.4-18.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-36.0.4-63.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-translations-other", "packageFilename": "MozillaFirefox-translations-other-36.0.4-63.1.i586.rpm", "arch": "i586", "operator": "lt"}], "description": "MozillaFirefox was updated to Firefox 36.0.4 to fix two critical security\n issues found during Pwn2Own:\n\n * MFSA 2015-28/CVE-2015-0818 (bmo#1144988) Privilege escalation through\n SVG navigation\n\n * MFSA 2015-29/CVE-2015-0817 (bmo#1145255) Code execution through\n incorrect JavaScript bounds checking elimination\n\n Als fixed were the following bugs:\n - Copy the icons to /usr/share/icons instead of symlinking them: in\n preparation for containerized apps (e.g. xdg-app) as well as AppStream\n metadata extraction, there are a couple locations that need to be real\n files for system integration (.desktop files, icons, mime-type info).\n\n - update to Firefox 36.0.1 Bugfixes:\n * Disable the usage of the ANY DNS query type (bmo#1093983)\n * Hello may become inactive until restart (bmo#1137469)\n * Print preferences may not be preserved (bmo#1136855)\n * Hello contact tabs may not be visible (bmo#1137141)\n * Accept hostnames that include an underscore character (&quot;_&quot;)\n (bmo#1136616)\n * WebGL may use significant memory with Canvas2d (bmo#1137251)\n * Option -remote has been restored (bmo#1080319)\n\n", "edition": 1, "reporter": "Suse", "published": "2015-03-26T08:04:49", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for MozillaFirefox (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-03-26T08:04:49", "id": "OPENSUSE-SU-2015:0607-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00030.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:28:41", "references": ["https://bugzilla.suse.com/917597", "https://bugzilla.suse.com/923534"], "affectedPackage": [{"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "i586", "packageFilename": "MozillaFirefox-debuginfo-31.5.3-137.1.i586.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-31.5.3-137.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-devel-31.5.3-137.1.x86_64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-other-31.5.3-137.1.i586.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-buildsymbols-31.5.3-137.1.x86_64.rpm", "packageName": "MozillaFirefox-buildsymbols", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "i586", "packageFilename": "MozillaFirefox-debugsource-31.5.3-137.1.i586.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-other-31.5.3-137.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-common-31.5.3-137.1.i586.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-upstream-31.5.3-137.1.x86_64.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "i586", "packageFilename": "MozillaFirefox-devel-31.5.3-137.1.i586.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-31.5.3-137.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-common-31.5.3-137.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-31.5.3-137.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "i586", "packageFilename": "MozillaFirefox-31.5.3-137.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "i586", "packageFilename": "MozillaFirefox-branding-upstream-31.5.3-137.1.i586.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "i586", "packageFilename": "MozillaFirefox-buildsymbols-31.5.3-137.1.i586.rpm", "packageName": "MozillaFirefox-buildsymbols", "operator": "lt"}], "description": "Update to Firefox 31.5.3 (bnc#923534)\n * MFSA 2015-28/CVE-2015-0818 (bmo#1144988) Privilege escalation through\n SVG navigation\n * MFSA 2015-29/CVE-2015-0817 (bmo#1145255) Code execution through\n incorrect JavaScript bounds checking elimination\n\n - update to Firefox 31.5.0esr (bnc#917597)\n * MFSA 2015-11/CVE-2015-0836 Miscellaneous memory safety hazards\n * MFSA 2015-12/CVE-2015-0833 (bmo#945192) Invoking Mozilla updater will\n load locally stored DLL files (Windows only)\n * MFSA 2015-16/CVE-2015-0831 (bmo#1130514) Use-after-free in IndexedDB\n * MFSA 2015-19/CVE-2015-0827 (bmo#1117304) Out-of-bounds read and write\n while rendering SVG content\n * MFSA 2015-24/CVE-2015-0822 (bmo#1110557) Reading of local files\n through manipulation of form autocomplete\n\n", "edition": 1, "reporter": "Suse", "published": "2015-03-22T21:04:42", "title": "update to Firefox 31.5.3 (important)", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0831", "CVE-2015-0818", "CVE-2015-0817", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827", "CVE-2015-0833"], "modified": "2015-03-22T21:04:42", "id": "OPENSUSE-SU-2015:0567-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:43", "references": ["https://www.mozilla.org/security/advisories/mfsa2015-29/", "https://www.mozilla.org/security/advisories/mfsa2015-28/", "https://www.mozilla.org/security/advisories/"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "36.0.4,1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.33.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-seamonkey", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.33.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "seamonkey", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "36.0.4,1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-firefox", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "31.5.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libxul", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "31.5.3,1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox-esr", "operator": "lt"}], "description": "\nThe Mozilla Project reports:\n\nMFSA-2015-28 Privilege escalation through SVG navigation\nMFSA-2015-29 Code execution through incorrect JavaScript\n\t bounds checking elimination\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2015-03-20T00:00:00", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-03-20T00:00:00", "id": "76FF65F4-17CA-4D3F-864A-A3D6026194FB", "href": "https://vuxml.freebsd.org/freebsd/76ff65f4-17ca-4d3f-864a-a3d6026194fb.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:42:21", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "31.5.3-3.0.1.el7_1", "arch": "x86_64", "packageFilename": "firefox-31.5.3-3.0.1.el7_1.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "31.5.3-1.0.1.el5_11", "arch": "x86_64", "packageFilename": "firefox-31.5.3-1.0.1.el5_11.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "31.5.3-3.0.1.el7_1", "arch": "i686", "packageFilename": "firefox-31.5.3-3.0.1.el7_1.i686.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "31.5.3-1.0.1.el5_11", "arch": "i386", "packageFilename": "firefox-31.5.3-1.0.1.el5_11.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "31.5.3-1.0.1.el5_11", "arch": "i386", "packageFilename": "firefox-31.5.3-1.0.1.el5_11.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "31.5.3-1.0.1.el6_6", "arch": "x86_64", "packageFilename": "firefox-31.5.3-1.0.1.el6_6.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "31.5.3-3.0.1.el7_1", "arch": "src", "packageFilename": "firefox-31.5.3-3.0.1.el7_1.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "31.5.3-1.0.1.el6_6", "arch": "i686", "packageFilename": "firefox-31.5.3-1.0.1.el6_6.i686.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "31.5.3-1.0.1.el6_6", "arch": "i686", "packageFilename": "firefox-31.5.3-1.0.1.el6_6.i686.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "31.5.3-1.0.1.el6_6", "arch": "src", "packageFilename": "firefox-31.5.3-1.0.1.el6_6.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "31.5.3-1.0.1.el6_6", "arch": "src", "packageFilename": "firefox-31.5.3-1.0.1.el6_6.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "31.5.3-1.0.1.el5_11", "arch": "src", "packageFilename": "firefox-31.5.3-1.0.1.el5_11.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "31.5.3-1.0.1.el5_11", "arch": "src", "packageFilename": "firefox-31.5.3-1.0.1.el5_11.src.rpm", "packageName": "firefox", "operator": "lt"}], "description": "[31.5.3-1.0.1.el5_11]\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding Red Hat files\n[31.5.3-1]\n- Update to 31.5.3 ESR\n[31.5.2-1]\n- Update to 31.5.2 ESR\n[31.5.1-1]\n- Update to 31.5.1 ESR", "edition": 3, "reporter": "Oracle", "published": "2015-03-24T00:00:00", "title": "firefox security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-03-24T00:00:00", "id": "ELSA-2015-0718", "href": "http://linux.oracle.com/errata/ELSA-2015-0718.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-18T13:49:55", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel_31.5.3esr-1~deb7u1_all.deb", "packageName": "iceweasel", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3201-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nMarch 22, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceweasel\nCVE ID : CVE-2015-0817 CVE-2015-0818\n\nMultiple security issues have been found in Iceweasel, Debian&#x27;s version\nof the Mozilla Firefox web browser. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2015-0817\n\n ilxu1a reported a flaw in Mozilla&#x27;s implementation of typed array\n bounds checking in JavaScript just-in-time compilation (JIT) and its\n management of bounds checking for heap access. This flaw can be\n leveraged into the reading and writing of memory allowing for\n arbitary code execution on the local system.\n\nCVE-2015-0818\n\n Mariusz Mlynski discovered a method to run arbitrary scripts in a\n privileged context. This bypassed the same-origin policy protections\n by using a flaw in the processing of SVG format content navigation.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 31.5.3esr-1~deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 31.5.3esr-1.\n\nWe recommend that you upgrade your iceweasel packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "reporter": "Debian", "published": "2015-03-22T09:26:34", "title": "[SECURITY] [DSA 3201-1] iceweasel security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:49:55", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-03-22T09:26:34", "id": "DEBIAN:DSA-3201-1:4F02B", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00086.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:20", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2015-0818", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-0817"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "36.0.4+build1-0ubuntu0.14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "36.0.4+build1-0ubuntu0.12.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "36.0.4+build1-0ubuntu0.14.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}], "description": "A flaw was discovered in the implementation of typed array bounds checking in the Javascript just-in-time compilation. If a user were tricked in to opening a specially crafted website, an attacked could exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0817)\n\nMariusz Mlynski discovered a flaw in the processing of SVG format content navigation. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to run arbitrary script in a privileged context. (CVE-2015-0818)", "edition": 3, "reporter": "Ubuntu", "published": "2015-03-22T00:00:00", "title": "Firefox vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-03-22T00:00:00", "id": "USN-2538-1", "href": "https://usn.ubuntu.com/2538-1/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:47", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/"], "affectedPackage": [{"OS": "any", "OSVersion": "any", "packageVersion": "36.0.3-1", "packageName": "firefox", "arch": "any", "packageFilename": "UNKNOWN", "operator": "lt"}], "edition": 1, "description": "- CVE-2015-0817 (arbitrary remote code execution):\n\nSecurity researcher ilxu1a reported, through HP Zero Day Initiative's\nPwn2Own contest, a flaw in Mozilla's implementation of typed array\nbounds checking in JavaScript just-in-time compilation (JIT) and its\nmanagement of bounds checking for heap access. This flaw can be\nleveraged into the reading and writing of memory allowing for arbitary\ncode execution on the local system.\n\n- CVE-2015-0818 (same-origin policy bypass):\n\nSecurity researcher Mariusz Mlynski reported, through HP Zero Day\nInitiative's Pwn2Own contest, a method to run arbitrary scripts in a\nprivileged context. This bypassed the same-origin policy protections by\nusing a flaw in the processing of SVG format content navigation.", "reporter": "Arch Linux", "published": "2015-03-21T00:00:00", "title": "firefox: multiple issues", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "archlinux", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-03-21T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html", "id": "ASA-201503-21", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "kaspersky": [{"lastseen": "2018-11-14T14:42:32", "references": [], "description": "### *CVSS*:\n7.5\n\n### *Detect date*:\n03/20/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nAn unspecified vulnerability was found in Mozilla products. By exploiting this vulnerability malicious users execute arbitrary code or gain privileges. This vulnerability can be exploited remotely via a SVG navigation or vectors related to Java-Script JIT.\n\n### *Affected products*:\nFirefox versions earlier than 36.0.4 \nFirefox ESR versions earlier than 31.5.3 \nSeaMonkey versions earlier than 2.33.1\n\n### *Solution*:\nUpdate to latest version \n[Download Mozilla Firefox ESR](<https://www.mozilla.org/en-US/firefox/organizations/all/>) \n[Download Mozilla Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[MFSA](<https://www.mozilla.org/en-US/security/advisories/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2015-0818](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818>) \n[CVE-2015-0817](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817>)", "edition": 23, "reporter": "Kaspersky Lab", "published": "2015-03-20T00:00:00", "title": "\r KLA10477Multiple vulnerabilities in Mozilla Firefox and Firefox ESR ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "info", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2018-11-06T00:00:00", "id": "KLA10477", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10477", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "zdi": [{"lastseen": "2016-11-09T00:18:14", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=1144988"], "edition": 2, "description": "This vulnerability allows remote attackers to bypass the same-origin policy on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of SVG format content navigation. By using a DOMAttrModified mutation event listener, an attacker can inject an arbitrary URL into the history, and cause Firefox to break the same-origin isolation policy.", "reporter": "Mariusz Mlynski", "published": "2015-04-03T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "title": "(Pwn2Own) Mozilla Firefox SVG DOMAttrModified Same-Origin Policy Bypass Vulnerability", "type": "zdi", "bulletinFamily": "info", "cvelist": ["CVE-2015-0818"], "modified": "2015-11-09T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-15-108", "id": "ZDI-15-108", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-11-09T00:18:08", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=1145255"], "edition": 2, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of heap access bounds checking. A specially crafted typed array can eliminate bounds checks for heap accesses. An attacker can leverage this vulnerability to execute code under the context of the current process.", "reporter": "i1xu1a", "published": "2015-04-03T00:00:00", "title": " (Pwn2Own) Mozilla Firefox Bounds Check Elimination Remote Code Execution Vulnerability", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "zdi", "bulletinFamily": "info", "cvelist": ["CVE-2015-0817"], "modified": "2015-11-09T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-15-109", "id": "ZDI-15-109", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "mozilla": [{"lastseen": "2016-09-05T13:37:51", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=1145255"], "description": "Security researcher ilxu1a reported, through HP Zero Day\nInitiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array\nbounds checking in JavaScript just-in-time compilation (JIT) and its management\nof bounds checking for heap access. This flaw can be leveraged into the reading\nand writing of memory allowing for arbitary code execution on the local system.", "edition": 1, "reporter": "Mozilla Foundation", "published": "2015-03-20T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "mozilla", "title": "Code execution through incorrect JavaScript bounds checking elimination", "bulletinFamily": "software", "affectedSoftware": [{"name": "SeaMonkey", "version": "2.33.1", "operator": "lt"}, {"name": "Firefox ESR", "version": "31.5.2", "operator": "lt"}, {"name": "Firefox", "version": "36.0.3", "operator": "lt"}], "cvelist": ["CVE-2015-0817"], "modified": "2015-03-20T00:00:00", "id": "MFSA2015-29", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2015-29/", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-05T13:37:48", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=1144988"], "edition": 1, "description": "Security researcher Mariusz Mlynski reported, through HP\nZero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a\nprivileged context. This bypassed the same-origin policy protections by using a\nflaw in the processing of SVG format content navigation.\n\nAn incomplete version of this fix was shipped in Firefox 36.0.3\nand Firefox ESR 31.5.2.", "reporter": "Mozilla Foundation", "published": "2015-03-20T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "mozilla", "title": "Privilege escalation through SVG navigation", "bulletinFamily": "software", "affectedSoftware": [{"name": "SeaMonkey", "version": "2.33.1", "operator": "lt"}, {"name": "Firefox ESR", "version": "31.5.3", "operator": "lt"}, {"name": "Firefox", "version": "36.0.4", "operator": "lt"}], "cvelist": ["CVE-2015-0818"], "modified": "2015-03-20T00:00:00", "id": "MFSA2015-28", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2015-28/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:59", "references": [], "description": "Restrictions bypass, information spoofing, information leakage, buffer overflows, memory corruptions, DoS, code execution.", "edition": 1, "reporter": "MOZILLA", "published": "2015-03-22T00:00:00", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:59", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Firefox ESR", "version": "31.4", "operator": "eq"}, {"name": "Firefox", "version": "35", "operator": "eq"}, {"name": "Thunderbird", "version": "31.4", "operator": "eq"}], "cvelist": ["CVE-2015-0824", "CVE-2015-0831", "CVE-2015-0832", "CVE-2015-0825", "CVE-2015-0821", "CVE-2015-0828", "CVE-2015-0826", "CVE-2015-0819", "CVE-2015-0834", "CVE-2015-0818", "CVE-2015-0835", "CVE-2015-0817", "CVE-2015-0823", "CVE-2015-0836", "CVE-2015-0829", "CVE-2015-0822", "CVE-2015-0830", "CVE-2015-0827", "CVE-2015-0820", "CVE-2015-0833"], "modified": "2015-03-22T00:00:00", "id": "SECURITYVULNS:VULN:14293", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14293", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:40", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5603", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5599", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5606", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1480", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5369", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1556", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0821", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1494", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0819", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1499", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0817", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1567", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1540", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1536", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0824", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0827", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1548", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5596", "https://bugs.gentoo.org/show_bug.cgi?id=541316", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1488", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5591", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5590", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0834", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1526", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1491", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1498", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8637", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1508", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1514", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8642", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5592", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1564", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1576", "https://bugs.gentoo.org/show_bug.cgi?id=512896", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1544", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1594", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5616", "https://bugs.gentoo.org/show_bug.cgi?id=489796", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5593", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1568", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1557", "https://bugs.gentoo.org/show_bug.cgi?id=509050", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1493", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1574", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8640", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1497", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5604", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1531", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1565", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1577", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6672", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0822", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1550", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0836", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1551", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1584", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1534", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5612", "https://bugs.gentoo.org/show_bug.cgi?id=491234", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0825", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5614", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1542", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1487", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6673", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1541", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1524", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1485", "https://bugs.gentoo.org/show_bug.cgi?id=525474", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1560", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1562", "https://bugs.gentoo.org/show_bug.cgi?id=523652", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5609", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1580", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1478", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1585", "https://bugs.gentoo.org/show_bug.cgi?id=531408", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1586", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1533", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1561", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1543", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1587", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5618", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1525", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5613", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1589", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5619", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1529", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1537", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5602", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0833", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1513", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1547", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5601", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1481", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1523", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8639", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1575", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1477", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0826", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8638", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5597", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0823", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1502", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1578", "https://bugs.gentoo.org/show_bug.cgi?id=500320", "https://bugs.gentoo.org/show_bug.cgi?id=505072", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0828", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1532", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1500", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6671", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8634", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5598", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1512", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1518", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0818", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1496", "https://bugs.gentoo.org/show_bug.cgi?id=544056", "https://bugs.gentoo.org/show_bug.cgi?id=536564", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1566", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5600", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1555", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1591", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8635", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5615", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5605", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1483", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1479", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8632", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1545", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1510", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1563", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8641", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1581", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1590", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1504", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5607", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1592", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1582", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1520", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5595", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1505", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1552", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1539", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1554", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8631", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1490", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5610", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1489", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1553", "https://bugs.gentoo.org/show_bug.cgi?id=493850", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1511", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1522", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1519", "https://bugs.gentoo.org/show_bug.cgi?id=522020", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1482", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1530", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1538", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1558", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1593", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1741", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1549", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0832", "https://bugs.gentoo.org/show_bug.cgi?id=517876", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1509", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1559", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0830", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8636", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1486", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2566", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1583", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1588", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0820", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0835", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0831", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0829", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1492"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "31.5.3", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-client/firefox-bin", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "31.5.0", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "mail-client/thunderbird", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.10.6", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-libs/nspr", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "31.5.0", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "mail-client/thunderbird-bin", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.33.1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-client/seamonkey", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "31.5.3", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-client/firefox", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.33.1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-client/seamonkey-bin", "operator": "lt"}], "edition": 1, "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-31.5.3\"\n \n\nAll firefox-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-31.5.3\"\n \n\nAll thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-31.5.0\"\n \n\nAll thunderbird-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-31.5.0\"\n \n\nAll seamonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.33.1\"\n \n\nAll seamonkey-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.33.1\"\n \n\nAll nspr users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nspr-4.10.6\"", "reporter": "Gentoo Foundation", "published": "2015-04-07T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0824", "CVE-2014-1505", "CVE-2014-1536", "CVE-2014-1577", "CVE-2014-1513", "CVE-2013-5601", "CVE-2013-5612", "CVE-2015-0831", "CVE-2013-5595", "CVE-2014-1530", "CVE-2014-1590", "CVE-2014-1586", "CVE-2014-1583", "CVE-2015-0832", "CVE-2013-5616", "CVE-2013-5607", "CVE-2014-1510", "CVE-2014-1566", "CVE-2013-5598", "CVE-2013-5613", "CVE-2014-1522", "CVE-2014-1587", "CVE-2014-1567", "CVE-2014-1481", "CVE-2014-1539", "CVE-2014-1487", "CVE-2015-0825", "CVE-2014-1594", "CVE-2014-1538", "CVE-2013-5609", "CVE-2015-0821", "CVE-2014-1525", "CVE-2013-5619", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1559", "CVE-2014-1537", "CVE-2014-1582", "CVE-2014-1523", "CVE-2014-1576", "CVE-2014-8631", "CVE-2013-5615", "CVE-2014-1529", "CVE-2015-0828", "CVE-2013-5597", "CVE-2014-1543", "CVE-2014-1486", "CVE-2013-5590", "CVE-2013-5605", "CVE-2013-5610", "CVE-2014-1532", "CVE-2013-6671", "CVE-2014-1548", "CVE-2014-1584", "CVE-2014-1588", "CVE-2015-0826", "CVE-2014-1531", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1542", "CVE-2014-1477", "CVE-2014-1578", "CVE-2013-1741", "CVE-2014-1540", "CVE-2014-1534", "CVE-2014-8642", "CVE-2014-1482", "CVE-2014-8637", "CVE-2014-1479", "CVE-2014-1504", "CVE-2014-8636", "CVE-2014-1580", "CVE-2014-1511", "CVE-2015-0819", "CVE-2014-1520", "CVE-2015-0834", "CVE-2014-1545", "CVE-2013-5592", "CVE-2014-1492", "CVE-2014-1556", "CVE-2013-5606", "CVE-2015-0818", "CVE-2014-1563", "CVE-2014-1524", "CVE-2014-8632", "CVE-2014-1512", "CVE-2014-1581", "CVE-2013-5604", "CVE-2014-1514", "CVE-2014-1592", "CVE-2014-8641", "CVE-2014-1490", "CVE-2015-0835", "CVE-2014-1498", "CVE-2014-1589", "CVE-2014-1565", "CVE-2014-1568", "CVE-2014-1555", "CVE-2014-1564", "CVE-2014-1574", "CVE-2014-1558", "CVE-2014-1551", "CVE-2014-1519", "CVE-2014-1547", "CVE-2014-1480", "CVE-2014-5369", "CVE-2014-1500", "CVE-2014-1497", "CVE-2013-5596", "CVE-2014-1478", "CVE-2014-1485", "CVE-2015-0817", "CVE-2014-1493", "CVE-2014-1544", "CVE-2014-8634", "CVE-2013-2566", "CVE-2015-0823", "CVE-2013-5603", "CVE-2013-6673", "CVE-2014-1562", "CVE-2015-0836", "CVE-2014-1541", "CVE-2014-1488", "CVE-2014-1552", "CVE-2013-5599", "CVE-2014-1553", "CVE-2014-8639", "CVE-2015-0829", "CVE-2014-1549", "CVE-2013-5591", "CVE-2013-5602", "CVE-2015-0822", "CVE-2014-1496", "CVE-2014-1554", "CVE-2015-0830", "CVE-2015-0827", "CVE-2014-8640", "CVE-2014-1557", "CVE-2014-1526", "CVE-2013-5593", "CVE-2014-1550", "CVE-2014-1533", "CVE-2014-1491", "CVE-2013-6672", "CVE-2013-5614", "CVE-2014-1575", "CVE-2014-8635", "CVE-2014-8638", "CVE-2014-1560", "CVE-2014-1585", "CVE-2014-1483", "CVE-2014-1489", "CVE-2014-1591", "CVE-2014-1593", "CVE-2015-0820", "CVE-2013-5600", "CVE-2014-1499", "CVE-2014-1518", "CVE-2014-1561", "CVE-2015-0833", "CVE-2013-5618"], "modified": "2015-04-08T00:00:00", "id": "GLSA-201504-01", "href": "https://security.gentoo.org/glsa/201504-01", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}