Mozilla Thunderbird Security Updates( mfsa_2017-17_2017-17 )-Windows
2017-06-15T00:00:00
ID OPENVAS:1361412562310811186 Type openvas Reporter Copyright (C) 2017 Greenbone Networks GmbH Modified 2018-10-19T00:00:00
Description
This host is installed with Mozilla
Thunderbird and is prone to multiple vulnerabilities.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_mozilla_thunderbird_mfsa_2017-17_2017-17_win.nasl 11982 2018-10-19 08:49:21Z mmartin $
#
# Mozilla Thunderbird Security Updates( mfsa_2017-17_2017-17 )-Windows
#
# Authors:
# Kashinath T <tkashinath@secpod.com>
#
# Copyright:
# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
CPE = "cpe:/a:mozilla:thunderbird";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.811186");
script_version("$Revision: 11982 $");
script_cve_id("CVE-2017-5472", "CVE-2017-7749", "CVE-2017-7750", "CVE-2017-7751",
"CVE-2017-7752", "CVE-2017-7754", "CVE-2017-7756", "CVE-2017-7757",
"CVE-2017-7778", "CVE-2017-7771", "CVE-2017-7772", "CVE-2017-7773",
"CVE-2017-7774", "CVE-2017-7775", "CVE-2017-7776", "CVE-2017-7777",
"CVE-2017-7758", "CVE-2017-7763", "CVE-2017-7764", "CVE-2017-7765",
"CVE-2017-5470");
script_bugtraq_id(99040, 99057, 99041);
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"last_modification", value:"$Date: 2018-10-19 10:49:21 +0200 (Fri, 19 Oct 2018) $");
script_tag(name:"creation_date", value:"2017-06-15 19:01:05 +0530 (Thu, 15 Jun 2017)");
script_name("Mozilla Thunderbird Security Updates( mfsa_2017-17_2017-17 )-Windows");
script_tag(name:"summary", value:"This host is installed with Mozilla
Thunderbird and is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The multiple flaws exist due to,
- Use-after-free using destroyed node when regenerating trees.
- Use-after-free during docshell reloading.
- Use-after-free with track elements.
- Use-after-free with content viewer listeners.
- Use-after-free with IME input.
- Out-of-bounds read in WebGL with ImageInfo object.
- Use-after-free and use-after-scope logging XHR header errors.
- Use-after-free in IndexedDB.
- Vulnerabilities in the Graphite 2 library.
- Out-of-bounds read in Opus encoder.
- Mac fonts render some unicode characters as spaces.
- Domain spoofing with combination of Canadian Syllabics and other unicode blocks.
- Mark of the Web bypass when saving executable files.");
script_tag(name:"impact", value:"Successful exploitation will allow remote
attackers to execute arbitrary code, to delete arbitrary files by leveraging
certain local file execution, to obtain sensitive information, and to cause
a denial of service.");
script_tag(name:"affected", value:"Mozilla Thunderbird version before 52.2 on Windows.");
script_tag(name:"solution", value:"Upgrade to Mozilla Thunderbird version 52.2");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"registry");
script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2017 Greenbone Networks GmbH");
script_family("General");
script_dependencies("gb_thunderbird_detect_portable_win.nasl");
script_mandatory_keys("Thunderbird/Win/Ver");
script_xref(name:"URL", value:"https://www.mozilla.org/en-US/thunderbird");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if(!tbVer = get_app_version(cpe:CPE)){
exit(0);
}
if(version_is_less(version:tbVer, test_version:"52.2"))
{
report = report_fixed_ver(installed_version:tbVer, fixed_version:"52.2");
security_message(data:report);
exit(0);
}
{"id": "OPENVAS:1361412562310811186", "type": "openvas", "bulletinFamily": "scanner", "title": "Mozilla Thunderbird Security Updates( mfsa_2017-17_2017-17 )-Windows", "description": "This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.", "published": "2017-06-15T00:00:00", "modified": "2018-10-19T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811186", "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "references": ["https://www.mozilla.org/en-US/thunderbird", "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/"], "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7765", "CVE-2017-7763", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "lastseen": "2019-05-29T18:34:39", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562311220171126", "OPENVAS:1361412562310811187", "OPENVAS:1361412562310882739", "OPENVAS:1361412562310891007", "OPENVAS:1361412562310890991", "OPENVAS:1361412562310882740", "OPENVAS:1361412562310871829", "OPENVAS:1361412562310843237", "OPENVAS:1361412562311220171127", "OPENVAS:1361412562310882734"]}, {"type": "centos", "idList": ["CESA-2017:1440", "CESA-2017:1561", "CESA-2017:1793"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3894-1:36592", "DEBIAN:DLA-1007-1:534E3", "DEBIAN:DSA-3881-1:E1AE9", "DEBIAN:DSA-3918-1:2949E", "DEBIAN:DLA-991-1:83D86", "DEBIAN:DLA-1013-1:F8CE1"]}, {"type": "archlinux", "idList": ["ASA-201706-19", "ASA-201706-20"]}, {"type": "redhat", "idList": ["RHSA-2017:1440", "RHSA-2017:1561", "RHSA-2017:1793"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-1793", "ELSA-2017-1440", "ELSA-2017-1561"]}, {"type": "ubuntu", "idList": ["USN-3321-1", "USN-3398-1", "USN-3315-1"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2017-1561.NASL", "CENTOS_RHSA-2017-1440.NASL", "REDHAT-RHSA-2017-1440.NASL", "ORACLELINUX_ELSA-2017-1440.NASL", "VIRTUOZZO_VZLSA-2017-1561.NASL", "SL_20170621_THUNDERBIRD_ON_SL6_X.NASL", "EULEROS_SA-2017-1127.NASL", "SL_20170614_FIREFOX_ON_SL6_X.NASL", "EULEROS_SA-2017-1126.NASL", "REDHAT-RHSA-2017-1561.NASL"]}, {"type": "kaspersky", "idList": ["KLA11050", "KLA11044"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:1620-1"]}, {"type": "gentoo", "idList": ["GLSA-201710-13"]}, {"type": "amazon", "idList": ["ALAS-2017-872"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:C7F45C70F6C0B1158EC8D8729409B754"]}, {"type": "freebsd", "idList": ["6CEC1B0A-DA15-467D-8691-1DEA392D4C8D"]}, {"type": "cve", "idList": ["CVE-2017-7763", "CVE-2017-7752", "CVE-2017-7749", "CVE-2017-7765"]}], "modified": "2019-05-29T18:34:39", "rev": 2}, "score": {"value": 8.5, "vector": "NONE", "modified": "2019-05-29T18:34:39", "rev": 2}, "vulnersScore": 8.5}, "pluginID": "1361412562310811186", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_thunderbird_mfsa_2017-17_2017-17_win.nasl 11982 2018-10-19 08:49:21Z mmartin $\n#\n# Mozilla Thunderbird Security Updates( mfsa_2017-17_2017-17 )-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811186\");\n script_version(\"$Revision: 11982 $\");\n script_cve_id(\"CVE-2017-5472\", \"CVE-2017-7749\", \"CVE-2017-7750\", \"CVE-2017-7751\",\n \"CVE-2017-7752\", \"CVE-2017-7754\", \"CVE-2017-7756\", \"CVE-2017-7757\",\n \"CVE-2017-7778\", \"CVE-2017-7771\", \"CVE-2017-7772\", \"CVE-2017-7773\",\n \"CVE-2017-7774\", \"CVE-2017-7775\", \"CVE-2017-7776\", \"CVE-2017-7777\",\n \"CVE-2017-7758\", \"CVE-2017-7763\", \"CVE-2017-7764\", \"CVE-2017-7765\",\n \"CVE-2017-5470\");\n script_bugtraq_id(99040, 99057, 99041);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-19 10:49:21 +0200 (Fri, 19 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-15 19:01:05 +0530 (Thu, 15 Jun 2017)\");\n script_name(\"Mozilla Thunderbird Security Updates( mfsa_2017-17_2017-17 )-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - Use-after-free using destroyed node when regenerating trees.\n\n - Use-after-free during docshell reloading.\n\n - Use-after-free with track elements.\n\n - Use-after-free with content viewer listeners.\n\n - Use-after-free with IME input.\n\n - Out-of-bounds read in WebGL with ImageInfo object.\n\n - Use-after-free and use-after-scope logging XHR header errors.\n\n - Use-after-free in IndexedDB.\n\n - Vulnerabilities in the Graphite 2 library.\n\n - Out-of-bounds read in Opus encoder.\n\n - Mac fonts render some unicode characters as spaces.\n\n - Domain spoofing with combination of Canadian Syllabics and other unicode blocks.\n\n - Mark of the Web bypass when saving executable files.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code, to delete arbitrary files by leveraging\n certain local file execution, to obtain sensitive information, and to cause\n a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird version before 52.2 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird version 52.2\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Thunderbird/Win/Ver\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/thunderbird\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"52.2\"))\n{\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"52.2\");\n security_message(data:report);\n exit(0);\n}\n", "naslFamily": "General"}
{"openvas": [{"lastseen": "2019-06-25T14:48:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7765", "CVE-2017-7763", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.", "modified": "2019-06-25T00:00:00", "published": "2017-06-15T00:00:00", "id": "OPENVAS:1361412562310811187", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811187", "type": "openvas", "title": "Mozilla Thunderbird Security Updates( mfsa_2017-17_2017-17 )-MAC OS X", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Thunderbird Security Updates( mfsa_2017-17_2017-17 )-MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811187\");\n script_version(\"2019-06-25T08:25:15+0000\");\n script_cve_id(\"CVE-2017-5472\", \"CVE-2017-7749\", \"CVE-2017-7750\", \"CVE-2017-7751\",\n \"CVE-2017-7752\", \"CVE-2017-7754\", \"CVE-2017-7756\", \"CVE-2017-7757\",\n \"CVE-2017-7778\", \"CVE-2017-7771\", \"CVE-2017-7772\", \"CVE-2017-7773\",\n \"CVE-2017-7774\", \"CVE-2017-7775\", \"CVE-2017-7776\", \"CVE-2017-7777\",\n \"CVE-2017-7758\", \"CVE-2017-7763\", \"CVE-2017-7764\", \"CVE-2017-7765\",\n \"CVE-2017-5470\");\n script_bugtraq_id(99040, 99057, 99041);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-06-25 08:25:15 +0000 (Tue, 25 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-06-15 19:04:02 +0530 (Thu, 15 Jun 2017)\");\n script_name(\"Mozilla Thunderbird Security Updates( mfsa_2017-17_2017-17 )-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - Use-after-free using destroyed node when regenerating trees.\n\n - Use-after-free during docshell reloading.\n\n - Use-after-free with track elements.\n\n - Use-after-free with content viewer listeners.\n\n - Use-after-free with IME input.\n\n - Out-of-bounds read in WebGL with ImageInfo object.\n\n - Use-after-free and use-after-scope logging XHR header errors.\n\n - Use-after-free in IndexedDB.\n\n - Vulnerabilities in the Graphite 2 library.\n\n - Out-of-bounds read in Opus encoder.\n\n - Mac fonts render some unicode characters as spaces.\n\n - Domain spoofing with combination of Canadian Syllabics and other unicode blocks.\n\n - Mark of the Web bypass when saving executable files.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code, to delete arbitrary files by leveraging\n certain local file execution, to obtain sensitive information, and to cause\n a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird version before 52.2 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird version 52.2\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Thunderbird/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/thunderbird\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"52.2\"))\n{\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"52.2\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:07:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "Multiple security issues have been found in the Mozilla Thunderbird mail\nclient: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nspoofing.", "modified": "2020-01-29T00:00:00", "published": "2018-02-05T00:00:00", "id": "OPENVAS:1361412562310891007", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891007", "type": "openvas", "title": "Debian LTS: Security Advisory for icedove/thunderbird (DLA-1007-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891007\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-5470\", \"CVE-2017-5472\", \"CVE-2017-7749\", \"CVE-2017-7750\", \"CVE-2017-7751\", \"CVE-2017-7752\", \"CVE-2017-7754\", \"CVE-2017-7756\", \"CVE-2017-7757\", \"CVE-2017-7758\", \"CVE-2017-7764\", \"CVE-2017-7771\", \"CVE-2017-7772\", \"CVE-2017-7773\", \"CVE-2017-7774\", \"CVE-2017-7775\", \"CVE-2017-7776\", \"CVE-2017-7777\", \"CVE-2017-7778\");\n script_name(\"Debian LTS: Security Advisory for icedove/thunderbird (DLA-1007-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-05 00:00:00 +0100 (Mon, 05 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/07/msg00001.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"icedove on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1:52.2.1-1~deb7u1.\n\nWe recommend that you upgrade your icedove packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple security issues have been found in the Mozilla Thunderbird mail\nclient: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nspoofing.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-all\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ar\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ast\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-be\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-bg\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-bn-bd\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-br\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ca\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-cs\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-da\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-de\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-dsb\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-el\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-en-gb\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-es-ar\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-es-es\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-et\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-eu\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-fi\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-fr\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-fy-nl\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ga-ie\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-gd\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-gl\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-he\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-hr\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-hsb\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-hu\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-hy-am\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-id\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-is\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-it\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ja\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-kab\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ko\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-lt\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-nb-no\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-nl\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-nn-no\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-pa-in\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-pl\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-pt-br\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-pt-pt\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-rm\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ro\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ru\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-si\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sk\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sl\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sq\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sr\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sv-se\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ta-lk\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-tr\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-uk\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-vi\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-zh-cn\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-zh-tw\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ar\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ast\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-be\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-bg\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-bn-bd\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-br\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ca\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-cs\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-cy\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-da\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-de\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-dsb\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-el\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-en-gb\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-es-ar\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-es-es\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-et\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-eu\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-fi\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-fr\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-fy-nl\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ga-ie\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-gd\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-gl\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-he\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-hr\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-hsb\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-hu\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-hy-am\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-id\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-is\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-it\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ja\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-kab\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ko\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-lt\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-nb-no\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-nl\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-nn-no\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-pa-in\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-pl\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-pt-br\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-pt-pt\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-rm\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ro\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ru\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-si\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sk\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sl\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sq\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sr\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sv-se\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ta-lk\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-tr\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-uk\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-vi\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-zh-cn\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-zh-tw\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ar\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ast\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-be\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-bg\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-bn-bd\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-br\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ca\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-cs\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-cy\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-da\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-de\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-dsb\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-el\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-en-gb\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-es-ar\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-es-es\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-et\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-eu\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-fi\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-fr\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-fy-nl\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ga-ie\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-gd\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-gl\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-he\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hr\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hsb\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hu\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hy-am\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-id\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-is\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-it\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ja\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-kab\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ko\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-lt\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-nb-no\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-nl\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-nn-no\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pa-in\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pl\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pt-br\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pt-pt\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-rm\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ro\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ru\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-si\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sk\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sl\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sq\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sr\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sv-se\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ta-lk\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-tr\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-uk\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-vi\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-zh-cn\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-zh-tw\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-all\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ar\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ast\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-be\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-bg\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-bn-bd\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-br\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ca\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-cs\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-da\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-de\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-dsb\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-el\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-en-gb\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-es-ar\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-es-es\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-et\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-eu\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-fi\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-fr\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-fy-nl\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ga-ie\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-gd\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-gl\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-he\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hr\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hsb\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hu\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hy-am\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-id\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-is\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-it\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ja\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-kab\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ko\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-lt\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-nb-no\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-nl\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-nn-no\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pa-in\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pl\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pt-br\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pt-pt\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-rm\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ro\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ru\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-si\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sk\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sl\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sq\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sr\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sv-se\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ta-lk\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-tr\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-uk\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-vi\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-zh-cn\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-zh-tw\", ver:\"1:52.2.1-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "Check the version of thunderbird", "modified": "2019-03-08T00:00:00", "published": "2017-06-22T00:00:00", "id": "OPENVAS:1361412562310882740", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882740", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2017:1561 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2017:1561 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882740\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-22 07:11:53 +0200 (Thu, 22 Jun 2017)\");\n script_cve_id(\"CVE-2017-5470\", \"CVE-2017-5472\", \"CVE-2017-7749\", \"CVE-2017-7750\",\n \"CVE-2017-7751\", \"CVE-2017-7752\", \"CVE-2017-7754\", \"CVE-2017-7756\",\n \"CVE-2017-7757\", \"CVE-2017-7758\", \"CVE-2017-7764\", \"CVE-2017-7771\",\n \"CVE-2017-7772\", \"CVE-2017-7773\", \"CVE-2017-7774\", \"CVE-2017-7775\",\n \"CVE-2017-7776\", \"CVE-2017-7777\", \"CVE-2017-7778\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2017:1561 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and\nnewsgroup client.\n\nThis update upgrades Thunderbird to version 52.2.0.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750,\nCVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773,\nCVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778,\nCVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Nils, Nicolas Trippar (Zimperium zLabs), Tyson Smith,\nMats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew\nMcCreight, Gary Kwong, Andre Bargull, Carsten Book, Jesse Schwartzentruber,\nJulian Hector, Marcia Knous, Ronald Crane, Samuel Erb, Holger Fuhrmannek,\nAbhishek Arya, and F. Alonso (revskills) as the original reporters.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:1561\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-June/022466.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~52.2.0~1.el7.centos\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "Several security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees, buffer overflows\nand other implementation errors may lead to the execution of arbitrary\ncode, denial of service or domain spoofing.\n\nDebian follows the extended support releases (ESR) of Firefox. Support\nfor the 45.x series has ended, so starting with this update we", "modified": "2019-03-18T00:00:00", "published": "2017-06-14T00:00:00", "id": "OPENVAS:1361412562310703881", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703881", "type": "openvas", "title": "Debian Security Advisory DSA 3881-1 (firefox-esr - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3881.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3881-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703881\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-5470\", \"CVE-2017-5472\", \"CVE-2017-7749\", \"CVE-2017-7750\", \"CVE-2017-7751\", \"CVE-2017-7752\", \"CVE-2017-7754\", \"CVE-2017-7756\", \"CVE-2017-7757\", \"CVE-2017-7758\", \"CVE-2017-7764\", \"CVE-2017-7771\", \"CVE-2017-7772\", \"CVE-2017-7773\", \"CVE-2017-7774\", \"CVE-2017-7775\", \"CVE-2017-7776\", \"CVE-2017-7777\", \"CVE-2017-7778\");\n script_name(\"Debian Security Advisory DSA 3881-1 (firefox-esr - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-14 00:00:00 +0200 (Wed, 14 Jun 2017)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3881.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"firefox-esr on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these problems have been fixed in\nversion 52.2.0esr-1~deb8u1.\n\nFor the upcoming stable distribution (stretch), these problems will be\nfixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 52.2.0esr-1.\n\nWe recommend that you upgrade your firefox-esr packages.\");\n script_tag(name:\"summary\", value:\"Several security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees, buffer overflows\nand other implementation errors may lead to the execution of arbitrary\ncode, denial of service or domain spoofing.\n\nDebian follows the extended support releases (ESR) of Firefox. Support\nfor the 45.x series has ended, so starting with this update we're now\nfollowing the 52.x releases.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"firefox-esr\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-dbg\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-dev\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ach\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-af\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-all\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-an\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ar\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-as\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ast\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-az\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bg\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-bd\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-in\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-br\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bs\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ca\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cak\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cs\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cy\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-da\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-de\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-dsb\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-el\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-gb\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-za\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eo\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-ar\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-cl\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-es\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-mx\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-et\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eu\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fa\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ff\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fi\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fr\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fy-nl\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ga-ie\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gd\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gl\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gn\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gu-in\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-he\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hi-in\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hr\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hsb\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hu\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hy-am\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-id\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-is\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-it\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ja\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ka\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kab\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kk\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-km\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kn\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ko\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lij\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lt\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lv\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mai\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mk\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ml\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mr\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ms\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nb-no\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nl\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nn-no\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-or\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pa-in\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pl\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-br\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-pt\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-rm\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ro\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ru\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-si\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sk\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sl\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-son\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sq\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sr\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sv-se\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ta\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-te\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-th\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-tr\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uk\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uz\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-vi\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-xh\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-cn\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-tw\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cak\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gn\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ka\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kab\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"52.2.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:57:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "Several security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees, buffer overflows\nand other implementation errors may lead to the execution of arbitrary\ncode, denial of service or domain spoofing.\n\nDebian follows the extended support releases (ESR) of Firefox. Support\nfor the 45.x series has ended, so starting with this update we", "modified": "2017-07-07T00:00:00", "published": "2017-06-14T00:00:00", "id": "OPENVAS:703881", "href": "http://plugins.openvas.org/nasl.php?oid=703881", "type": "openvas", "title": "Debian Security Advisory DSA 3881-1 (firefox-esr - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3881.nasl 6607 2017-07-07 12:04:25Z cfischer $\n# Auto-generated from advisory DSA 3881-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703881);\n script_version(\"$Revision: 6607 $\");\n script_cve_id(\"CVE-2017-5470\", \"CVE-2017-5472\", \"CVE-2017-7749\", \"CVE-2017-7750\", \"CVE-2017-7751\", \"CVE-2017-7752\", \"CVE-2017-7754\", \"CVE-2017-7756\", \"CVE-2017-7757\", \"CVE-2017-7758\", \"CVE-2017-7764\", \"CVE-2017-7771\", \"CVE-2017-7772\", \"CVE-2017-7773\", \"CVE-2017-7774\", \"CVE-2017-7775\", \"CVE-2017-7776\", \"CVE-2017-7777\", \"CVE-2017-7778\");\n script_name(\"Debian Security Advisory DSA 3881-1 (firefox-esr - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:04:25 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-06-14 00:00:00 +0200 (Wed, 14 Jun 2017)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3881.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"firefox-esr on Debian Linux\");\n script_tag(name: \"insight\", value: \"Firefox ESR is a powerful, extensible web browser with support for modern\nweb application technologies.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 52.2.0esr-1~deb8u1.\n\nFor the upcoming stable distribution (stretch), these problems will be\nfixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 52.2.0esr-1.\n\nWe recommend that you upgrade your firefox-esr packages.\");\n script_tag(name: \"summary\", value: \"Several security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees, buffer overflows\nand other implementation errors may lead to the execution of arbitrary\ncode, denial of service or domain spoofing.\n\nDebian follows the extended support releases (ESR) of Firefox. Support\nfor the 45.x series has ended, so starting with this update we're now\nfollowing the 52.x releases.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"firefox-esr\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-dbg\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-dev\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ach\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-af\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-all\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-an\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ar\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-as\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ast\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-az\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bg\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-bd\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-in\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-br\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bs\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ca\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cak\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cs\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cy\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-da\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-de\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-dsb\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-el\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-gb\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-za\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eo\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-ar\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-cl\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-es\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-mx\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-et\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eu\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fa\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ff\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fi\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fr\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fy-nl\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ga-ie\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gd\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gl\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gn\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gu-in\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-he\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hi-in\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hr\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hsb\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hu\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hy-am\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-id\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-is\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-it\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ja\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ka\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kab\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kk\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-km\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kn\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ko\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lij\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lt\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lv\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mai\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mk\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ml\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mr\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ms\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nb-no\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nl\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nn-no\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-or\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pa-in\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pl\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-br\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-pt\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-rm\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ro\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ru\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-si\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sk\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sl\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-son\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sq\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sr\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sv-se\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ta\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-te\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-th\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-tr\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uk\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uz\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-vi\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-xh\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-cn\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-tw\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cak\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gn\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ka\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kab\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"52.2.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-01-27T18:35:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171126", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171126", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2017-1126)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1126\");\n script_version(\"2020-01-23T10:52:20+0000\");\n script_cve_id(\"CVE-2017-5470\", \"CVE-2017-5472\", \"CVE-2017-7749\", \"CVE-2017-7750\", \"CVE-2017-7751\", \"CVE-2017-7752\", \"CVE-2017-7754\", \"CVE-2017-7756\", \"CVE-2017-7757\", \"CVE-2017-7758\", \"CVE-2017-7764\", \"CVE-2017-7771\", \"CVE-2017-7772\", \"CVE-2017-7773\", \"CVE-2017-7774\", \"CVE-2017-7775\", \"CVE-2017-7776\", \"CVE-2017-7777\", \"CVE-2017-7778\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:52:20 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:52:20 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2017-1126)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1126\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1126\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'firefox' package(s) announced via the EulerOS-SA-2017-1126 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7750, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764)\");\n\n script_tag(name:\"affected\", value:\"'firefox' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~52.2.0~1.h1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:35:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171127", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171127", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2017-1127)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1127\");\n script_version(\"2020-01-23T10:52:37+0000\");\n script_cve_id(\"CVE-2017-5470\", \"CVE-2017-5472\", \"CVE-2017-7749\", \"CVE-2017-7750\", \"CVE-2017-7751\", \"CVE-2017-7752\", \"CVE-2017-7754\", \"CVE-2017-7756\", \"CVE-2017-7757\", \"CVE-2017-7758\", \"CVE-2017-7764\", \"CVE-2017-7771\", \"CVE-2017-7772\", \"CVE-2017-7773\", \"CVE-2017-7774\", \"CVE-2017-7775\", \"CVE-2017-7776\", \"CVE-2017-7777\", \"CVE-2017-7778\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:52:37 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:52:37 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2017-1127)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1127\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1127\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'firefox' package(s) announced via the EulerOS-SA-2017-1127 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7750, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764)\");\n\n script_tag(name:\"affected\", value:\"'firefox' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~52.2.0~1.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-07-14T00:00:00", "id": "OPENVAS:1361412562310843237", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843237", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-3321-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3321_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for thunderbird USN-3321-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843237\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-14 15:55:17 +0530 (Fri, 14 Jul 2017)\");\n script_cve_id(\"CVE-2017-5470\", \"CVE-2017-5472\", \"CVE-2017-7749\", \"CVE-2017-7750\",\n \"CVE-2017-7751\", \"CVE-2017-7752\", \"CVE-2017-7754\", \"CVE-2017-7756\",\n \"CVE-2017-7757\", \"CVE-2017-7758\", \"CVE-2017-7764\", \"CVE-2017-7771\",\n\t\t\"CVE-2017-7772\", \"CVE-2017-7773\", \"CVE-2017-7774\", \"CVE-2017-7775\",\n\t\t\"CVE-2017-7776\", \"CVE-2017-7777\", \"CVE-2017-7778\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for thunderbird USN-3321-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered in\n Thunderbird. If a user were tricked in to opening a specially crafted website in\n a browsing context, an attacker could potentially exploit these to cause a\n denial of service, read uninitialized memory, obtain sensitive information or\n execute arbitrary code. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749,\n CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, CVE-2017-7756,\n CVE-2017-7757, CVE-2017-7758, CVE-2017-7764) Multiple security issues were\n discovered in the Graphite 2 library used by Thunderbird. If a user were tricked\n in to opening a specially crafted message, an attacker could potentially exploit\n these to cause a denial of service, read uninitialized memory, or execute\n arbitrary code. (CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774,\n CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778)\");\n script_tag(name:\"affected\", value:\"thunderbird on Ubuntu 17.04,\n Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3321-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3321-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:52.2.1+build1-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:52.2.1+build1-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:52.2.1+build1-0ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:52.2.1+build1-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "Check the version of firefox", "modified": "2019-03-08T00:00:00", "published": "2017-06-16T00:00:00", "id": "OPENVAS:1361412562310882733", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882733", "type": "openvas", "title": "CentOS Update for firefox CESA-2017:1440 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2017:1440 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882733\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-16 06:58:13 +0200 (Fri, 16 Jun 2017)\");\n script_cve_id(\"CVE-2017-5470\", \"CVE-2017-5472\", \"CVE-2017-7749\", \"CVE-2017-7750\",\n \"CVE-2017-7751\", \"CVE-2017-7752\", \"CVE-2017-7754\", \"CVE-2017-7756\",\n \"CVE-2017-7757\", \"CVE-2017-7758\", \"CVE-2017-7764\", \"CVE-2017-7771\",\n \"CVE-2017-7772\", \"CVE-2017-7773\", \"CVE-2017-7774\", \"CVE-2017-7775\",\n \"CVE-2017-7776\", \"CVE-2017-7777\", \"CVE-2017-7778\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2017:1440 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.2.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7751,\nCVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774,\nCVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7750,\nCVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Nils, Nicolas Trippar of Zimperium zLabs, Mats\nPalmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight,\nGary Kwong, Andre Bargull, Carsten Book, Jesse Schwartzentruber, Julian\nHector, Marcia Knous, Ronald Crane, Samuel Erb, Holger Fuhrmannek, Tyson\nSmith, Abhishek Arya, and F. Alonso (revskills) as the original reporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:1440\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-June/022459.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~52.2.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "Check the version of thunderbird", "modified": "2019-03-08T00:00:00", "published": "2017-06-22T00:00:00", "id": "OPENVAS:1361412562310882739", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882739", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2017:1561 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2017:1561 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882739\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-22 07:11:12 +0200 (Thu, 22 Jun 2017)\");\n script_cve_id(\"CVE-2017-5470\", \"CVE-2017-5472\", \"CVE-2017-7749\", \"CVE-2017-7750\",\n \"CVE-2017-7751\", \"CVE-2017-7752\", \"CVE-2017-7754\", \"CVE-2017-7756\",\n \"CVE-2017-7757\", \"CVE-2017-7758\", \"CVE-2017-7764\", \"CVE-2017-7771\",\n \"CVE-2017-7772\", \"CVE-2017-7773\", \"CVE-2017-7774\", \"CVE-2017-7775\",\n \"CVE-2017-7776\", \"CVE-2017-7777\", \"CVE-2017-7778\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2017:1561 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail\nand newsgroup client.\n\nThis update upgrades Thunderbird to version 52.2.0.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750,\nCVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773,\nCVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778,\nCVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Nils, Nicolas Trippar (Zimperium zLabs), Tyson Smith,\nMats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew\nMcCreight, Gary Kwong, Andre Bargull, Carsten Book, Jesse Schwartzentruber,\nJulian Hector, Marcia Knous, Ronald Crane, Samuel Erb, Holger Fuhrmannek,\nAbhishek Arya, and F. Alonso (revskills) as the original reporters.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:1561\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-June/022465.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~52.2.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-01T03:52:51", "description": "The version of Mozilla Thunderbird installed on the remote Windows\nhost is prior to 52.2 It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple memory corruption issues exist that allow an\n unauthenticated, remote attacker to execute arbitrary\n code by convincing a user to visit a specially crafted\n website. (CVE-2017-5470)\n\n - A use-after-free error exists in the EndUpdate()\n function in nsCSSFrameConstructor.cpp that is triggered\n when reconstructing trees during regeneration of CSS\n layouts. An unauthenticated, remote attacker can exploit\n this, by convincing a user to visit a specially crafted\n website, to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2017-5472)\n\n - A use-after-free error exists in the Reload() function\n in nsDocShell.cpp that is triggered when using an\n incorrect URL during the reload of a docshell. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-7749)\n\n - A use-after-free error exists in the Hide() function in\n nsDocumentViewer.cpp that is triggered when handling\n track elements. An unauthenticated, remote attacker can\n exploit this to cause a denial of service condition or\n the execution of arbitrary code. (CVE-2017-7750)\n\n - A use-after-free error exists in the nsDocumentViewer\n class in nsDocumentViewer.cpp that is triggered when\n handling content viewer listeners. An unauthenticated,\n remote attacker can exploit this to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2017-7751)\n\n - A use-after-free error exists that is triggered when\n handling events while specific user interaction occurs\n with the input method editor (IME). An unauthenticated,\n remote attacker can exploit this to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2017-7752)\n\n - An out-of-bounds read error exists in the IsComplete()\n function in WebGLTexture.cpp that is triggered when\n handling textures. An unauthenticated, remote attacker\n can exploit this to disclose memory contents.\n (CVE-2017-7754)\n\n - A privilege escalation vulnerability exists due to\n improper loading of dynamic-link library (DLL) files. A\n local attacker can exploit this, via a specially crafted\n DLL file in the installation path, to inject and execute\n arbitrary code. (CVE-2017-7755)\n\n - A use-after-free error exists in the SetRequestHead()\n function in XMLHttpRequestMainThread.cpp that is\n triggered when logging XML HTTP Requests (XHR). An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-7756)\n\n - A use-after-free error exists in ActorsParent.cpp due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-7757)\n\n - An out-of-bounds read error exists in the\n AppendAudioSegment() function in TrackEncoder.cpp that\n is triggered when the number of channels in an audio\n stream changes while the Opus encoder is in use. An\n unauthenticated, remote attacker can exploit this to\n disclose sensitive information. (CVE-2017-7758)\n\n - A flaw exists in the isLabelSafe() function in\n nsIDNService.cpp that is triggered when handling\n characters from different unicode blocks. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted IDN domain, to spoof a valid URL and\n conduct phishing attacks. (CVE-2017-7764)\n\n - A flaw exists that is triggered due to improper parsing\n of long filenames when handling downloaded files. An\n unauthenticated, remote attacker can exploit this to\n cause a file to be downloaded without the\n 'mark-of-the-web' applied, resulting in security\n warnings for executables not being displayed.\n (CVE-2017-7765)\n\n - An out-of-bounds read error exists in the Graphite\n component in the readPass() function in Pass.cpp. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the disclosure of\n memory contents. (CVE-2017-7771)\n\n - Multiple integer overflow conditions exist in the\n Graphite component in the decompress() function in\n Decompressor.cpp due to improper validation of\n user-supplied input. An unauthenticated, remote attacker\n can exploit this to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2017-7772,\n CVE-2017-7773, CVE-2017-7778)\n\n - An out-of-bounds read error exists in the Graphite\n component in the readGraphite() function in Silf.cpp. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or disclose memory\n contents. (CVE-2017-7774)\n\n - An assertion flaw exists in the Graphite component when\n handling zero value sizes. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2017-7775)\n\n - An out-of-bounds read error exists in the Graphite\n component in getClassGlyph() function in Silf.cpp due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2017-7776)\n\n - A flaw exists in the Graphite component in the\n read_glyph() function in GlyphCache.cpp related to use\n of uninitialized memory. An unauthenticated, remote\n attacker can exploit this to have an unspecified impact.\n (CVE-2017-7777)", "edition": 29, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-17T00:00:00", "title": "Mozilla Thunderbird < 52.2 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7755", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7765", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MOZILLA_THUNDERBIRD_52_2.NASL", "href": "https://www.tenable.com/plugins/nessus/101772", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101772);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-5470\",\n \"CVE-2017-5472\",\n \"CVE-2017-7749\",\n \"CVE-2017-7750\",\n \"CVE-2017-7751\",\n \"CVE-2017-7752\",\n \"CVE-2017-7754\",\n \"CVE-2017-7755\",\n \"CVE-2017-7756\",\n \"CVE-2017-7757\",\n \"CVE-2017-7758\",\n \"CVE-2017-7764\",\n \"CVE-2017-7765\",\n \"CVE-2017-7771\",\n \"CVE-2017-7772\",\n \"CVE-2017-7773\",\n \"CVE-2017-7774\",\n \"CVE-2017-7775\",\n \"CVE-2017-7776\",\n \"CVE-2017-7777\",\n \"CVE-2017-7778\"\n );\n script_bugtraq_id(99041);\n script_xref(name:\"MFSA\", value:\"2017-17\");\n\n script_name(english:\"Mozilla Thunderbird < 52.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Thunderbird.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a mail client that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Thunderbird installed on the remote Windows\nhost is prior to 52.2 It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple memory corruption issues exist that allow an\n unauthenticated, remote attacker to execute arbitrary\n code by convincing a user to visit a specially crafted\n website. (CVE-2017-5470)\n\n - A use-after-free error exists in the EndUpdate()\n function in nsCSSFrameConstructor.cpp that is triggered\n when reconstructing trees during regeneration of CSS\n layouts. An unauthenticated, remote attacker can exploit\n this, by convincing a user to visit a specially crafted\n website, to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2017-5472)\n\n - A use-after-free error exists in the Reload() function\n in nsDocShell.cpp that is triggered when using an\n incorrect URL during the reload of a docshell. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-7749)\n\n - A use-after-free error exists in the Hide() function in\n nsDocumentViewer.cpp that is triggered when handling\n track elements. An unauthenticated, remote attacker can\n exploit this to cause a denial of service condition or\n the execution of arbitrary code. (CVE-2017-7750)\n\n - A use-after-free error exists in the nsDocumentViewer\n class in nsDocumentViewer.cpp that is triggered when\n handling content viewer listeners. An unauthenticated,\n remote attacker can exploit this to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2017-7751)\n\n - A use-after-free error exists that is triggered when\n handling events while specific user interaction occurs\n with the input method editor (IME). An unauthenticated,\n remote attacker can exploit this to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2017-7752)\n\n - An out-of-bounds read error exists in the IsComplete()\n function in WebGLTexture.cpp that is triggered when\n handling textures. An unauthenticated, remote attacker\n can exploit this to disclose memory contents.\n (CVE-2017-7754)\n\n - A privilege escalation vulnerability exists due to\n improper loading of dynamic-link library (DLL) files. A\n local attacker can exploit this, via a specially crafted\n DLL file in the installation path, to inject and execute\n arbitrary code. (CVE-2017-7755)\n\n - A use-after-free error exists in the SetRequestHead()\n function in XMLHttpRequestMainThread.cpp that is\n triggered when logging XML HTTP Requests (XHR). An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-7756)\n\n - A use-after-free error exists in ActorsParent.cpp due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-7757)\n\n - An out-of-bounds read error exists in the\n AppendAudioSegment() function in TrackEncoder.cpp that\n is triggered when the number of channels in an audio\n stream changes while the Opus encoder is in use. An\n unauthenticated, remote attacker can exploit this to\n disclose sensitive information. (CVE-2017-7758)\n\n - A flaw exists in the isLabelSafe() function in\n nsIDNService.cpp that is triggered when handling\n characters from different unicode blocks. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted IDN domain, to spoof a valid URL and\n conduct phishing attacks. (CVE-2017-7764)\n\n - A flaw exists that is triggered due to improper parsing\n of long filenames when handling downloaded files. An\n unauthenticated, remote attacker can exploit this to\n cause a file to be downloaded without the\n 'mark-of-the-web' applied, resulting in security\n warnings for executables not being displayed.\n (CVE-2017-7765)\n\n - An out-of-bounds read error exists in the Graphite\n component in the readPass() function in Pass.cpp. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the disclosure of\n memory contents. (CVE-2017-7771)\n\n - Multiple integer overflow conditions exist in the\n Graphite component in the decompress() function in\n Decompressor.cpp due to improper validation of\n user-supplied input. An unauthenticated, remote attacker\n can exploit this to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2017-7772,\n CVE-2017-7773, CVE-2017-7778)\n\n - An out-of-bounds read error exists in the Graphite\n component in the readGraphite() function in Silf.cpp. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or disclose memory\n contents. (CVE-2017-7774)\n\n - An assertion flaw exists in the Graphite component when\n handling zero value sizes. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2017-7775)\n\n - An out-of-bounds read error exists in the Graphite\n component in getClassGlyph() function in Silf.cpp due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2017-7776)\n\n - A flaw exists in the Graphite component in the\n read_glyph() function in GlyphCache.cpp related to use\n of uninitialized memory. An unauthenticated, remote\n attacker can exploit this to have an unspecified impact.\n (CVE-2017-7777)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1365602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1355039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1356558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1363396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1361326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1359547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1357090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1366595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1356824\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1368490\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1360309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1364283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1273265\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Thunderbird version 52.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7778\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', fix:'52.2', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-31T20:10:52", "description": "An update for thunderbird is now available for Red Hat Enterprise\nLinux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 52.2.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2017-5470,\nCVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751,\nCVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773,\nCVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777,\nCVE-2017-7778, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757,\nCVE-2017-7758, CVE-2017-7764)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Nils, Nicolas Trippar (Zimperium zLabs),\nTyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian\nHoller, Andrew McCreight, Gary Kwong, Andre Bargull, Carsten Book,\nJesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane,\nSamuel Erb, Holger Fuhrmannek, Abhishek Arya, and F. Alonso\n(revskills) as the original reporters.", "edition": 24, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-21T00:00:00", "title": "RHEL 6 / 7 : thunderbird (RHSA-2017:1561)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "modified": "2017-06-21T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:thunderbird", "cpe:/o:redhat:enterprise_linux:7.7", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2017-1561.NASL", "href": "https://www.tenable.com/plugins/nessus/100950", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1561. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100950);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2017-5470\", \"CVE-2017-5472\", \"CVE-2017-7749\", \"CVE-2017-7750\", \"CVE-2017-7751\", \"CVE-2017-7752\", \"CVE-2017-7754\", \"CVE-2017-7756\", \"CVE-2017-7757\", \"CVE-2017-7758\", \"CVE-2017-7764\", \"CVE-2017-7771\", \"CVE-2017-7772\", \"CVE-2017-7773\", \"CVE-2017-7774\", \"CVE-2017-7775\", \"CVE-2017-7776\", \"CVE-2017-7777\", \"CVE-2017-7778\");\n script_xref(name:\"RHSA\", value:\"2017:1561\");\n\n script_name(english:\"RHEL 6 / 7 : thunderbird (RHSA-2017:1561)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 52.2.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2017-5470,\nCVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751,\nCVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773,\nCVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777,\nCVE-2017-7778, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757,\nCVE-2017-7758, CVE-2017-7764)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Nils, Nicolas Trippar (Zimperium zLabs),\nTyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian\nHoller, Andrew McCreight, Gary Kwong, Andre Bargull, Carsten Book,\nJesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane,\nSamuel Erb, Holger Fuhrmannek, Abhishek Arya, and F. Alonso\n(revskills) as the original reporters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:1561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7756\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7771\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7778\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:1561\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-52.2.0-1.el6_9\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-52.2.0-1.el6_9\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-52.2.0-1.el6_9\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-debuginfo-52.2.0-1.el6_9\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-debuginfo-52.2.0-1.el6_9\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-52.2.0-1.el6_9\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"thunderbird-52.2.0-1.el7_3\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-52.2.0-1.el7_3\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:45:12", "description": "Multiple security issues were discovered in Thunderbird. If a user\nwere tricked in to opening a specially crafted website in a browsing\ncontext, an attacker could potentially exploit these to cause a denial\nof service, read uninitialized memory, obtain sensitive information or\nexecute arbitrary code. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749,\nCVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754,\nCVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764)\n\nMultiple security issues were discovered in the Graphite 2 library\nused by Thunderbird. If a user were tricked in to opening a specially\ncrafted message, an attacker could potentially exploit these to cause\na denial of service, read uninitialized memory, or execute arbitrary\ncode. (CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774,\nCVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-06T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : thunderbird vulnerabilities (USN-3321-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10", "p-cpe:/a:canonical:ubuntu_linux:thunderbird", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3321-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101261", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3321-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101261);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-5470\", \"CVE-2017-5472\", \"CVE-2017-7749\", \"CVE-2017-7750\", \"CVE-2017-7751\", \"CVE-2017-7752\", \"CVE-2017-7754\", \"CVE-2017-7756\", \"CVE-2017-7757\", \"CVE-2017-7758\", \"CVE-2017-7764\", \"CVE-2017-7771\", \"CVE-2017-7772\", \"CVE-2017-7773\", \"CVE-2017-7774\", \"CVE-2017-7775\", \"CVE-2017-7776\", \"CVE-2017-7777\", \"CVE-2017-7778\");\n script_xref(name:\"USN\", value:\"3321-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : thunderbird vulnerabilities (USN-3321-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues were discovered in Thunderbird. If a user\nwere tricked in to opening a specially crafted website in a browsing\ncontext, an attacker could potentially exploit these to cause a denial\nof service, read uninitialized memory, obtain sensitive information or\nexecute arbitrary code. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749,\nCVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754,\nCVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764)\n\nMultiple security issues were discovered in the Graphite 2 library\nused by Thunderbird. If a user were tricked in to opening a specially\ncrafted message, an attacker could potentially exploit these to cause\na denial of service, read uninitialized memory, or execute arbitrary\ncode. (CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774,\nCVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3321-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|16\\.10|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 16.10 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"thunderbird\", pkgver:\"1:52.2.1+build1-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"thunderbird\", pkgver:\"1:52.2.1+build1-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"thunderbird\", pkgver:\"1:52.2.1+build1-0ubuntu0.16.10.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"thunderbird\", pkgver:\"1:52.2.1+build1-0ubuntu0.17.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:51:26", "description": "From Red Hat Security Advisory 2017:1440 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 6\nand Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.2.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2017-5470, CVE-2017-5472,\nCVE-2017-7749, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771,\nCVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775,\nCVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7750,\nCVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758,\nCVE-2017-7764)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Nils, Nicolas Trippar of Zimperium\nzLabs, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler,\nAndrew McCreight, Gary Kwong, Andre Bargull, Carsten Book, Jesse\nSchwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, Samuel\nErb, Holger Fuhrmannek, Tyson Smith, Abhishek Arya, and F. Alonso\n(revskills) as the original reporters.", "edition": 25, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-15T00:00:00", "title": "Oracle Linux 6 / 7 : firefox (ELSA-2017-1440)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "modified": "2017-06-15T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-1440.NASL", "href": "https://www.tenable.com/plugins/nessus/100800", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:1440 and \n# Oracle Linux Security Advisory ELSA-2017-1440 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100800);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-5470\", \"CVE-2017-5472\", \"CVE-2017-7749\", \"CVE-2017-7750\", \"CVE-2017-7751\", \"CVE-2017-7752\", \"CVE-2017-7754\", \"CVE-2017-7756\", \"CVE-2017-7757\", \"CVE-2017-7758\", \"CVE-2017-7764\", \"CVE-2017-7771\", \"CVE-2017-7772\", \"CVE-2017-7773\", \"CVE-2017-7774\", \"CVE-2017-7775\", \"CVE-2017-7776\", \"CVE-2017-7777\", \"CVE-2017-7778\");\n script_xref(name:\"RHSA\", value:\"2017:1440\");\n\n script_name(english:\"Oracle Linux 6 / 7 : firefox (ELSA-2017-1440)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2017:1440 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 6\nand Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.2.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2017-5470, CVE-2017-5472,\nCVE-2017-7749, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771,\nCVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775,\nCVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7750,\nCVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758,\nCVE-2017-7764)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Nils, Nicolas Trippar of Zimperium\nzLabs, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler,\nAndrew McCreight, Gary Kwong, Andre Bargull, Carsten Book, Jesse\nSchwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, Samuel\nErb, Holger Fuhrmannek, Tyson Smith, Abhishek Arya, and F. Alonso\n(revskills) as the original reporters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-June/006985.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-June/006986.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"firefox-52.2.0-1.0.1.el6_9\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"firefox-52.2.0-1.0.1.el7_3\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T08:52:11", "description": "According to the versions of the firefox package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Multiple flaws were found in the processing of\n malformed web content. A web page containing malicious\n content could cause Firefox to crash or, potentially,\n execute arbitrary code with the privileges of the user\n running Firefox. (CVE-2017-5470, CVE-2017-5472,\n CVE-2017-7749, CVE-2017-7751, CVE-2017-7756,\n CVE-2017-7771, CVE-2017-7772, CVE-2017-7773,\n CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,\n CVE-2017-7777, CVE-2017-7778, CVE-2017-7750,\n CVE-2017-7752, CVE-2017-7754, CVE-2017-7757,\n CVE-2017-7758, CVE-2017-7764)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-21T00:00:00", "title": "EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1127)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "modified": "2017-07-21T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:firefox", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1127.NASL", "href": "https://www.tenable.com/plugins/nessus/101855", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101855);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-5470\",\n \"CVE-2017-5472\",\n \"CVE-2017-7749\",\n \"CVE-2017-7750\",\n \"CVE-2017-7751\",\n \"CVE-2017-7752\",\n \"CVE-2017-7754\",\n \"CVE-2017-7756\",\n \"CVE-2017-7757\",\n \"CVE-2017-7758\",\n \"CVE-2017-7764\",\n \"CVE-2017-7771\",\n \"CVE-2017-7772\",\n \"CVE-2017-7773\",\n \"CVE-2017-7774\",\n \"CVE-2017-7775\",\n \"CVE-2017-7776\",\n \"CVE-2017-7777\",\n \"CVE-2017-7778\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1127)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the firefox package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Multiple flaws were found in the processing of\n malformed web content. A web page containing malicious\n content could cause Firefox to crash or, potentially,\n execute arbitrary code with the privileges of the user\n running Firefox. (CVE-2017-5470, CVE-2017-5472,\n CVE-2017-7749, CVE-2017-7751, CVE-2017-7756,\n CVE-2017-7771, CVE-2017-7772, CVE-2017-7773,\n CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,\n CVE-2017-7777, CVE-2017-7778, CVE-2017-7750,\n CVE-2017-7752, CVE-2017-7754, CVE-2017-7757,\n CVE-2017-7758, CVE-2017-7764)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1127\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a9dca1a2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"firefox-52.2.0-1.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg, allowmaj:TRUE)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:31:20", "description": "An update for thunderbird is now available for Red Hat Enterprise\nLinux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 52.2.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2017-5470,\nCVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751,\nCVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773,\nCVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777,\nCVE-2017-7778, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757,\nCVE-2017-7758, CVE-2017-7764)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Nils, Nicolas Trippar (Zimperium zLabs),\nTyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian\nHoller, Andrew McCreight, Gary Kwong, Andre Bargull, Carsten Book,\nJesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane,\nSamuel Erb, Holger Fuhrmannek, Abhishek Arya, and F. Alonso\n(revskills) as the original reporters.", "edition": 25, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-22T00:00:00", "title": "CentOS 6 / 7 : thunderbird (CESA-2017:1561)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "modified": "2017-06-22T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:thunderbird"], "id": "CENTOS_RHSA-2017-1561.NASL", "href": "https://www.tenable.com/plugins/nessus/100965", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1561 and \n# CentOS Errata and Security Advisory 2017:1561 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100965);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-5470\", \"CVE-2017-5472\", \"CVE-2017-7749\", \"CVE-2017-7750\", \"CVE-2017-7751\", \"CVE-2017-7752\", \"CVE-2017-7754\", \"CVE-2017-7756\", \"CVE-2017-7757\", \"CVE-2017-7758\", \"CVE-2017-7764\", \"CVE-2017-7771\", \"CVE-2017-7772\", \"CVE-2017-7773\", \"CVE-2017-7774\", \"CVE-2017-7775\", \"CVE-2017-7776\", \"CVE-2017-7777\", \"CVE-2017-7778\");\n script_xref(name:\"RHSA\", value:\"2017:1561\");\n\n script_name(english:\"CentOS 6 / 7 : thunderbird (CESA-2017:1561)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 52.2.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2017-5470,\nCVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751,\nCVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773,\nCVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777,\nCVE-2017-7778, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757,\nCVE-2017-7758, CVE-2017-7764)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Nils, Nicolas Trippar (Zimperium zLabs),\nTyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian\nHoller, Andrew McCreight, Gary Kwong, Andre Bargull, Carsten Book,\nJesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane,\nSamuel Erb, Holger Fuhrmannek, Abhishek Arya, and F. Alonso\n(revskills) as the original reporters.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-June/022465.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?63f42d04\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-June/022466.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9bf609aa\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5470\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-52.2.0-1.el6.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-52.2.0-1.el7.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:49:50", "description": "This update upgrades Firefox to version 52.2.0 ESR.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Firefox to crash or, potentially, execute\n arbitrary code with the privileges of the user running\n Firefox. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749,\n CVE-2017-7751, CVE-2017-7756, CVE-2017-7771,\n CVE-2017-7772, CVE-2017-7773, CVE-2017-7774,\n CVE-2017-7775, CVE-2017-7776, CVE-2017-7777,\n CVE-2017-7778, CVE-2017-7750, CVE-2017-7752,\n CVE-2017-7754, CVE-2017-7757, CVE-2017-7758,\n CVE-2017-7764)", "edition": 20, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-15T00:00:00", "title": "Scientific Linux Security Update : firefox on SL6.x, SL7.x i386/x86_64 (20170614)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "modified": "2017-06-15T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:firefox", "p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170614_FIREFOX_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/100802", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100802);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-5470\", \"CVE-2017-5472\", \"CVE-2017-7749\", \"CVE-2017-7750\", \"CVE-2017-7751\", \"CVE-2017-7752\", \"CVE-2017-7754\", \"CVE-2017-7756\", \"CVE-2017-7757\", \"CVE-2017-7758\", \"CVE-2017-7764\", \"CVE-2017-7771\", \"CVE-2017-7772\", \"CVE-2017-7773\", \"CVE-2017-7774\", \"CVE-2017-7775\", \"CVE-2017-7776\", \"CVE-2017-7777\", \"CVE-2017-7778\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL6.x, SL7.x i386/x86_64 (20170614)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update upgrades Firefox to version 52.2.0 ESR.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Firefox to crash or, potentially, execute\n arbitrary code with the privileges of the user running\n Firefox. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749,\n CVE-2017-7751, CVE-2017-7756, CVE-2017-7771,\n CVE-2017-7772, CVE-2017-7773, CVE-2017-7774,\n CVE-2017-7775, CVE-2017-7776, CVE-2017-7777,\n CVE-2017-7778, CVE-2017-7750, CVE-2017-7752,\n CVE-2017-7754, CVE-2017-7757, CVE-2017-7758,\n CVE-2017-7764)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1706&L=scientific-linux-errata&F=&S=&P=3330\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?41178442\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"firefox-52.2.0-1.el6_9\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"SL6\", reference:\"firefox-debuginfo-52.2.0-1.el6_9\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-52.2.0-1.el7_3\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-debuginfo-52.2.0-1.el7_3\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:49:54", "description": "This update upgrades Thunderbird to version 52.2.0.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Thunderbird to crash or, potentially,\n execute arbitrary code with the privileges of the user\n running Thunderbird. (CVE-2017-5470, CVE-2017-5472,\n CVE-2017-7749, CVE-2017-7750, CVE-2017-7751,\n CVE-2017-7756, CVE-2017-7771, CVE-2017-7772,\n CVE-2017-7773, CVE-2017-7774, CVE-2017-7775,\n CVE-2017-7776, CVE-2017-7777, CVE-2017-7778,\n CVE-2017-7752, CVE-2017-7754, CVE-2017-7757,\n CVE-2017-7758, CVE-2017-7764)", "edition": 20, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-22T00:00:00", "title": "Scientific Linux Security Update : thunderbird on SL6.x, SL7.x i386/x86_64 (20170621)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "modified": "2017-06-22T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:thunderbird", "p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170621_THUNDERBIRD_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/100984", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100984);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-5470\", \"CVE-2017-5472\", \"CVE-2017-7749\", \"CVE-2017-7750\", \"CVE-2017-7751\", \"CVE-2017-7752\", \"CVE-2017-7754\", \"CVE-2017-7756\", \"CVE-2017-7757\", \"CVE-2017-7758\", \"CVE-2017-7764\", \"CVE-2017-7771\", \"CVE-2017-7772\", \"CVE-2017-7773\", \"CVE-2017-7774\", \"CVE-2017-7775\", \"CVE-2017-7776\", \"CVE-2017-7777\", \"CVE-2017-7778\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL6.x, SL7.x i386/x86_64 (20170621)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update upgrades Thunderbird to version 52.2.0.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Thunderbird to crash or, potentially,\n execute arbitrary code with the privileges of the user\n running Thunderbird. (CVE-2017-5470, CVE-2017-5472,\n CVE-2017-7749, CVE-2017-7750, CVE-2017-7751,\n CVE-2017-7756, CVE-2017-7771, CVE-2017-7772,\n CVE-2017-7773, CVE-2017-7774, CVE-2017-7775,\n CVE-2017-7776, CVE-2017-7777, CVE-2017-7778,\n CVE-2017-7752, CVE-2017-7754, CVE-2017-7757,\n CVE-2017-7758, CVE-2017-7764)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1706&L=scientific-linux-errata&F=&S=&P=5221\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43071f78\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-52.2.0-1.el6_9\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-debuginfo-52.2.0-1.el6_9\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-52.2.0-1.el7_3\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-52.2.0-1.el7_3\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:14:28", "description": "An update for thunderbird is now available for Red Hat Enterprise\nLinux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 52.2.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2017-5470,\nCVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751,\nCVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773,\nCVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777,\nCVE-2017-7778, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757,\nCVE-2017-7758, CVE-2017-7764)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Nils, Nicolas Trippar (Zimperium zLabs),\nTyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian\nHoller, Andrew McCreight, Gary Kwong, AndrA(c) Bargull, Carsten Book,\nJesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane,\nSamuel Erb, Holger Fuhrmannek, Abhishek Arya, and F. Alonso\n(revskills) as the original reporters.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.", "edition": 39, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-13T00:00:00", "title": "Virtuozzo 6 : thunderbird (VZLSA-2017-1561)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "modified": "2017-07-13T00:00:00", "cpe": ["cpe:/o:virtuozzo:virtuozzo:6", "p-cpe:/a:virtuozzo:virtuozzo:thunderbird"], "id": "VIRTUOZZO_VZLSA-2017-1561.NASL", "href": "https://www.tenable.com/plugins/nessus/101485", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101485);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-5470\",\n \"CVE-2017-5472\",\n \"CVE-2017-7749\",\n \"CVE-2017-7750\",\n \"CVE-2017-7751\",\n \"CVE-2017-7752\",\n \"CVE-2017-7754\",\n \"CVE-2017-7756\",\n \"CVE-2017-7757\",\n \"CVE-2017-7758\",\n \"CVE-2017-7764\",\n \"CVE-2017-7771\",\n \"CVE-2017-7772\",\n \"CVE-2017-7773\",\n \"CVE-2017-7774\",\n \"CVE-2017-7775\",\n \"CVE-2017-7776\",\n \"CVE-2017-7777\",\n \"CVE-2017-7778\"\n );\n\n script_name(english:\"Virtuozzo 6 : thunderbird (VZLSA-2017-1561)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 52.2.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2017-5470,\nCVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751,\nCVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773,\nCVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777,\nCVE-2017-7778, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757,\nCVE-2017-7758, CVE-2017-7764)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Nils, Nicolas Trippar (Zimperium zLabs),\nTyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian\nHoller, Andrew McCreight, Gary Kwong, AndrA(c) Bargull, Carsten Book,\nJesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane,\nSamuel Erb, Holger Fuhrmannek, Abhishek Arya, and F. Alonso\n(revskills) as the original reporters.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-1561.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?91af018b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017-1561\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"thunderbird-52.2.0-1.vl6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T08:52:10", "description": "According to the versions of the firefox package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Multiple flaws were found in the processing of\n malformed web content. A web page containing malicious\n content could cause Firefox to crash or, potentially,\n execute arbitrary code with the privileges of the user\n running Firefox. (CVE-2017-5470, CVE-2017-5472,\n CVE-2017-7749, CVE-2017-7751, CVE-2017-7756,\n CVE-2017-7771, CVE-2017-7772, CVE-2017-7773,\n CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,\n CVE-2017-7777, CVE-2017-7778, CVE-2017-7750,\n CVE-2017-7752, CVE-2017-7754, CVE-2017-7757,\n CVE-2017-7758, CVE-2017-7764)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-21T00:00:00", "title": "EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1126)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "modified": "2017-07-21T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:firefox", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1126.NASL", "href": "https://www.tenable.com/plugins/nessus/101854", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101854);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-5470\",\n \"CVE-2017-5472\",\n \"CVE-2017-7749\",\n \"CVE-2017-7750\",\n \"CVE-2017-7751\",\n \"CVE-2017-7752\",\n \"CVE-2017-7754\",\n \"CVE-2017-7756\",\n \"CVE-2017-7757\",\n \"CVE-2017-7758\",\n \"CVE-2017-7764\",\n \"CVE-2017-7771\",\n \"CVE-2017-7772\",\n \"CVE-2017-7773\",\n \"CVE-2017-7774\",\n \"CVE-2017-7775\",\n \"CVE-2017-7776\",\n \"CVE-2017-7777\",\n \"CVE-2017-7778\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1126)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the firefox package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Multiple flaws were found in the processing of\n malformed web content. A web page containing malicious\n content could cause Firefox to crash or, potentially,\n execute arbitrary code with the privileges of the user\n running Firefox. (CVE-2017-5470, CVE-2017-5472,\n CVE-2017-7749, CVE-2017-7751, CVE-2017-7756,\n CVE-2017-7771, CVE-2017-7772, CVE-2017-7773,\n CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,\n CVE-2017-7777, CVE-2017-7778, CVE-2017-7750,\n CVE-2017-7752, CVE-2017-7754, CVE-2017-7757,\n CVE-2017-7758, CVE-2017-7764)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1126\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a246c684\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"firefox-52.2.0-1.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg, allowmaj:TRUE)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-12-08T03:35:06", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "**CentOS Errata and Security Advisory** CESA-2017:1440\n\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.2.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7750, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Nicolas Trippar of Zimperium zLabs, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, Andr\u00e9 Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, Samuel Erb, Holger Fuhrmannek, Tyson Smith, Abhishek Arya, and F. Alonso (revskills) as the original reporters.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-June/034497.html\nhttp://lists.centos.org/pipermail/centos-announce/2017-June/034498.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-1440.html", "edition": 5, "modified": "2017-06-15T10:14:56", "published": "2017-06-15T10:14:10", "id": "CESA-2017:1440", "href": "http://lists.centos.org/pipermail/centos-announce/2017-June/034497.html", "title": "firefox security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-08T03:37:09", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "**CentOS Errata and Security Advisory** CESA-2017:1561\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 52.2.0.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Nicolas Trippar (Zimperium zLabs), Tyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, Andr\u00e9 Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, Samuel Erb, Holger Fuhrmannek, Abhishek Arya, and F. Alonso (revskills) as the original reporters.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-June/034503.html\nhttp://lists.centos.org/pipermail/centos-announce/2017-June/034504.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-1561.html", "edition": 5, "modified": "2017-06-21T17:11:20", "published": "2017-06-21T15:49:22", "id": "CESA-2017:1561", "href": "http://lists.centos.org/pipermail/centos-announce/2017-June/034503.html", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-08T03:39:25", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7772", "CVE-2017-7773", "CVE-2017-7778", "CVE-2017-7771", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "**CentOS Errata and Security Advisory** CESA-2017:1793\n\n\nGraphite2 is a project within SIL's Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create \"smart fonts\" capable of displaying writing systems with various complex behaviors. With respect to the Text Encoding Model, Graphite handles the \"Rendering\" aspect of writing system implementation.\n\nThe following packages have been upgraded to a newer upstream version: graphite2 (1.3.10).\n\nSecurity Fix(es):\n\n* Various vulnerabilities have been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to disclose potentially sensitive memory, cause an application crash, or, possibly, execute arbitrary code. (CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters of these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-July/034548.html\n\n**Affected packages:**\ngraphite2\ngraphite2-devel\n\n**Upstream details at:**\n", "edition": 5, "modified": "2017-07-21T14:21:22", "published": "2017-07-21T14:21:22", "id": "CESA-2017:1793", "href": "http://lists.centos.org/pipermail/centos-announce/2017-July/034548.html", "title": "graphite2 security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:21:20", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "Package : firefox-esr\nVersion : 52.2.0esr-1~deb7u1\nCVE ID : CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750\n CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756\n CVE-2017-7757 CVE-2017-7758 CVE-2017-7764 CVE-2017-7771\n CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775\n CVE-2017-7776 CVE-2017-7777 CVE-2017-7778\n\nSeveral security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees, buffer overflows\nand other implementation errors may lead to the execution of arbitrary\ncode, denial of service or domain spoofing.\n\nDebian follows the extended support releases (ESR) of Firefox. Support\nfor the 45.x series has ended, so starting with this update we're now\nfollowing the 52.x releases.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n52.2.0esr-1~deb7u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-06-18T09:53:41", "published": "2017-06-18T09:53:41", "id": "DEBIAN:DLA-991-1:83D86", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201706/msg00019.html", "title": "[SECURITY] [DLA 991-1] firefox-esr security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T01:07:38", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3918-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJuly 25, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nCVE ID : CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 \n CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 \n CVE-2017-7757 CVE-2017-7758 CVE-2017-7764 CVE-2017-7771 \n CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 \n CVE-2017-7776 CVE-2017-7777 CVE-2017-7778\n\nMultiple security issues have been found in Thunderbird, which may lead\nto the execution of arbitrary code or denial of service.\n\nDebian follows the extended support releases (ESR) of Thunderbird.\nSupport for the 45.x series has ended, so starting with this update\nwe're now following the 52.x releases.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 1:52.2.1-4~deb8u1.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:52.2.1-4~deb9u1.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2017-07-25T20:04:14", "published": "2017-07-25T20:04:14", "id": "DEBIAN:DSA-3918-1:2949E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00180.html", "title": "[SECURITY] [DSA 3918-1] icedove/thunderbird security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:21:47", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "Package : icedove\nVersion : 1:52.2.1-1~deb7u1\nCVE ID : CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 \n CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 \n CVE-2017-7757 CVE-2017-7758 CVE-2017-7764 CVE-2017-7771 \n CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 \n CVE-2017-7776 CVE-2017-7777 CVE-2017-7778\n\nMultiple security issues have been found in the Mozilla Thunderbird mail\nclient: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nspoofing.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1:52.2.1-1~deb7u1.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 2, "modified": "2017-07-03T06:07:33", "published": "2017-07-03T06:07:33", "id": "DEBIAN:DLA-1007-1:534E3", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201707/msg00001.html", "title": "[SECURITY] [DLA 1007-1] icedove/thunderbird security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-11T01:18:07", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3881-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJune 14, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : firefox-esr\nCVE ID : CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 \n CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 \n CVE-2017-7757 CVE-2017-7758 CVE-2017-7764 CVE-2017-7771 \n CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 \n CVE-2017-7776 CVE-2017-7777 CVE-2017-7778\n\nSeveral security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees, buffer overflows\nand other implementation errors may lead to the execution of arbitrary\ncode, denial of service or domain spoofing.\n \nDebian follows the extended support releases (ESR) of Firefox. Support\nfor the 45.x series has ended, so starting with this update we're now\nfollowing the 52.x releases.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 52.2.0esr-1~deb8u1.\n\nFor the upcoming stable distribution (stretch), these problems will be\nfixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 52.2.0esr-1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 23, "modified": "2017-06-14T20:52:45", "published": "2017-06-14T20:52:45", "id": "DEBIAN:DSA-3881-1:E1AE9", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00141.html", "title": "[SECURITY] [DSA 3881-1] firefox-esr security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T01:02:50", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7772", "CVE-2017-7773", "CVE-2017-7778", "CVE-2017-7771", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3894-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJune 22, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : graphite2\nCVE ID : CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 \n CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778\n\nMultiple vulnerabilities have been found in the Graphite font rendering\nengine which might result in denial of service or the execution of\narbitrary code if a malformed font file is processed.\n\t\t \nFor the oldstable distribution (jessie), these problems have been fixed\nin version 1.3.10-1~deb8u1.\n\nFor the stable distribution (stretch), these problems have been fixed\nprior to the initial release.\n\nWe recommend that you upgrade your graphite2 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2017-06-22T17:44:22", "published": "2017-06-22T17:44:22", "id": "DEBIAN:DSA-3894-1:36592", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00154.html", "title": "[SECURITY] [DSA 3894-1] graphite2 security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:22:16", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7772", "CVE-2017-7773", "CVE-2017-7778", "CVE-2017-7771", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "Package : graphite2\nVersion : 1.3.10-1~deb7u1\nCVE ID : CVE-2017-7771 CVE-2017-7772 CVE-2017-7773\n CVE-2017-7774 CVE-2017-7775 CVE-2017-7776\n CVE-2017-7777 CVE-2017-7778\n\nMultiple vulnerabilities have been found in the Graphite font rendering\nengine which might result in denial of service or the execution of\narbitrary code if a malformed font file is processed.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1.3.10-1~deb7u1.\n\nWe recommend that you upgrade your graphite2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-07-05T12:16:55", "published": "2017-07-05T12:16:55", "id": "DEBIAN:DLA-1013-1:F8CE1", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201707/msg00005.html", "title": "[SECURITY] [DLA 1013-1] graphite2 security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:19", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "[52.2.0-1.0.1]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one\n- Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484]\n[52.2.0-1]\n- Update to 52.2.0 ESR\n[52.1.1-1]\n- Update to 52.1.1 ESR", "edition": 5, "modified": "2017-06-14T00:00:00", "published": "2017-06-14T00:00:00", "id": "ELSA-2017-1440", "href": "http://linux.oracle.com/errata/ELSA-2017-1440.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-22T17:13:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "[52.2.0-1.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[52.2.0-1]\n- Update to 52.2.0", "edition": 6, "modified": "2017-06-21T00:00:00", "published": "2017-06-21T00:00:00", "id": "ELSA-2017-1561", "href": "http://linux.oracle.com/errata/ELSA-2017-1561.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-22T17:04:28", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7772", "CVE-2017-7773", "CVE-2017-7778", "CVE-2017-7771", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "[1.3.10-1]\n- Resolves: rhbz#1472290\n CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774\n CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778", "edition": 6, "modified": "2017-07-20T00:00:00", "published": "2017-07-20T00:00:00", "id": "ELSA-2017-1793", "href": "http://linux.oracle.com/errata/ELSA-2017-1793.html", "title": "graphite2 security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:18", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5470", "CVE-2017-5472", "CVE-2017-7749", "CVE-2017-7750", "CVE-2017-7751", "CVE-2017-7752", "CVE-2017-7754", "CVE-2017-7756", "CVE-2017-7757", "CVE-2017-7758", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7772", "CVE-2017-7773", "CVE-2017-7774", "CVE-2017-7775", "CVE-2017-7776", "CVE-2017-7777", "CVE-2017-7778"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 52.2.0.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Nicolas Trippar (Zimperium zLabs), Tyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, Andr\u00e9 Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, Samuel Erb, Holger Fuhrmannek, Abhishek Arya, and F. Alonso (revskills) as the original reporters.", "modified": "2018-06-07T18:23:15", "published": "2017-06-21T07:10:17", "id": "RHSA-2017:1561", "href": "https://access.redhat.com/errata/RHSA-2017:1561", "type": "redhat", "title": "(RHSA-2017:1561) Important: thunderbird security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:41", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5470", "CVE-2017-5472", "CVE-2017-7749", "CVE-2017-7750", "CVE-2017-7751", "CVE-2017-7752", "CVE-2017-7754", "CVE-2017-7756", "CVE-2017-7757", "CVE-2017-7758", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7772", "CVE-2017-7773", "CVE-2017-7774", "CVE-2017-7775", "CVE-2017-7776", "CVE-2017-7777", "CVE-2017-7778"], "description": "Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.2.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7750, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Nicolas Trippar of Zimperium zLabs, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, Andr\u00e9 Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, Samuel Erb, Holger Fuhrmannek, Tyson Smith, Abhishek Arya, and F. Alonso (revskills) as the original reporters.", "modified": "2018-06-07T18:23:20", "published": "2017-06-14T09:21:03", "id": "RHSA-2017:1440", "href": "https://access.redhat.com/errata/RHSA-2017:1440", "type": "redhat", "title": "(RHSA-2017:1440) Critical: firefox security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:36", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7771", "CVE-2017-7772", "CVE-2017-7773", "CVE-2017-7774", "CVE-2017-7775", "CVE-2017-7776", "CVE-2017-7777", "CVE-2017-7778"], "description": "Graphite2 is a project within SIL's Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create \"smart fonts\" capable of displaying writing systems with various complex behaviors. With respect to the Text Encoding Model, Graphite handles the \"Rendering\" aspect of writing system implementation.\n\nThe following packages have been upgraded to a newer upstream version: graphite2 (1.3.10).\n\nSecurity Fix(es):\n\n* Various vulnerabilities have been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to disclose potentially sensitive memory, cause an application crash, or, possibly, execute arbitrary code. (CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters of these issues.", "modified": "2018-04-12T03:32:44", "published": "2017-07-21T02:22:08", "id": "RHSA-2017:1793", "href": "https://access.redhat.com/errata/RHSA-2017:1793", "type": "redhat", "title": "(RHSA-2017:1793) Important: graphite2 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:43", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5470", "CVE-2017-5472", "CVE-2017-7749", "CVE-2017-7750", "CVE-2017-7751", "CVE-2017-7752", "CVE-2017-7754", "CVE-2017-7756", "CVE-2017-7757", "CVE-2017-7758", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7772", "CVE-2017-7773", "CVE-2017-7774", "CVE-2017-7775", "CVE-2017-7776", "CVE-2017-7777", "CVE-2017-7778"], "description": "Arch Linux Security Advisory ASA-201706-20\n==========================================\n\nSeverity: Critical\nDate : 2017-06-16\nCVE-ID : CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750\nCVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756\nCVE-2017-7757 CVE-2017-7758 CVE-2017-7764 CVE-2017-7771\nCVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775\nCVE-2017-7776 CVE-2017-7777 CVE-2017-7778\nPackage : thunderbird\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-303\n\nSummary\n=======\n\nThe package thunderbird before version 52.2.0-1 is vulnerable to\nmultiple issues including arbitrary code execution, denial of service,\ninformation disclosure and content spoofing.\n\nResolution\n==========\n\nUpgrade to 52.2.0-1.\n\n# pacman -Syu \"thunderbird>=52.2.0-1\"\n\nThe problems have been fixed upstream in version 52.2.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-5470 (arbitrary code execution)\n\nSeveral memory safety issues leading to arbitrary code execution have\nbeen found in Firefox < 54.0 and Thunderbird < 52.2.\n\n- CVE-2017-5472 (arbitrary code execution)\n\nA use-after-free vulnerability has been found in Firefox < 54.0 and\nThunderbird < 52.2, in the frameloader during tree reconstruction while\nregenerating CSS layout when attempting to use a node in the tree that\nno longer exists.\n\n- CVE-2017-7749 (arbitrary code execution)\n\nA user-after-free has been found in Firefox < 54.0 and Thunderbird <\n52.2, when using an incorrect URL during the reloading of a docshell.\n\n- CVE-2017-7750 (arbitrary code execution)\n\nA use-after-free has been found in Firefox < 54.0 and Thunderbird <\n52.2, during video control operations when a <track> element holds a\nreference to an older window if that window has been replaced in the\nDOM.\n\n- CVE-2017-7751 (arbitrary code execution)\n\nA use-after-free has been found in Firefox < 54.0 and Thunderbird <\n52.2, in content viewer listeners.\n\n- CVE-2017-7752 (arbitrary code execution)\n\nA use-after-free has been found in Firefox < 54.0 and Thunderbird <\n52.2, during specific user interactions with the input method editor\n(IME) in some languages due to how events are handled. This results in\na potentially exploitable crash but would require specific user\ninteraction to trigger.\n\n- CVE-2017-7754 (information disclosure)\n\nAn out-of-bounds read has been found in Firefox < 54.0 and Thunderbird\n< 52.2, with a maliciously crafted ImageInfo object during WebGL\noperations.\n\n- CVE-2017-7756 (arbitrary code execution)\n\nA use after-free and use-after-scope vulnerability has been found in\nFirefox < 54.0 and Thunderbird < 52.2, when logging errors from headers\nfor XML HTTP Requests (XHR).\n\n- CVE-2017-7757 (arbitrary code execution)\n\nA use after-free vulnerability has been found in Firefox < 54.0 and\nThunderbird < 52.2, in IndexedDB when one of its objects is destroyed\nin memory while a method on it is still being executed.\n\n- CVE-2017-7758 (information disclosure)\n\nAn out-of-bounds read vulnerability has been found in Firefox < 54.0\nand Thunderbird < 52.2, with the Opus encoder when the number of\nchannels in an audio stream changes while the encoder is in use.\n\n- CVE-2017-7764 (content spoofing)\n\nA security issue has been found in Firefox < 54.0 and Thunderbird <\n52.2, where characters from the \"Canadian Syllabics\" unicode block can\nbe mixed with characters from other unicode blocks in the addressbar\ninstead of being rendered as their raw \"punycode\" form, allowing for\ndomain name spoofing attacks through character confusion. The current\nUnicode standard allows characters from \"Aspirational Use Scripts\" such\nas Canadian Syllabics to be mixed with Latin characters in the\n\"moderately restrictive\" IDN profile. Firefox and Thunderbird behavior\nhas been changed to match the upcoming Unicode version 10.0 which\nremoves this category and treats them as \"Limited Use Scripts.\"\n\n- CVE-2017-7771 (information disclosure)\n\nAn out-of-bounds read has been found in the Graphite 2 library used in\nFirefox < 54.0 and Thunderbird < 52.2, in Pass::readPass.\n\n- CVE-2017-7772 (arbitrary code execution)\n\nA heap-buffer-overflow write has been found in the Graphite 2 library\nused in Firefox < 54.0 and Thunderbird < 52.2, in lz4::decompress.\n\n- CVE-2017-7773 (arbitrary code execution)\n\nA heap-buffer-overflow write has been found in the Graphite 2 library\nused in Firefox < 54.0 and Thunderbird < 52.2, in lz4::decompress.\n\n- CVE-2017-7774 (information disclosure)\n\nAn out-of-bounds read has been found in the Graphite 2 library used in\nFirefox < 54.0 and Thunderbird < 52.2, in Silf::readGraphite.\n\n- CVE-2017-7775 (denial of service)\n\nAn assertion failure has been found in the Graphite 2 library used in\nFirefox < 54.0 and Thunderbird < 52.2.\n\n- CVE-2017-7776 (information disclosure)\n\nA heap-buffer-overflow read has been found in the Graphite 2 library\nused in Firefox < 54.0 and Thunderbird < 52.2, in Silf::getClassGlyph.\n\n- CVE-2017-7777 (information disclosure)\n\nAn use of initialized memory has been found in the Graphite 2 library\nused in Firefox < 54.0 and Thunderbird < 52.2, in\nGlyphCache::Loader::read_glyph.\n\n- CVE-2017-7778 (arbitrary code execution)\n\nAn out-of-bounds write has been found in the Graphite 2 library used in\nFirefox < 54.0 and Thunderbird < 52.2, in lz4::decompress.\n\nImpact\n======\n\nA remote attacker may be able to crash Thunderbird, access sensitive\ninformation, spoof content to trick the user into performing an\nunwanted action and execute arbitrary code on the affected host.\n\nReferences\n==========\n\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-17/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5470\nhttps://bugzilla.mozilla.org/buglist.cgi?bug_id=1359639%2C1349595%2C1352295%2C1352556%2C1342552%2C1342567%2C1346012%2C1366140%2C1368732%2C1297111%2C1362590%2C1357462%2C1363280%2C1349266%2C1352093%2C1348424%2C1347748%2C1356025%2C1325513%2C1367692\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5472\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1365602\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7749\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1355039\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7750\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1356558\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7751\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1363396\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7752\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1359547\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7754\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1357090\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7756\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1366595\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7757\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1356824\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7758\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1368490\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7764\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1364283\nhttp://www.unicode.org/reports/tr31/tr31-26.html#Aspirational_Use_Scripts\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7778\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1350047\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1352745\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1352747\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7778\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1355174\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1355182\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1356607\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1358551\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1349310\nhttps://security.archlinux.org/CVE-2017-5470\nhttps://security.archlinux.org/CVE-2017-5472\nhttps://security.archlinux.org/CVE-2017-7749\nhttps://security.archlinux.org/CVE-2017-7750\nhttps://security.archlinux.org/CVE-2017-7751\nhttps://security.archlinux.org/CVE-2017-7752\nhttps://security.archlinux.org/CVE-2017-7754\nhttps://security.archlinux.org/CVE-2017-7756\nhttps://security.archlinux.org/CVE-2017-7757\nhttps://security.archlinux.org/CVE-2017-7758\nhttps://security.archlinux.org/CVE-2017-7764\nhttps://security.archlinux.org/CVE-2017-7771\nhttps://security.archlinux.org/CVE-2017-7772\nhttps://security.archlinux.org/CVE-2017-7773\nhttps://security.archlinux.org/CVE-2017-7774\nhttps://security.archlinux.org/CVE-2017-7775\nhttps://security.archlinux.org/CVE-2017-7776\nhttps://security.archlinux.org/CVE-2017-7777\nhttps://security.archlinux.org/CVE-2017-7778", "modified": "2017-06-16T00:00:00", "published": "2017-06-16T00:00:00", "id": "ASA-201706-20", "href": "https://security.archlinux.org/ASA-201706-20", "type": "archlinux", "title": "[ASA-201706-20] thunderbird: multiple issues", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-22T18:36:43", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5470", "CVE-2017-5471", "CVE-2017-5472", "CVE-2017-7749", "CVE-2017-7750", "CVE-2017-7751", "CVE-2017-7752", "CVE-2017-7754", "CVE-2017-7756", "CVE-2017-7757", "CVE-2017-7758", "CVE-2017-7762", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7772", "CVE-2017-7773", "CVE-2017-7774", "CVE-2017-7775", "CVE-2017-7776", "CVE-2017-7777", "CVE-2017-7778"], "description": "Arch Linux Security Advisory ASA-201706-19\n==========================================\n\nSeverity: Critical\nDate : 2017-06-16\nCVE-ID : CVE-2017-5470 CVE-2017-5471 CVE-2017-5472 CVE-2017-7749\nCVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754\nCVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7762\nCVE-2017-7764 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773\nCVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777\nCVE-2017-7778\nPackage : firefox\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-302\n\nSummary\n=======\n\nThe package firefox before version 54.0-1 is vulnerable to multiple\nissues including arbitrary code execution, denial of service,\ninformation disclosure and content spoofing.\n\nResolution\n==========\n\nUpgrade to 54.0-1.\n\n# pacman -Syu \"firefox>=54.0-1\"\n\nThe problems have been fixed upstream in version 54.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-5470 (arbitrary code execution)\n\nSeveral memory safety issues leading to arbitrary code execution have\nbeen found in Firefox < 54.0 and Thunderbird < 52.2.\n\n- CVE-2017-5471 (arbitrary code execution)\n\nSeveral memory safety issues leading to arbitrary code execution have\nbeen found in Firefox < 54.0.\n\n- CVE-2017-5472 (arbitrary code execution)\n\nA use-after-free vulnerability has been found in Firefox < 54.0 and\nThunderbird < 52.2, in the frameloader during tree reconstruction while\nregenerating CSS layout when attempting to use a node in the tree that\nno longer exists.\n\n- CVE-2017-7749 (arbitrary code execution)\n\nA user-after-free has been found in Firefox < 54.0 and Thunderbird <\n52.2, when using an incorrect URL during the reloading of a docshell.\n\n- CVE-2017-7750 (arbitrary code execution)\n\nA use-after-free has been found in Firefox < 54.0 and Thunderbird <\n52.2, during video control operations when a <track> element holds a\nreference to an older window if that window has been replaced in the\nDOM.\n\n- CVE-2017-7751 (arbitrary code execution)\n\nA use-after-free has been found in Firefox < 54.0 and Thunderbird <\n52.2, in content viewer listeners.\n\n- CVE-2017-7752 (arbitrary code execution)\n\nA use-after-free has been found in Firefox < 54.0 and Thunderbird <\n52.2, during specific user interactions with the input method editor\n(IME) in some languages due to how events are handled. This results in\na potentially exploitable crash but would require specific user\ninteraction to trigger.\n\n- CVE-2017-7754 (information disclosure)\n\nAn out-of-bounds read has been found in Firefox < 54.0 and Thunderbird\n< 52.2, with a maliciously crafted ImageInfo object during WebGL\noperations.\n\n- CVE-2017-7756 (arbitrary code execution)\n\nA use after-free and use-after-scope vulnerability has been found in\nFirefox < 54.0 and Thunderbird < 52.2, when logging errors from headers\nfor XML HTTP Requests (XHR).\n\n- CVE-2017-7757 (arbitrary code execution)\n\nA use after-free vulnerability has been found in Firefox < 54.0 and\nThunderbird < 52.2, in IndexedDB when one of its objects is destroyed\nin memory while a method on it is still being executed.\n\n- CVE-2017-7758 (information disclosure)\n\nAn out-of-bounds read vulnerability has been found in Firefox < 54.0\nand Thunderbird < 52.2, with the Opus encoder when the number of\nchannels in an audio stream changes while the encoder is in use.\n\n- CVE-2017-7762 (content spoofing)\n\nA security issue has been found in Firefox < 54.0. When entered\ndirectly, Reader Mode did not strip the username and password section\nof URLs displayed in the addressbar. This can be used for spoofing the\ndomain of the current page.\n\n- CVE-2017-7764 (content spoofing)\n\nA security issue has been found in Firefox < 54.0 and Thunderbird <\n52.2, where characters from the \"Canadian Syllabics\" unicode block can\nbe mixed with characters from other unicode blocks in the addressbar\ninstead of being rendered as their raw \"punycode\" form, allowing for\ndomain name spoofing attacks through character confusion. The current\nUnicode standard allows characters from \"Aspirational Use Scripts\" such\nas Canadian Syllabics to be mixed with Latin characters in the\n\"moderately restrictive\" IDN profile. Firefox and Thunderbird behavior\nhas been changed to match the upcoming Unicode version 10.0 which\nremoves this category and treats them as \"Limited Use Scripts.\"\n\n- CVE-2017-7771 (information disclosure)\n\nAn out-of-bounds read has been found in the Graphite 2 library used in\nFirefox < 54.0 and Thunderbird < 52.2, in Pass::readPass.\n\n- CVE-2017-7772 (arbitrary code execution)\n\nA heap-buffer-overflow write has been found in the Graphite 2 library\nused in Firefox < 54.0 and Thunderbird < 52.2, in lz4::decompress.\n\n- CVE-2017-7773 (arbitrary code execution)\n\nA heap-buffer-overflow write has been found in the Graphite 2 library\nused in Firefox < 54.0 and Thunderbird < 52.2, in lz4::decompress.\n\n- CVE-2017-7774 (information disclosure)\n\nAn out-of-bounds read has been found in the Graphite 2 library used in\nFirefox < 54.0 and Thunderbird < 52.2, in Silf::readGraphite.\n\n- CVE-2017-7775 (denial of service)\n\nAn assertion failure has been found in the Graphite 2 library used in\nFirefox < 54.0 and Thunderbird < 52.2.\n\n- CVE-2017-7776 (information disclosure)\n\nA heap-buffer-overflow read has been found in the Graphite 2 library\nused in Firefox < 54.0 and Thunderbird < 52.2, in Silf::getClassGlyph.\n\n- CVE-2017-7777 (information disclosure)\n\nAn use of initialized memory has been found in the Graphite 2 library\nused in Firefox < 54.0 and Thunderbird < 52.2, in\nGlyphCache::Loader::read_glyph.\n\n- CVE-2017-7778 (arbitrary code execution)\n\nAn out-of-bounds write has been found in the Graphite 2 library used in\nFirefox < 54.0 and Thunderbird < 52.2, in lz4::decompress.\n\nImpact\n======\n\nA remote attacker may be able to crash Firefox, access sensitive\ninformation, spoof content to trick the user into performing an\nunwanted action and execute arbitrary code on the affected host.\n\nReferences\n==========\n\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5470\nhttps://bugzilla.mozilla.org/buglist.cgi?bug_id=1359639%2C1349595%2C1352295%2C1352556%2C1342552%2C1342567%2C1346012%2C1366140%2C1368732%2C1297111%2C1362590%2C1357462%2C1363280%2C1349266%2C1352093%2C1348424%2C1347748%2C1356025%2C1325513%2C1367692\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5471\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5472\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1365602\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7749\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1355039\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7750\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1356558\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7751\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1363396\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7752\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1359547\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7754\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1357090\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7756\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1366595\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7757\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1356824\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7758\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1368490\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7762\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1358248\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7764\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1364283\nhttp://www.unicode.org/reports/tr31/tr31-26.html#Aspirational_Use_Scripts\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7778\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1350047\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1352745\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1352747\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7778\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1355174\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1355182\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1356607\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1358551\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1349310\nhttps://security.archlinux.org/CVE-2017-5470\nhttps://security.archlinux.org/CVE-2017-5471\nhttps://security.archlinux.org/CVE-2017-5472\nhttps://security.archlinux.org/CVE-2017-7749\nhttps://security.archlinux.org/CVE-2017-7750\nhttps://security.archlinux.org/CVE-2017-7751\nhttps://security.archlinux.org/CVE-2017-7752\nhttps://security.archlinux.org/CVE-2017-7754\nhttps://security.archlinux.org/CVE-2017-7756\nhttps://security.archlinux.org/CVE-2017-7757\nhttps://security.archlinux.org/CVE-2017-7758\nhttps://security.archlinux.org/CVE-2017-7762\nhttps://security.archlinux.org/CVE-2017-7764\nhttps://security.archlinux.org/CVE-2017-7771\nhttps://security.archlinux.org/CVE-2017-7772\nhttps://security.archlinux.org/CVE-2017-7773\nhttps://security.archlinux.org/CVE-2017-7774\nhttps://security.archlinux.org/CVE-2017-7775\nhttps://security.archlinux.org/CVE-2017-7776\nhttps://security.archlinux.org/CVE-2017-7777\nhttps://security.archlinux.org/CVE-2017-7778", "modified": "2017-06-16T00:00:00", "published": "2017-06-16T00:00:00", "id": "ASA-201706-19", "href": "https://security.archlinux.org/ASA-201706-19", "type": "archlinux", "title": "[ASA-201706-19] firefox: multiple issues", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:33:02", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "Multiple security issues were discovered in Thunderbird. If a user were \ntricked in to opening a specially crafted website in a browsing context, \nan attacker could potentially exploit these to cause a denial of service, \nread uninitialized memory, obtain sensitive information or execute \narbitrary code. (CVE-2017-5470, CVE-2017-5472, \nCVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, \nCVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764)\n\nMultiple security issues were discovered in the Graphite 2 library used \nby Thunderbird. If a user were tricked in to opening a specially crafted \nmessage, an attacker could potentially exploit these to cause a denial of \nservice, read uninitialized memory, or execute arbitrary code. \n(CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, \nCVE-2017-7776, CVE-2017-7777, CVE-2017-7778)", "edition": 6, "modified": "2017-07-05T00:00:00", "published": "2017-07-05T00:00:00", "id": "USN-3321-1", "href": "https://ubuntu.com/security/notices/USN-3321-1", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:42:50", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-5471", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7762", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "Multiple security issues were discovered in Firefox. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit these to cause a denial of service, read uninitialized \nmemory, obtain sensitive information, spoof the addressbar contents, or \nexecute arbitrary code. (CVE-2017-5470, CVE-2017-5471, CVE-2017-5472, \nCVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, \nCVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7762, CVE-2017-7764)\n\nMultiple security issues were discovered in the Graphite 2 library used by \nFirefox. If a user were tricked in to opening a specially crafted website, \nan attacker could potentially exploit these to cause a denial of service, \nread uninitialized memory, or execute arbitrary code. (CVE-2017-7771, \nCVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, \nCVE-2017-7777, CVE-2017-7778)", "edition": 7, "modified": "2017-06-15T00:00:00", "published": "2017-06-15T00:00:00", "id": "USN-3315-1", "href": "https://ubuntu.com/security/notices/USN-3315-1", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:42:55", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7772", "CVE-2017-7773", "CVE-2017-7778", "CVE-2017-7771", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "Holger Fuhrmannek and Tyson Smith discovered that graphite2 incorrectly \nhandled certain malformed fonts. If a user or automated system were tricked \ninto opening a specially-crafted font file, a remote attacker could use \nthis issue to cause graphite2 to crash, resulting in a denial of service, \nor possibly execute arbitrary code.", "edition": 6, "modified": "2017-08-21T00:00:00", "published": "2017-08-21T00:00:00", "id": "USN-3398-1", "href": "https://ubuntu.com/security/notices/USN-3398-1", "title": "graphite2 vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2020-09-02T11:41:36", "bulletinFamily": "info", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7755", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7765", "CVE-2017-7763", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "### *Detect date*:\n06/14/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Thunderbird. Malicious users can exploit these vulnerabilities to cause a denial of service, spoof user interface, bypass security protections and run arbitrary code.\n\n### *Affected products*:\nMozilla Thunderbird versions earlier than 52.2\n\n### *Solution*:\nUpdate to the latest version \n[Download Mozilla Thunderbird](<https://www.mozilla.org/en-US/thunderbird/>)\n\n### *Original advisories*:\n[MFSA-2017-17](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Thunderbird](<https://threats.kaspersky.com/en/product/Mozilla-Thunderbird/>)\n\n### *CVE-IDS*:\n[CVE-2017-5472](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472>)9.8Critical \n[CVE-2017-7749](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749>)9.8Critical \n[CVE-2017-7750](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750>)9.8Critical \n[CVE-2017-7751](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751>)9.8Critical \n[CVE-2017-7755](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7755>)7.8Critical \n[CVE-2017-7752](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752>)8.8Critical \n[CVE-2017-7754](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754>)7.5Critical \n[CVE-2017-7756](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756>)9.8Critical \n[CVE-2017-7757](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757>)9.8Critical \n[CVE-2017-7778](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778>)9.8Critical \n[CVE-2017-7771](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771>)0.0Unknown \n[CVE-2017-7772](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772>)0.0Unknown \n[CVE-2017-7773](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773>)0.0Unknown \n[CVE-2017-7774](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774>)0.0Unknown \n[CVE-2017-7775](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7775>)0.0Unknown \n[CVE-2017-7776](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776>)0.0Unknown \n[CVE-2017-7777](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777>)0.0Unknown \n[CVE-2017-7758](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758>)9.1Critical \n[CVE-2017-7763](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7763>)5.3High \n[CVE-2017-7764](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764>)5.3High \n[CVE-2017-7765](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7765>)7.5Critical \n[CVE-2017-5470](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470>)9.8Critical", "edition": 45, "modified": "2020-05-22T00:00:00", "published": "2017-06-14T00:00:00", "id": "KLA11050", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11050", "title": "\r KLA11050Multiple vulnerabilities in Mozilla Thunderbird ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-02T12:00:20", "bulletinFamily": "info", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7755", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7765", "CVE-2017-7763", "CVE-2017-7766", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7759", "CVE-2017-7756", "CVE-2017-7761", "CVE-2017-7767", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7770", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-5471", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7762", "CVE-2017-7775", "CVE-2017-7760", "CVE-2017-7774", "CVE-2017-7776", "CVE-2017-7768"], "description": "### *Detect date*:\n06/13/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Firefox and Firefox ESR. Malicious users can exploit these vulnerabilities to gain privileges, cause a denial of service, read and write local files, spoof user interface and bypass security restrictions.\n\n### *Affected products*:\nMozilla Firefox versions earlier than 54 \nMozilla Firefox ESR versions earlier than 52.2\n\n### *Solution*:\nUpdate to the latest version \n[Download Mozilla Firefox ESR](<https://www.mozilla.org/en-US/firefox/organizations/all/>) \n[Download Mozilla Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[MFSA 2017-16](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/>) \n[MFSA 2017-15](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2017-5472](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472>)9.8Critical \n[CVE-2017-7749](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749>)9.8Critical \n[CVE-2017-7750](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750>)9.8Critical \n[CVE-2017-7751](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751>)9.8Critical \n[CVE-2017-7755](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7755>)7.8Critical \n[CVE-2017-7752](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752>)8.8Critical \n[CVE-2017-7754](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754>)7.5Critical \n[CVE-2017-7756](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756>)9.8Critical \n[CVE-2017-7757](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757>)9.8Critical \n[CVE-2017-7778](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778>)9.8Critical \n[CVE-2017-7771](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771>)0.0Unknown \n[CVE-2017-7772](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772>)0.0Unknown \n[CVE-2017-7773](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773>)0.0Unknown \n[CVE-2017-7774](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774>)0.0Unknown \n[CVE-2017-7775](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7775>)0.0Unknown \n[CVE-2017-7776](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776>)0.0Unknown \n[CVE-2017-7777](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777>)0.0Unknown \n[CVE-2017-7758](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758>)9.1Critical \n[CVE-2017-7763](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7763>)5.3High \n[CVE-2017-7764](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764>)5.3High \n[CVE-2017-7765](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7765>)7.5Critical \n[CVE-2017-5470](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470>)9.8Critical \n[CVE-2017-7759](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7759>)7.5Critical \n[CVE-2017-7760](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7760>)7.8Critical \n[CVE-2017-7761](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7761>)5.5High \n[CVE-2017-7762](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7762>)7.5Critical \n[CVE-2017-7766](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7766>)7.8Critical \n[CVE-2017-7767](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7767>)5.5High \n[CVE-2017-7768](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7768>)5.5High \n[CVE-2017-7770](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7770>)5.9High \n[CVE-2017-5471](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5471>)9.8Critical", "edition": 50, "modified": "2020-05-22T00:00:00", "published": "2017-06-13T00:00:00", "id": "KLA11044", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11044", "title": "\r KLA11044Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2017-06-20T02:15:01", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7755", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7765", "CVE-2017-7766", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7756", "CVE-2017-7761", "CVE-2017-7767", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7760", "CVE-2017-7774", "CVE-2017-7776", "CVE-2017-7768"], "description": "This update for Mozilla Firefox, Thunderbird, and NSS fixes the following\n issues:\n\n Mozilla Firefox was updated to 52.2esr (boo#1043960) MFSA 2017-16:\n\n * CVE-2017-5472 (bmo#1365602) Use-after-free using destroyed node when\n regenerating trees\n * CVE-2017-7749 (bmo#1355039) Use-after-free during docshell reloading\n * CVE-2017-7750 (bmo#1356558) Use-after-free with track elements\n * CVE-2017-7751 (bmo#1363396) Use-after-free with content viewer listeners\n * CVE-2017-7752 (bmo#1359547) Use-after-free with IME input\n * CVE-2017-7754 (bmo#1357090) Out-of-bounds read in WebGL with ImageInfo\n object\n * CVE-2017-7755 (bmo#1361326) Privilege escalation through Firefox\n Installer with same directory DLL files (Windows only)\n * CVE-2017-7756 (bmo#1366595) Use-after-free and use-after-scope logging\n XHR header errors\n * CVE-2017-7757 (bmo#1356824) Use-after-free in IndexedDB\n * CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772,\n CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,\n CVE-2017-7777 Vulnerabilities in the Graphite 2 library\n * CVE-2017-7758 (bmo#1368490) Out-of-bounds read in Opus encoder\n * CVE-2017-7760 (bmo#1348645) File manipulation and privilege escalation\n via callback parameter in Mozilla Windows Updater and Maintenance\n Service (Windows only)\n * CVE-2017-7761 (bmo#1215648) File deletion and privilege escalation\n through Mozilla Maintenance Service helper.exe application (Windows only)\n * CVE-2017-7764 (bmo#1364283) Domain spoofing with combination of Canadian\n Syllabics and other unicode blocks\n * CVE-2017-7765 (bmo#1273265) Mark of the Web bypass when saving\n executable files (Windows only)\n * CVE-2017-7766 (bmo#1342742) File execution and privilege escalation\n through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance\n Service (Windows only)\n * CVE-2017-7767 (bmo#1336964) Privilege escalation and arbitrary file\n overwrites through Mozilla Windows Updater and Mozilla Maintenance\n Service (Windows only)\n * CVE-2017-7768 (bmo#1336979) 32 byte arbitrary file read through Mozilla\n Maintenance Service (Windows only)\n * CVE-2017-5470 Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2\n\n - remove -fno-inline-small-functions and explicitely optimize with\n -O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105)\n\n Mozilla NSS was updated to NSS 3.28.5\n * Implemented domain name constraints for CA: TUBITAK Kamu SM SSL Kok\n Sertifikasi - Surum 1. (bmo#1350859)\n * March 2017 batch of root CA changes (bmo#1350859) (version 2.14) CA\n certificates removed: O = Japanese Government, OU = ApplicationCA CN =\n WellsSecure Public Root Certificate Authority CN = TURKTRUST Elektronik\n Sertifika Hizmet H6 CN = Microsec e-Szigno Root CA certificates added:\n CN = D-TRUST Root CA 3 2013 CN = TUBITAK Kamu SM SSL Kok Sertifikasi -\n Surum 1\n\n java-1_8_0-openjdk was rebuild against NSS 3.28.5 to satisfy a runtime\n dependency.\n\n", "edition": 1, "modified": "2017-06-20T00:09:32", "published": "2017-06-20T00:09:32", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-06/msg00017.html", "id": "OPENSUSE-SU-2017:1620-1", "title": "Security update for Mozilla based packages (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}], "gentoo": [{"lastseen": "2017-10-15T08:23:04", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7772", "CVE-2017-7773", "CVE-2017-7778", "CVE-2017-7771", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "### Background\n\nGraphite is a \u201csmart font\u201d system developed specifically to handle the complexities of lesser-known languages of the world. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Graphite. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or have other unspecified impacts. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Graphite users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-gfx/graphite2-1.3.10\"", "edition": 1, "modified": "2017-10-13T00:00:00", "published": "2017-10-13T00:00:00", "href": "https://security.gentoo.org/glsa/201710-13", "id": "GLSA-201710-13", "title": "Graphite: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 0.0, "vector": "NONE"}}], "amazon": [{"lastseen": "2020-11-10T12:35:13", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7772", "CVE-2017-7773", "CVE-2017-7778", "CVE-2017-7771", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "**Issue Overview:**\n\nVulnerabilities in the Graphite 2 library (MFSA 2017-16) \nA heap-based buffer overflow flaw related to "lz4::decompress" has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code. ([CVE-2017-7778 __](<https://access.redhat.com/security/cve/CVE-2017-7778>))\n\nHeap-buffer-overflow write \"lz4::decompress\" (src/Decompressor) \nA heap-based buffer overflow flaw related to "lz4::decompress" (src/Decompressor) has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code. ([CVE-2017-7772 __](<https://access.redhat.com/security/cve/CVE-2017-7772>))([CVE-2017-7773 __](<https://access.redhat.com/security/cve/CVE-2017-7773>))\n\nOut of bounds read in \"graphite2::Pass::readPass\": \nAn out of bounds read flaw related to "graphite2::Pass::readPass" has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. ([CVE-2017-7771 __](<https://access.redhat.com/security/cve/CVE-2017-7771>))\n\nHeap-buffer-overflow read \"graphite2::Silf::getClassGlyph\" \nAn out of bounds read flaw related to "graphite2::Silf::getClassGlyph" has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.([CVE-2017-7776 __](<https://access.redhat.com/security/cve/CVE-2017-7776>))\n\nUse of uninitialized memory \"graphite2::GlyphCache::Loader::read_glyph\": \nThe use of uninitialized memory related to "graphite2::GlyphCache::Loader::read_glyph" has been reported in graphite2. An attacker could possibly exploit this flaw to negatively impact the execution of an application using graphite2 in unknown ways. ([CVE-2017-7777 __](<https://access.redhat.com/security/cve/CVE-2017-7777>))\n\nOut of bounds read \"graphite2::Silf::readGraphite\" \nAn out of bounds read flaw related to "graphite2::Silf::readGraphite" has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. ([CVE-2017-7774 __](<https://access.redhat.com/security/cve/CVE-2017-7774>))\n\nAssertion error \"size() > n\": \nAn assertion error has been reported in graphite2. An attacker could possibly exploit this flaw to cause an application crash. ([CVE-2017-7775 __](<https://access.redhat.com/security/cve/CVE-2017-7775>))\n\n \n**Affected Packages:** \n\n\ngraphite2\n\n \n**Issue Correction:** \nRun _yum update graphite2_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n graphite2-devel-1.3.10-1.7.amzn1.i686 \n graphite2-1.3.10-1.7.amzn1.i686 \n graphite2-debuginfo-1.3.10-1.7.amzn1.i686 \n \n src: \n graphite2-1.3.10-1.7.amzn1.src \n \n x86_64: \n graphite2-devel-1.3.10-1.7.amzn1.x86_64 \n graphite2-debuginfo-1.3.10-1.7.amzn1.x86_64 \n graphite2-1.3.10-1.7.amzn1.x86_64 \n \n \n", "edition": 5, "modified": "2017-08-17T18:27:00", "published": "2017-08-17T18:27:00", "id": "ALAS-2017-872", "href": "https://alas.aws.amazon.com/ALAS-2017-872.html", "title": "Important: graphite2", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:52", "bulletinFamily": "software", "cvelist": ["CVE-2017-7772", "CVE-2017-7773", "CVE-2017-7778", "CVE-2017-7771", "CVE-2017-7777", "CVE-2017-7775", "CVE-2017-7774", "CVE-2017-7776"], "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nHolger Fuhrmannek and Tyson Smith discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially-crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or possibly execute arbitrary code.\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.150.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.150.0 or later.\n\n# References\n\n * [USN-3398-1](<http://www.ubuntu.com/usn/usn-3398-1/>)\n * [CVE-2017-7771](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7771>)\n * [CVE-2017-7772](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7772>)\n * [CVE-2017-7773](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7773>)\n * [CVE-2017-7774](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7774>)\n * [CVE-2017-7775](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7775>)\n * [CVE-2017-7776](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7776>)\n * [CVE-2017-7777](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7777>)\n * [CVE-2017-7778](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7778>)\n", "edition": 6, "modified": "2017-09-21T00:00:00", "published": "2017-09-21T00:00:00", "id": "CFOUNDRY:C7F45C70F6C0B1158EC8D8729409B754", "href": "https://www.cloudfoundry.org/blog/usn-3398-1/", "title": "USN-3398-1: graphite2 vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:15", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7755", "CVE-2017-7752", "CVE-2017-7765", "CVE-2017-7763", "CVE-2017-7766", "CVE-2017-7778", "CVE-2017-5472", "CVE-2017-7759", "CVE-2017-7756", "CVE-2017-7761", "CVE-2017-7767", "CVE-2017-7764", "CVE-2017-7749", "CVE-2017-5470", "CVE-2017-5471", "CVE-2017-7751", "CVE-2017-7750", "CVE-2017-7762", "CVE-2017-7760", "CVE-2017-7768"], "description": "\nMozilla Foundation reports:\n\nPlease reference CVE/URL list for details\n\n", "edition": 8, "modified": "2017-09-19T00:00:00", "published": "2017-06-13T00:00:00", "id": "6CEC1B0A-DA15-467D-8691-1DEA392D4C8D", "href": "https://vuxml.freebsd.org/freebsd/6cec1b0a-da15-467d-8691-1dea392d4c8d.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2020-12-09T20:13:37", "description": "The \"Mark of the Web\" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.", "edition": 12, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-06-11T21:29:00", "title": "CVE-2017-7765", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7765"], "modified": "2019-10-03T00:03:00", "cpe": [], "id": "CVE-2017-7765", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7765", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2020-12-09T20:13:37", "description": "A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.", "edition": 11, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-11T21:29:00", "title": "CVE-2017-7749", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7749"], "modified": "2018-08-03T14:18:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.3", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2017-7749", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7749", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:13:37", "description": "A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.", "edition": 11, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-11T21:29:00", "title": "CVE-2017-7752", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7752"], "modified": "2018-08-03T14:31:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.3", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2017-7752", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7752", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:13:37", "description": "An out-of-bounds read in WebGL with a maliciously crafted \"ImageInfo\" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.", "edition": 11, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-06-11T21:29:00", "title": "CVE-2017-7754", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7754"], "modified": "2018-08-03T14:31:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.3", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2017-7754", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7754", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"]}]}