openSUSE: Security Advisory for seamonkey (openSUSE-SU-2023:0278-1)

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.833172");
  script_version("2024-05-16T05:05:35+0000");
  script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
  script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
  script_cve_id("CVE-2023-4863");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-05-16 05:05:35 +0000 (Thu, 16 May 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-09-18 17:48:44 +0000 (Mon, 18 Sep 2023)");
  script_tag(name:"creation_date", value:"2024-03-04 07:26:01 +0000 (Mon, 04 Mar 2024)");
  script_name("openSUSE: Security Advisory for seamonkey (openSUSE-SU-2023:0278-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=openSUSEBackportsSLE-15-SP5");

  script_xref(name:"Advisory-ID", value:"openSUSE-SU-2023:0278-1");
  script_xref(name:"URL", value:"https://lists.opensuse.org/archives/list/[email protected]/thread/5SOOP74GTYPZCPPWK473Q6QVJGSGCJQL");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'seamonkey'
  package(s) announced via the openSUSE-SU-2023:0278-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This update for seamonkey fixes the following issues:

     update to SeaMonkey 2.53.17.1

  * Upstream libwebp security fix bug 1852749.

  * CVE-2023-4863: Heap buffer overflow in libwebp bug 1852649.

  * Fix bad string encoded in ansi. l10n fr problem only bug 1847887.

  * SeaMonkey 2.53.17 uses the same backend as Firefox and contains the
         relevant Firefox 60.8 security fixes.

  * SeaMonkey 2.53.17 shares most parts of the mail and news code with
         Thunderbird. Please read the Thunderbird 60.8.0 release notes for
         specific security fixes in this release.

  * Additional important security fixes up to Current Firefox 115.3 and
         Thunderbird 115.3 ESR plus many enhancements have been backported. We
         will continue to enhance SeaMonkey security in subsequent 2.53.x beta
         and release versions as fast as we are able to.

     update to SeaMonkey 2.53.17

  * Fix macOS Contacts permission request bug 1826719.

  * Remove SeaMonkey 2.57 links from debugQA bug 1829683.

  * Treat opening urls from the library as external bug 1619108.

  * Disable spam warning for autogenerated links in plaintext messages bug
         619031.

  * Switch SeaMonkey build files to Python 3 bug 1635849.

  * Remove empty overlays from Composer bug 1828533.

  * Move xpfe autocomplete to comm-central suite bug 1418512.

  * Remove nsIPrefBranch2 and nsIPrefBranchInternal bug 1374847.

  * SeaMonkey 2.53.17 uses the same backend as Firefox and contains the
         relevant Firefox 60.8 security fixes.

  * SeaMonkey 2.53.17 shares most parts of the mail and news code with
         Thunderbird. Please read the Thunderbird 60.8.0 release notes for
         specific security fixes in this release.

  * Additional important security fixes up to Current Firefox 102.11 and
         Thunderbird 102.11 ESR plus many enhancements have been backported. We
         will continue to enhance SeaMonkey security in subsequent 2.53.x beta
         and release versions as fast as we are able to.

     Update to SeaMonkey 2.53.16

  * No throbber in plaintext editor bug 85498.

  * Remove unused gridlines class from EdAdvancedEdit bug 1806632.

  * Remove ESR 91 links from debugQA bug 1804534.

  * Rename devtools/shim to devtools/startup bug 1812367.

  * Remove unused seltype=textcell css bug 1806653.

  * Implement new shared tree styling bug 1807802.

  * Use `win.focus()` in macWindowMenu.js bug 1807817.

  * Remove WCAP provider bug 1579020.

  * Remove f ...

  Description truncated. Please see the references for more information.");

  script_tag(name:"affected", value:"'seamonkey' package(s) on openSUSE Backports SLE-15-SP5.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "openSUSEBackportsSLE-15-SP5") {

  if(!isnull(res = isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~2.53.17.1~bp155.2.3.1", rls:"openSUSEBackportsSLE-15-SP5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"seamonkey-dom-inspector", rpm:"seamonkey-dom-inspector~2.53.17.1~bp155.2.3.1", rls:"openSUSEBackportsSLE-15-SP5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"seamonkey-irc", rpm:"seamonkey-irc~2.53.17.1~bp155.2.3.1", rls:"openSUSEBackportsSLE-15-SP5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~2.53.17.1~bp155.2.3.1", rls:"openSUSEBackportsSLE-15-SP5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"seamonkey-dom-inspector", rpm:"seamonkey-dom-inspector~2.53.17.1~bp155.2.3.1", rls:"openSUSEBackportsSLE-15-SP5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"seamonkey-irc", rpm:"seamonkey-irc~2.53.17.1~bp155.2.3.1", rls:"openSUSEBackportsSLE-15-SP5"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);