Search...

Ubuntu Update for firefox USN-2243-1

2014-06-17T00:00:00

ID OPENVAS:1361412562310841855
Type openvas
Reporter Copyright (C) 2014 Greenbone Networks GmbH
Modified 2019-03-13T00:00:00

Description

The remote host is missing an update for the

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_2243_1.nasl 14140 2019-03-13 12:26:09Z cfischer $
#
# Ubuntu Update for firefox USN-2243-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.841855");
  script_version("$Revision: 14140 $");
  script_tag(name:"last_modification", value:"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $");
  script_tag(name:"creation_date", value:"2014-06-17 10:05:45 +0530 (Tue, 17 Jun 2014)");
  script_cve_id("CVE-2014-1533", "CVE-2014-1534", "CVE-2014-1536", "CVE-2014-1537",
                "CVE-2014-1538", "CVE-2014-1540", "CVE-2014-1541", "CVE-2014-1542");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_name("Ubuntu Update for firefox USN-2243-1");

  script_tag(name:"affected", value:"firefox on Ubuntu 14.04 LTS,
  Ubuntu 13.10,
  Ubuntu 12.04 LTS");
  script_tag(name:"insight", value:"Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore,
Jan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey, Jesse Ruderman, Gregor
Wagner, Benoit Jacob and Karl Tomlinson discovered multiple memory safety
issues in Firefox. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit these to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking Firefox. (CVE-2014-1533,
CVE-2014-1534)

Abhishek Arya discovered multiple use-after-free and out-of-bounds read
issues in Firefox. An attacker could potentially exploit these to cause
a denial of service via application crash or execute arbitrary code with
the privileges of the user invoking Firefox. (CVE-2014-1536,
CVE-2014-1537, CVE-2014-1538)

Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in the
event listener manager. An attacker could potentially exploit this to
cause a denial of service via application crash or execute arbitrary code
with the privileges of the user invoking Firefox. (CVE-2014-1540)

A use-after-free was discovered in the SMIL animation controller. An
attacker could potentially exploit this to cause a denial of service via
application crash or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2014-1541)

Holger Fuhrmannek discovered a buffer overflow in Web Audio. An attacker
could potentially exploit this to cause a denial of service via
application crash or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2014-1542)");
  script_tag(name:"solution", value:"Please Install the Updated Packages.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  script_xref(name:"USN", value:"2243-1");
  script_xref(name:"URL", value:"http://www.ubuntu.com/usn/usn-2243-1/");
  script_tag(name:"summary", value:"The remote host is missing an update for the 'firefox'
  package(s) announced via the referenced advisory.");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(14\.04 LTS|12\.04 LTS|13\.10)");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "UBUNTU14.04 LTS")
{

  if ((res = isdpkgvuln(pkg:"firefox", ver:"30.0+build1-0ubuntu0.14.04.3", rls:"UBUNTU14.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}


if(release == "UBUNTU12.04 LTS")
{

  if ((res = isdpkgvuln(pkg:"firefox", ver:"30.0+build1-0ubuntu0.12.04.3", rls:"UBUNTU12.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}


if(release == "UBUNTU13.10")
{

  if ((res = isdpkgvuln(pkg:"firefox", ver:"30.0+build1-0ubuntu0.13.10.3", rls:"UBUNTU13.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310841855", "bulletinFamily": "scanner", "title": "Ubuntu Update for firefox USN-2243-1", "description": "The remote host is missing an update for the ", "published": "2014-06-17T00:00:00", "modified": "2019-03-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841855", "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "references": ["2243-1", "http://www.ubuntu.com/usn/usn-2243-1/"], "cvelist": ["CVE-2014-1536", "CVE-2014-1538", "CVE-2014-1537", "CVE-2014-1542", "CVE-2014-1540", "CVE-2014-1534", "CVE-2014-1541", "CVE-2014-1533"], "type": "openvas", "lastseen": "2019-05-29T18:37:22", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-1536", "CVE-2014-1538", "CVE-2014-1537", "CVE-2014-1542", "CVE-2014-1540", "CVE-2014-1534", "CVE-2014-1541", "CVE-2014-1533"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The remote host is missing an update for the ", "edition": 10, "enchantments": {"dependencies": {"modified": "2019-03-14T14:29:31", "references": [{"idList": ["888A0262-F0D9-11E3-BA0C-B4B52FCE4CE8"], "type": "freebsd"}, {"idList": ["OPENVAS:1361412562310804703", "OPENVAS:1361412562310850592", "OPENVAS:1361412562310123395", "OPENVAS:1361412562310871178", "OPENVAS:1361412562310123396", "OPENVAS:1361412562310850804", "OPENVAS:1361412562310850984", "OPENVAS:1361412562310851066", "OPENVAS:1361412562310804702", "OPENVAS:1361412562310804707"], "type": "openvas"}, {"idList": ["MOZILLA_THUNDERBIRD_24_6.NASL", "MACOSX_THUNDERBIRD_24_6.NASL", "OPENSUSE-2014-448.NASL", "UBUNTU_USN-2243-1.NASL", "MACOSX_FIREFOX_30.NASL", "SEAMONKEY_2_26_1.NASL", "MOZILLA_FIREFOX_30.NASL", "OPENSUSE-2014-447.NASL", "FREEBSD_PKG_888A0262F0D911E3BA0CB4B52FCE4CE8.NASL", "OPENSUSE-2014-432.NASL"], "type": "nessus"}, {"idList": ["RHSA-2014:0742", "RHSA-2014:0741"], "type": "redhat"}, {"idList": ["SECURITYVULNS:VULN:13820", "SECURITYVULNS:DOC:31682"], "type": "securityvulns"}, {"idList": ["CESA-2014:0742", "CESA-2014:0741"], "type": "centos"}, {"idList": ["GLSA-201504-01"], "type": "gentoo"}, {"idList": ["OPENSUSE-SU-2014:0797-1", "SUSE-SU-2014:0824-3", "SUSE-SU-2014:0824-2", "SUSE-SU-2014:0824-1", "OPENSUSE-SU-2014:1100-1", "SUSE-SU-2014:0905-1"], "type": "suse"}, {"idList": ["DEBIAN:DSA-2955-1:7EADC", "DEBIAN:DSA-2960-1:520CF"], "type": "debian"}, {"idList": ["ELSA-2014-0741", "ELSA-2014-0742"], "type": "oraclelinux"}, {"idList": ["CVE-2014-1536", "CVE-2014-1538", "CVE-2014-1537", "CVE-2014-1542", "CVE-2014-1540", "CVE-2014-1534", "CVE-2014-1541", "CVE-2014-1533"], "type": "cve"}, {"idList": ["MFSA2014-49", "MFSA2014-51", "MFSA2014-52", "MFSA2014-53", "MFSA2014-48"], "type": "mozilla"}, {"idList": ["USN-2243-1", "USN-2250-1"], "type": "ubuntu"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "71c9f4f9afde8660b7dd06fb32e340ae15d828f427e1558dde8f7bce0d9c207e", "hashmap": [{"hash": "fcfe249768bb3238aaae5d43d955324d", "key": "published"}, {"hash": "a2a312f60e6c5e294a4eab7cfd102b3b", "key": "title"}, {"hash": "d7ed8e8f719b6837d92e3e6b3f1162ff", "key": "cvelist"}, {"hash": "1bb9e31b9f0e56abdf1186ec62deb0b4", "key": "references"}, {"hash": "1693b96dcccf4fbcd463bf8baaa2bf3f", "key": "description"}, {"hash": "ad4d18ce7879d13ff3fe5003518760c4", "key": "modified"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "06df9aea2d851c3b10ab498f59f0777d", "key": "reporter"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "ab8459d17c3670f8a08c9e3baf47f3dc", "key": "sourceData"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "763874d8ca8e037343141c9baefe3e7a", "key": "href"}, {"hash": "2c389fc664a4b04069eaf070043d0d8a", "key": "pluginID"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841855", "id": "OPENVAS:1361412562310841855", "lastseen": "2019-03-14T14:29:31", "modified": "2019-03-13T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310841855", "published": "2014-06-17T00:00:00", "references": ["2243-1", "http://www.ubuntu.com/usn/usn-2243-1/"], "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2243_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for firefox USN-2243-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841855\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-17 10:05:45 +0530 (Tue, 17 Jun 2014)\");\n script_cve_id(\"CVE-2014-1533\", \"CVE-2014-1534\", \"CVE-2014-1536\", \"CVE-2014-1537\",\n \"CVE-2014-1538\", \"CVE-2014-1540\", \"CVE-2014-1541\", \"CVE-2014-1542\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for firefox USN-2243-1\");\n\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 14.04 LTS,\n Ubuntu 13.10,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore,\nJan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey, Jesse Ruderman, Gregor\nWagner, Benoit Jacob and Karl Tomlinson discovered multiple memory safety\nissues in Firefox. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2014-1533,\nCVE-2014-1534)\n\nAbhishek Arya discovered multiple use-after-free and out-of-bounds read\nissues in Firefox. An attacker could potentially exploit these to cause\na denial of service via application crash or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2014-1536,\nCVE-2014-1537, CVE-2014-1538)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in the\nevent listener manager. An attacker could potentially exploit this to\ncause a denial of service via application crash or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2014-1540)\n\nA use-after-free was discovered in the SMIL animation controller. An\nattacker could potentially exploit this to cause a denial of service via\napplication crash or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2014-1541)\n\nHolger Fuhrmannek discovered a buffer overflow in Web Audio. An attacker\ncould potentially exploit this to cause a denial of service via\napplication crash or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2014-1542)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2243-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2243-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|13\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"30.0+build1-0ubuntu0.14.04.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"30.0+build1-0ubuntu0.12.04.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"30.0+build1-0ubuntu0.13.10.3\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "title": "Ubuntu Update for firefox USN-2243-1", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 10, "lastseen": "2019-03-14T14:29:31"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-1536", "CVE-2014-1538", "CVE-2014-1537", "CVE-2014-1542", "CVE-2014-1540", "CVE-2014-1534", "CVE-2014-1541", "CVE-2014-1533"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Check for the Version of firefox", "edition": 8, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "97c6e10b74a00aa1aa77811186a9f9ab20361f153d02ab4e2ba197b4ed4ed21e", "hashmap": [{"hash": "fcfe249768bb3238aaae5d43d955324d", "key": "published"}, {"hash": "a2a312f60e6c5e294a4eab7cfd102b3b", "key": "title"}, {"hash": "d7ed8e8f719b6837d92e3e6b3f1162ff", "key": "cvelist"}, {"hash": "1bb9e31b9f0e56abdf1186ec62deb0b4", "key": "references"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "06df9aea2d851c3b10ab498f59f0777d", "key": "reporter"}, {"hash": "0350ce7c151e34c83acdd29c7efaf4e4", "key": "sourceData"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "763874d8ca8e037343141c9baefe3e7a", "key": "href"}, {"hash": "2c389fc664a4b04069eaf070043d0d8a", "key": "pluginID"}, {"hash": "464857d7b87b7b905e79b99c78b7d97a", "key": "modified"}, {"hash": "8ab2086e5c37da8b9bddca4139df783b", "key": "description"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841855", "id": "OPENVAS:1361412562310841855", "lastseen": "2018-09-01T23:54:02", "modified": "2018-08-17T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310841855", "published": "2014-06-17T00:00:00", "references": ["2243-1", "http://www.ubuntu.com/usn/usn-2243-1/"], "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2243_1.nasl 11037 2018-08-17 11:51:16Z cfischer $\n#\n# Ubuntu Update for firefox USN-2243-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841855\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-17 10:05:45 +0530 (Tue, 17 Jun 2014)\");\n script_cve_id(\"CVE-2014-1533\", \"CVE-2014-1534\", \"CVE-2014-1536\", \"CVE-2014-1537\",\n \"CVE-2014-1538\", \"CVE-2014-1540\", \"CVE-2014-1541\", \"CVE-2014-1542\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for firefox USN-2243-1\");\n\n\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 14.04 LTS,\n Ubuntu 13.10,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore,\nJan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey, Jesse Ruderman, Gregor\nWagner, Benoit Jacob and Karl Tomlinson discovered multiple memory safety\nissues in Firefox. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2014-1533,\nCVE-2014-1534)\n\nAbhishek Arya discovered multiple use-after-free and out-of-bounds read\nissues in Firefox. An attacker could potentially exploit these to cause\na denial of service via application crash or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2014-1536,\nCVE-2014-1537, CVE-2014-1538)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in the\nevent listener manager. An attacker could potentially exploit this to\ncause a denial of service via application crash or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2014-1540)\n\nA use-after-free was discovered in the SMIL animation controller. An\nattacker could potentially exploit this to cause a denial of service via\napplication crash or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2014-1541)\n\nHolger Fuhrmannek discovered a buffer overflow in Web Audio. An attacker\ncould potentially exploit this to cause a denial of service via\napplication crash or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2014-1542)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2243-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2243-1/\");\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|13\\.10)\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"30.0+build1-0ubuntu0.14.04.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"30.0+build1-0ubuntu0.12.04.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"30.0+build1-0ubuntu0.13.10.3\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "title": "Ubuntu Update for firefox USN-2243-1", "type": "openvas", "viewCount": 0}, "differentElements": ["description", "modified", "sourceData"], "edition": 8, "lastseen": "2018-09-01T23:54:02"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-1536", "CVE-2014-1538", "CVE-2014-1537", "CVE-2014-1542", "CVE-2014-1540", "CVE-2014-1534", "CVE-2014-1541", "CVE-2014-1533"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Check for the Version of firefox", "edition": 2, "enchantments": {}, "hash": "3e1c758d3800086b5350622fb6724564fe7f3dc2213eeb440d997a95eaa8e76b", "hashmap": [{"hash": "fcfe249768bb3238aaae5d43d955324d", "key": "published"}, {"hash": "a2a312f60e6c5e294a4eab7cfd102b3b", "key": "title"}, {"hash": "d7ed8e8f719b6837d92e3e6b3f1162ff", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "06df9aea2d851c3b10ab498f59f0777d", "key": "reporter"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "763874d8ca8e037343141c9baefe3e7a", "key": "href"}, {"hash": "2c389fc664a4b04069eaf070043d0d8a", "key": "pluginID"}, {"hash": "8793d7ef1ac62740b55feee87b4be919", "key": "references"}, {"hash": "3fb4b919fe8ebfd1dd0a1252ecd74a1b", "key": "sourceData"}, {"hash": "0d134bf170d66438eb1e01173ee0187f", "key": "modified"}, {"hash": "8ab2086e5c37da8b9bddca4139df783b", "key": "description"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841855", "id": "OPENVAS:1361412562310841855", "lastseen": "2017-07-25T10:49:04", "modified": "2017-07-10T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310841855", "published": "2014-06-17T00:00:00", "references": ["https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-June/002544.html", "2243-1"], "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for firefox USN-2243-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841855\");\n script_version(\"$Revision: 6645 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:02:37 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-17 10:05:45 +0530 (Tue, 17 Jun 2014)\");\n script_cve_id(\"CVE-2014-1533\", \"CVE-2014-1534\", \"CVE-2014-1536\", \"CVE-2014-1537\",\n \"CVE-2014-1538\", \"CVE-2014-1540\", \"CVE-2014-1541\", \"CVE-2014-1542\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for firefox USN-2243-1\");\n\n tag_insight = \"Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore,\nJan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey, Jesse Ruderman, Gregor\nWagner, Benoit Jacob and Karl Tomlinson discovered multiple memory safety\nissues in Firefox. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2014-1533,\nCVE-2014-1534)\n\nAbhishek Arya discovered multiple use-after-free and out-of-bounds read\nissues in Firefox. An attacker could potentially exploit these to cause\na denial of service via application crash or execute arbitrary code with\nthe priviliges of the user invoking Firefox. (CVE-2014-1536,\nCVE-2014-1537, CVE-2014-1538)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in the\nevent listener manager. An attacker could potentially exploit this to\ncause a denial of service via application crash or execute arbitrary code\nwith the priviliges of the user invoking Firefox. (CVE-2014-1540)\n\nA use-after-free was discovered in the SMIL animation controller. An\nattacker could potentially exploit this to cause a denial of service via\napplication crash or execute arbitrary code with the priviliges of the\nuser invoking Firefox. (CVE-2014-1541)\n\nHolger Fuhrmannek discovered a buffer overflow in Web Audio. An attacker\ncould potentially exploit this to cause a denial of service via\napplication crash or execute arbitrary code with the priviliges of the\nuser invoking Firefox. (CVE-2014-1542)\";\n\n tag_affected = \"firefox on Ubuntu 14.04 LTS ,\n Ubuntu 13.10 ,\n Ubuntu 12.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2243-1\");\n script_xref(name: \"URL\" , value: \"https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-June/002544.html\");\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"30.0+build1-0ubuntu0.14.04.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"30.0+build1-0ubuntu0.12.04.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"30.0+build1-0ubuntu0.13.10.3\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "Ubuntu Update for firefox USN-2243-1", "type": "openvas", "viewCount": 0}, "differentElements": ["references", "modified", "sourceData"], "edition": 2, "lastseen": "2017-07-25T10:49:04"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-1536", "CVE-2014-1538", "CVE-2014-1537", "CVE-2014-1542", "CVE-2014-1540", "CVE-2014-1534", "CVE-2014-1541", "CVE-2014-1533"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Check for the Version of firefox", "edition": 7, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "70da647e70dcfa4d47eb438cc443a7096a53c9b7c390c0c9a655a8c5d7cb8d04", "hashmap": [{"hash": "fcfe249768bb3238aaae5d43d955324d", "key": "published"}, {"hash": "a2a312f60e6c5e294a4eab7cfd102b3b", "key": "title"}, {"hash": "d7ed8e8f719b6837d92e3e6b3f1162ff", "key": "cvelist"}, {"hash": "1bb9e31b9f0e56abdf1186ec62deb0b4", "key": "references"}, {"hash": "06df9aea2d851c3b10ab498f59f0777d", "key": "reporter"}, {"hash": "0350ce7c151e34c83acdd29c7efaf4e4", "key": "sourceData"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "763874d8ca8e037343141c9baefe3e7a", "key": "href"}, {"hash": "2c389fc664a4b04069eaf070043d0d8a", "key": "pluginID"}, {"hash": "464857d7b87b7b905e79b99c78b7d97a", "key": "modified"}, {"hash": "8ab2086e5c37da8b9bddca4139df783b", "key": "description"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841855", "id": "OPENVAS:1361412562310841855", "lastseen": "2018-08-30T19:23:38", "modified": "2018-08-17T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310841855", "published": "2014-06-17T00:00:00", "references": ["2243-1", "http://www.ubuntu.com/usn/usn-2243-1/"], "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2243_1.nasl 11037 2018-08-17 11:51:16Z cfischer $\n#\n# Ubuntu Update for firefox USN-2243-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841855\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-17 10:05:45 +0530 (Tue, 17 Jun 2014)\");\n script_cve_id(\"CVE-2014-1533\", \"CVE-2014-1534\", \"CVE-2014-1536\", \"CVE-2014-1537\",\n \"CVE-2014-1538\", \"CVE-2014-1540\", \"CVE-2014-1541\", \"CVE-2014-1542\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for firefox USN-2243-1\");\n\n\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 14.04 LTS,\n Ubuntu 13.10,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore,\nJan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey, Jesse Ruderman, Gregor\nWagner, Benoit Jacob and Karl Tomlinson discovered multiple memory safety\nissues in Firefox. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2014-1533,\nCVE-2014-1534)\n\nAbhishek Arya discovered multiple use-after-free and out-of-bounds read\nissues in Firefox. An attacker could potentially exploit these to cause\na denial of service via application crash or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2014-1536,\nCVE-2014-1537, CVE-2014-1538)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in the\nevent listener manager. An attacker could potentially exploit this to\ncause a denial of service via application crash or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2014-1540)\n\nA use-after-free was discovered in the SMIL animation controller. An\nattacker could potentially exploit this to cause a denial of service via\napplication crash or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2014-1541)\n\nHolger Fuhrmannek discovered a buffer overflow in Web Audio. An attacker\ncould potentially exploit this to cause a denial of service via\napplication crash or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2014-1542)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2243-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2243-1/\");\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|13\\.10)\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"30.0+build1-0ubuntu0.14.04.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"30.0+build1-0ubuntu0.12.04.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"30.0+build1-0ubuntu0.13.10.3\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "title": "Ubuntu Update for firefox USN-2243-1", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 7, "lastseen": "2018-08-30T19:23:38"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-1536", "CVE-2014-1538", "CVE-2014-1537", "CVE-2014-1542", "CVE-2014-1540", "CVE-2014-1534", "CVE-2014-1541", "CVE-2014-1533"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Check for the Version of firefox", "edition": 6, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "97c6e10b74a00aa1aa77811186a9f9ab20361f153d02ab4e2ba197b4ed4ed21e", "hashmap": [{"hash": "fcfe249768bb3238aaae5d43d955324d", "key": "published"}, {"hash": "a2a312f60e6c5e294a4eab7cfd102b3b", "key": "title"}, {"hash": "d7ed8e8f719b6837d92e3e6b3f1162ff", "key": "cvelist"}, {"hash": "1bb9e31b9f0e56abdf1186ec62deb0b4", "key": "references"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "06df9aea2d851c3b10ab498f59f0777d", "key": "reporter"}, {"hash": "0350ce7c151e34c83acdd29c7efaf4e4", "key": "sourceData"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "763874d8ca8e037343141c9baefe3e7a", "key": "href"}, {"hash": "2c389fc664a4b04069eaf070043d0d8a", "key": "pluginID"}, {"hash": "464857d7b87b7b905e79b99c78b7d97a", "key": "modified"}, {"hash": "8ab2086e5c37da8b9bddca4139df783b", "key": "description"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841855", "id": "OPENVAS:1361412562310841855", "lastseen": "2018-08-24T21:31:48", "modified": "2018-08-17T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310841855", "published": "2014-06-17T00:00:00", "references": ["2243-1", "http://www.ubuntu.com/usn/usn-2243-1/"], "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2243_1.nasl 11037 2018-08-17 11:51:16Z cfischer $\n#\n# Ubuntu Update for firefox USN-2243-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841855\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-17 10:05:45 +0530 (Tue, 17 Jun 2014)\");\n script_cve_id(\"CVE-2014-1533\", \"CVE-2014-1534\", \"CVE-2014-1536\", \"CVE-2014-1537\",\n \"CVE-2014-1538\", \"CVE-2014-1540\", \"CVE-2014-1541\", \"CVE-2014-1542\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for firefox USN-2243-1\");\n\n\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 14.04 LTS,\n Ubuntu 13.10,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore,\nJan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey, Jesse Ruderman, Gregor\nWagner, Benoit Jacob and Karl Tomlinson discovered multiple memory safety\nissues in Firefox. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2014-1533,\nCVE-2014-1534)\n\nAbhishek Arya discovered multiple use-after-free and out-of-bounds read\nissues in Firefox. An attacker could potentially exploit these to cause\na denial of service via application crash or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2014-1536,\nCVE-2014-1537, CVE-2014-1538)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in the\nevent listener manager. An attacker could potentially exploit this to\ncause a denial of service via application crash or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2014-1540)\n\nA use-after-free was discovered in the SMIL animation controller. An\nattacker could potentially exploit this to cause a denial of service via\napplication crash or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2014-1541)\n\nHolger Fuhrmannek discovered a buffer overflow in Web Audio. An attacker\ncould potentially exploit this to cause a denial of service via\napplication crash or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2014-1542)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2243-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2243-1/\");\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|13\\.10)\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"30.0+build1-0ubuntu0.14.04.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"30.0+build1-0ubuntu0.12.04.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"30.0+build1-0ubuntu0.13.10.3\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "title": "Ubuntu Update for firefox USN-2243-1", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 6, "lastseen": "2018-08-24T21:31:48"}], "edition": 11, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "d7ed8e8f719b6837d92e3e6b3f1162ff"}, {"key": "cvss", "hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d"}, {"key": "description", "hash": "1693b96dcccf4fbcd463bf8baaa2bf3f"}, {"key": "href", "hash": "763874d8ca8e037343141c9baefe3e7a"}, {"key": "modified", "hash": "ad4d18ce7879d13ff3fe5003518760c4"}, {"key": "naslFamily", "hash": "c9b7d00377a789a14c9bb9dab6c7168c"}, {"key": "pluginID", "hash": "2c389fc664a4b04069eaf070043d0d8a"}, {"key": "published", "hash": "fcfe249768bb3238aaae5d43d955324d"}, {"key": "references", "hash": "1bb9e31b9f0e56abdf1186ec62deb0b4"}, {"key": "reporter", "hash": "06df9aea2d851c3b10ab498f59f0777d"}, {"key": "sourceData", "hash": "ab8459d17c3670f8a08c9e3baf47f3dc"}, {"key": "title", "hash": "a2a312f60e6c5e294a4eab7cfd102b3b"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "0c08452bd1bbec92e26fdb97ead97dc55628c7b88206967777215dfa741b0f11", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SEAMONKEY_2_26_1.NASL", "MACOSX_FIREFOX_30.NASL", "UBUNTU_USN-2243-1.NASL", "MOZILLA_FIREFOX_30.NASL", "MACOSX_THUNDERBIRD_24_6.NASL", "MOZILLA_THUNDERBIRD_24_6.NASL", "FREEBSD_PKG_888A0262F0D911E3BA0CB4B52FCE4CE8.NASL", "OPENSUSE-2014-432.NASL", "OPENSUSE-2014-447.NASL", "SUSE_11_FIREFOX-2014-06-140612.NASL"]}, {"type": "ubuntu", "idList": ["USN-2243-1", "USN-2250-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310804702", "OPENVAS:1361412562310850984", "OPENVAS:1361412562310850804", "OPENVAS:1361412562310851066", "OPENVAS:1361412562310850592", "OPENVAS:1361412562310804703", "OPENVAS:1361412562310804705", "OPENVAS:1361412562310881950", "OPENVAS:1361412562310881948", "OPENVAS:1361412562310871178"]}, {"type": "freebsd", "idList": ["888A0262-F0D9-11E3-BA0C-B4B52FCE4CE8"]}, {"type": "cve", "idList": ["CVE-2014-1534", "CVE-2014-1542", "CVE-2014-1538", "CVE-2014-1540", "CVE-2014-1536", "CVE-2014-1533", "CVE-2014-1537", "CVE-2014-1541"]}, {"type": "suse", "idList": ["SUSE-SU-2014:0824-1", "SUSE-SU-2014:0824-3", "SUSE-SU-2014:0905-1", "SUSE-SU-2014:0824-2", "OPENSUSE-SU-2014:0797-1", "OPENSUSE-SU-2014:1100-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13820", "SECURITYVULNS:DOC:31682"]}, {"type": "mozilla", "idList": ["MFSA2014-49", "MFSA2014-48", "MFSA2014-53", "MFSA2014-51", "MFSA2014-52"]}, {"type": "centos", "idList": ["CESA-2014:0741", "CESA-2014:0742"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0741", "ELSA-2014-0742"]}, {"type": "redhat", "idList": ["RHSA-2014:0741", "RHSA-2014:0742"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2955-1:7EADC", "DEBIAN:DSA-2960-1:520CF"]}, {"type": "gentoo", "idList": ["GLSA-201504-01"]}], "modified": "2019-05-29T18:37:22"}, "score": {"value": 9.1, "vector": "NONE", "modified": "2019-05-29T18:37:22"}, "vulnersScore": 9.1}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2243_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for firefox USN-2243-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841855\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-17 10:05:45 +0530 (Tue, 17 Jun 2014)\");\n script_cve_id(\"CVE-2014-1533\", \"CVE-2014-1534\", \"CVE-2014-1536\", \"CVE-2014-1537\",\n \"CVE-2014-1538\", \"CVE-2014-1540\", \"CVE-2014-1541\", \"CVE-2014-1542\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for firefox USN-2243-1\");\n\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 14.04 LTS,\n Ubuntu 13.10,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore,\nJan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey, Jesse Ruderman, Gregor\nWagner, Benoit Jacob and Karl Tomlinson discovered multiple memory safety\nissues in Firefox. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2014-1533,\nCVE-2014-1534)\n\nAbhishek Arya discovered multiple use-after-free and out-of-bounds read\nissues in Firefox. An attacker could potentially exploit these to cause\na denial of service via application crash or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2014-1536,\nCVE-2014-1537, CVE-2014-1538)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in the\nevent listener manager. An attacker could potentially exploit this to\ncause a denial of service via application crash or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2014-1540)\n\nA use-after-free was discovered in the SMIL animation controller. An\nattacker could potentially exploit this to cause a denial of service via\napplication crash or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2014-1541)\n\nHolger Fuhrmannek discovered a buffer overflow in Web Audio. An attacker\ncould potentially exploit this to cause a denial of service via\napplication crash or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2014-1542)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2243-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2243-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|13\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"30.0+build1-0ubuntu0.14.04.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"30.0+build1-0ubuntu0.12.04.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"30.0+build1-0ubuntu0.13.10.3\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Ubuntu Local Security Checks", "pluginID": "1361412562310841855", "scheme": null}

{"nessus": [{"lastseen": "2019-02-21T01:22:18", "bulletinFamily": "scanner", "description": "The installed version of SeaMonkey is a version prior to 2.26.1. It is, therefore, affected by the following vulnerabilities :\n\n - There are multiple memory safety bugs in the browser engine. Several of these bugs show evidence of memory corruption, which may allow an attacker to execute arbitrary code. (CVE-2014-1533, CVE-2014-1534)\n\n - There are multiple use-after-free and out of bounds read issues. These issues have the potential to be exploited, resulting in remote code execution.\n (CVE-2014-1536, CVE-2014-1537, CVE-2014-1538)\n\n - A use-after-free error exists in the SMIL Animation Controller when interacting with and rendering improperly formed web content. This may result in a potentially exploitable crash. (CVE-2014-1541)\n\n - A use-after-free flaw exists in the event listener manager that can be triggered by web content. This may result in a potentially exploitable crash.\n (CVE-2014-1540)\n\n - A flaw exists in the Speex resample in Web Audio that results in a buffer overflow when working with audio content that exceeds the expected bounds. This flaw results in a potentially exploitable crash.\n (CVE-2014-1542)\n\n - There exists a buffer overflow in the Gamepad API when it is exercised with a gamepad device with non-contiguous axes. This flaw results in a potentially exploitable crash. (CVE-2014-1543)", "modified": "2018-07-27T00:00:00", "id": "SEAMONKEY_2_26_1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77283", "published": "2014-08-20T00:00:00", "title": "SeaMonkey < 2.26.1 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77283);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\n \"CVE-2014-1533\",\n \"CVE-2014-1534\",\n \"CVE-2014-1536\",\n \"CVE-2014-1537\",\n \"CVE-2014-1538\",\n \"CVE-2014-1540\",\n \"CVE-2014-1541\",\n \"CVE-2014-1542\",\n \"CVE-2014-1543\"\n );\n script_bugtraq_id(\n 67969,\n 67968,\n 67979,\n 67978,\n 67966,\n 67971,\n 67976,\n 67965,\n 67964\n );\n\n script_name(english:\"SeaMonkey < 2.26.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of SeaMonkey.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of SeaMonkey is a version prior to 2.26.1. It\nis, therefore, affected by the following vulnerabilities :\n\n - There are multiple memory safety bugs in the browser\n engine. Several of these bugs show evidence of\n memory corruption, which may allow an attacker to\n execute arbitrary code. (CVE-2014-1533, CVE-2014-1534)\n\n - There are multiple use-after-free and out of bounds\n read issues. These issues have the potential to be\n exploited, resulting in remote code execution.\n (CVE-2014-1536, CVE-2014-1537, CVE-2014-1538)\n\n - A use-after-free error exists in the SMIL Animation\n Controller when interacting with and rendering\n improperly formed web content. This may result in a\n potentially exploitable crash. (CVE-2014-1541)\n\n - A use-after-free flaw exists in the event listener\n manager that can be triggered by web content. This may\n result in a potentially exploitable crash.\n (CVE-2014-1540)\n\n - A flaw exists in the Speex resample in Web Audio that\n results in a buffer overflow when working with audio\n content that exceeds the expected bounds. This flaw\n results in a potentially exploitable crash.\n (CVE-2014-1542)\n\n - There exists a buffer overflow in the Gamepad API when\n it is exercised with a gamepad device with\n non-contiguous axes. This flaw results in a potentially\n exploitable crash. (CVE-2014-1543)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-48/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-49/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-51/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-52/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-53/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-54/\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to SeaMonkey 2.26.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:seamonkey\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"SeaMonkey/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/SeaMonkey/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"SeaMonkey\");\n\nmozilla_check_version(installs:installs, product:'seamonkey', fix:'2.26.1', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:21:16", "bulletinFamily": "scanner", "description": "The version of Firefox installed on the remote Mac OS X host is a version prior to version 30.0. It is, therefore, affected by multiple vulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code execution. Note that these issues only affect Firefox 29. (CVE-2014-1533, CVE-2014-1534)\n\n - An out-of-bounds read issue exists in 'PropertyProvider::FindJustificationRange'.\n (CVE-2014-1536)\n\n - Use-after-free memory issues exist in 'mozilla::dom::workers::WorkerPrivateParent', 'nsTextEditRules::CreateMozBR', and the SMIL Animation Controller that could lead to code execution.\n (CVE-2014-1537, CVE-2014-1538, CVE-2014-1541)\n\n - An issue exists when the cursor is used on an embedded Flash object which can make the cursor invisible and lead to clickjacking attacks. (CVE-2014-1539)\n\n - A use-after-free memory issue exists in the event listener manager. Note that this issue only affects Firefox 29. (CVE-2014-1540)\n\n - A buffer overflow issue exists in the Speex resampler for Web Audio that could lead to code execution.\n (CVE-2014-1542)", "modified": "2016-04-28T00:00:00", "id": "MACOSX_FIREFOX_30.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74437", "published": "2014-06-11T00:00:00", "title": "Firefox < 30.0 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74437);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2016/04/28 20:52:58 $\");\n\n script_cve_id(\n \"CVE-2014-1533\",\n \"CVE-2014-1534\",\n \"CVE-2014-1536\",\n \"CVE-2014-1537\",\n \"CVE-2014-1538\",\n \"CVE-2014-1539\",\n \"CVE-2014-1540\",\n \"CVE-2014-1541\",\n \"CVE-2014-1542\"\n );\n script_bugtraq_id(\n 67964,\n 67965,\n 67966,\n 67967,\n 67968,\n 67971,\n 67976,\n 67978,\n 67979\n );\n\n script_name(english:\"Firefox < 30.0 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox installed on the remote Mac OS X host is a\nversion prior to version 30.0. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code\n execution. Note that these issues only affect Firefox\n 29. (CVE-2014-1533, CVE-2014-1534)\n\n - An out-of-bounds read issue exists in\n 'PropertyProvider::FindJustificationRange'.\n (CVE-2014-1536)\n\n - Use-after-free memory issues exist in\n 'mozilla::dom::workers::WorkerPrivateParent',\n 'nsTextEditRules::CreateMozBR', and the SMIL Animation\n Controller that could lead to code execution.\n (CVE-2014-1537, CVE-2014-1538, CVE-2014-1541)\n\n - An issue exists when the cursor is used on an embedded\n Flash object which can make the cursor invisible and\n lead to clickjacking attacks. (CVE-2014-1539)\n\n - A use-after-free memory issue exists in the event\n listener manager. Note that this issue only affects\n Firefox 29. (CVE-2014-1540)\n\n - A buffer overflow issue exists in the Speex resampler\n for Web Audio that could lead to code execution.\n (CVE-2014-1542)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-48.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-49.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-50.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-51.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-52.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-53.html\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 30.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'30.0', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:21:17", "bulletinFamily": "scanner", "description": "Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey, Jesse Ruderman, Gregor Wagner, Benoit Jacob and Karl Tomlinson discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox.\n(CVE-2014-1533, CVE-2014-1534)\n\nAbhishek Arya discovered multiple use-after-free and out-of-bounds read issues in Firefox. An attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1536, CVE-2014-1537, CVE-2014-1538)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in the event listener manager. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox.\n(CVE-2014-1540)\n\nA use-after-free was discovered in the SMIL animation controller. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1541)\n\nHolger Fuhrmannek discovered a buffer overflow in Web Audio. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1542).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2243-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74493", "published": "2014-06-12T00:00:00", "title": "Ubuntu 12.04 LTS / 13.10 / 14.04 LTS : firefox vulnerabilities (USN-2243-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2243-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74493);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2014-1533\", \"CVE-2014-1534\", \"CVE-2014-1536\", \"CVE-2014-1537\", \"CVE-2014-1538\", \"CVE-2014-1540\", \"CVE-2014-1541\", \"CVE-2014-1542\");\n script_bugtraq_id(67964, 67966, 67968, 67971, 67978);\n script_xref(name:\"USN\", value:\"2243-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 13.10 / 14.04 LTS : firefox vulnerabilities (USN-2243-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore, Jan\nde Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey, Jesse Ruderman,\nGregor Wagner, Benoit Jacob and Karl Tomlinson discovered multiple\nmemory safety issues in Firefox. If a user were tricked in to opening\na specially crafted website, an attacker could potentially exploit\nthese to cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking Firefox.\n(CVE-2014-1533, CVE-2014-1534)\n\nAbhishek Arya discovered multiple use-after-free and out-of-bounds\nread issues in Firefox. An attacker could potentially exploit these to\ncause a denial of service via application crash or execute arbitrary\ncode with the priviliges of the user invoking Firefox. (CVE-2014-1536,\nCVE-2014-1537, CVE-2014-1538)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in\nthe event listener manager. An attacker could potentially exploit this\nto cause a denial of service via application crash or execute\narbitrary code with the priviliges of the user invoking Firefox.\n(CVE-2014-1540)\n\nA use-after-free was discovered in the SMIL animation controller. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash or execute arbitrary code with the priviliges of\nthe user invoking Firefox. (CVE-2014-1541)\n\nHolger Fuhrmannek discovered a buffer overflow in Web Audio. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash or execute arbitrary code with the priviliges of\nthe user invoking Firefox. (CVE-2014-1542).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2243-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|13\\.10|14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 13.10 / 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"30.0+build1-0ubuntu0.12.04.3\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"firefox\", pkgver:\"30.0+build1-0ubuntu0.13.10.3\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"firefox\", pkgver:\"30.0+build1-0ubuntu0.14.04.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:21:16", "bulletinFamily": "scanner", "description": "The version of Firefox installed on the remote host is a version prior to 30.0 and is, therefore, affected by the following vulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code execution. Note that these issues only affect Firefox 29. (CVE-2014-1533, CVE-2014-1534)\n\n - An out-of-bounds read issue exists in 'PropertyProvider::FindJustificationRange'.\n (CVE-2014-1536)\n\n - Use-after-free memory issues exist in 'mozilla::dom::workers::WorkerPrivateParent', 'nsTextEditRules::CreateMozBR', and the SMIL Animation Controller that could lead to code execution.\n (CVE-2014-1537, CVE-2014-1538, CVE-2014-1541)\n\n - A use-after-free memory issue exists in the event listener manager. Note that this issue only affects Firefox 29. (CVE-2014-1540)\n\n - A buffer overflow issue exists in the Speex resampler for Web Audio that could lead to code execution.\n (CVE-2014-1542)\n\n - A buffer overflow issue exists in the Gamepad API that could lead to code execution. Note that this issue only affects Firefox 29 on Windows 8 when a physical or virtual gamepad is attached. (CVE-2014-1543)", "modified": "2014-07-26T00:00:00", "id": "MOZILLA_FIREFOX_30.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74440", "published": "2014-06-11T00:00:00", "title": "Firefox < 30.0 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74440);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2014/07/26 00:30:55 $\");\n\n script_cve_id(\n \"CVE-2014-1533\",\n \"CVE-2014-1534\",\n \"CVE-2014-1536\",\n \"CVE-2014-1537\",\n \"CVE-2014-1538\",\n \"CVE-2014-1540\",\n \"CVE-2014-1541\",\n \"CVE-2014-1542\",\n \"CVE-2014-1543\"\n );\n script_bugtraq_id(\n 67964,\n 67965,\n 67966,\n 67968,\n 67969,\n 67971,\n 67976,\n 67978,\n 67979\n );\n\n script_name(english:\"Firefox < 30.0 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox installed on the remote host is a version prior\nto 30.0 and is, therefore, affected by the following vulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code\n execution. Note that these issues only affect Firefox\n 29. (CVE-2014-1533, CVE-2014-1534)\n\n - An out-of-bounds read issue exists in\n 'PropertyProvider::FindJustificationRange'.\n (CVE-2014-1536)\n\n - Use-after-free memory issues exist in\n 'mozilla::dom::workers::WorkerPrivateParent',\n 'nsTextEditRules::CreateMozBR', and the SMIL Animation\n Controller that could lead to code execution.\n (CVE-2014-1537, CVE-2014-1538, CVE-2014-1541)\n\n - A use-after-free memory issue exists in the event\n listener manager. Note that this issue only affects\n Firefox 29. (CVE-2014-1540)\n\n - A buffer overflow issue exists in the Speex resampler\n for Web Audio that could lead to code execution.\n (CVE-2014-1542)\n\n - A buffer overflow issue exists in the Gamepad API that\n could lead to code execution. Note that this issue\n only affects Firefox 29 on Windows 8 when a physical or\n virtual gamepad is attached. (CVE-2014-1543)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-48.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-49.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-51.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-52.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-53.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-54.html\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 30.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'30.0', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:21:16", "bulletinFamily": "scanner", "description": "The version of Thunderbird installed on the remote Mac OS X host is a version prior to 24.6. It is, therefore, affected by the following vulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code execution. (CVE-2014-1533, CVE-2014-1534)\n\n - An out-of-bounds read issue exists in 'PropertyProvider::FindJustificationRange'.\n (CVE-2014-1536)\n\n - Use-after-free memory issues exist in 'mozilla::dom::workers::WorkerPrivateParent', 'nsTextEditRules::CreateMozBR', and the SMIL Animation Controller that could lead to code execution.\n (CVE-2014-1537, CVE-2014-1538, CVE-2014-1541)", "modified": "2014-07-26T00:00:00", "id": "MACOSX_THUNDERBIRD_24_6.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74438", "published": "2014-06-11T00:00:00", "title": "Thunderbird < 24.6 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74438);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2014/07/26 00:30:55 $\");\n\n script_cve_id(\n \"CVE-2014-1533\",\n \"CVE-2014-1534\",\n \"CVE-2014-1536\",\n \"CVE-2014-1537\",\n \"CVE-2014-1538\",\n \"CVE-2014-1541\"\n );\n script_bugtraq_id(67964, 67965, 67966, 67971, 67976, 67979);\n\n script_name(english:\"Thunderbird < 24.6 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version of Thunderbird.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a mail client that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Thunderbird installed on the remote Mac OS X host is a\nversion prior to 24.6. It is, therefore, affected by the following\nvulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code\n execution. (CVE-2014-1533, CVE-2014-1534)\n\n - An out-of-bounds read issue exists in\n 'PropertyProvider::FindJustificationRange'.\n (CVE-2014-1536)\n\n - Use-after-free memory issues exist in\n 'mozilla::dom::workers::WorkerPrivateParent',\n 'nsTextEditRules::CreateMozBR', and the SMIL Animation\n Controller that could lead to code execution.\n (CVE-2014-1537, CVE-2014-1538, CVE-2014-1541)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-48.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-49.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-52.html\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Thunderbird 24.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_thunderbird_installed.nasl\");\n script_require_keys(\"MacOSX/Thunderbird/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Thunderbird\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Thunderbird install is in the ESR branch.');\n\nmozilla_check_version(product:'thunderbird', version:version, path:path, esr:FALSE, fix:'24.6', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:21:16", "bulletinFamily": "scanner", "description": "The version of Thunderbird installed on the remote host is a version prior to 24.6 and is, therefore, affected by the following vulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code execution. (CVE-2014-1533, CVE-2014-1534)\n\n - An out-of-bounds read issue exists in 'PropertyProvider::FindJustificationRange'.\n (CVE-2014-1536)\n\n - Use-after-free memory issues exist in 'mozilla::dom::workers::WorkerPrivateParent', 'nsTextEditRules::CreateMozBR', and the SMIL Animation Controller that could lead to code execution.\n (CVE-2014-1537, CVE-2014-1538, CVE-2014-1541)", "modified": "2014-07-26T00:00:00", "id": "MOZILLA_THUNDERBIRD_24_6.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74441", "published": "2014-06-11T00:00:00", "title": "Mozilla Thunderbird < 24.6 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74441);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2014/07/26 00:30:55 $\");\n\n script_cve_id(\n \"CVE-2014-1533\",\n \"CVE-2014-1534\",\n \"CVE-2014-1536\",\n \"CVE-2014-1537\",\n \"CVE-2014-1538\",\n \"CVE-2014-1541\"\n );\n script_bugtraq_id(67964, 67965, 67966, 67971, 67976, 67979);\n\n script_name(english:\"Mozilla Thunderbird < 24.6 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Thunderbird.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a mail client that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Thunderbird installed on the remote host is a version\nprior to 24.6 and is, therefore, affected by the following\nvulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code\n execution. (CVE-2014-1533, CVE-2014-1534)\n\n - An out-of-bounds read issue exists in\n 'PropertyProvider::FindJustificationRange'.\n (CVE-2014-1536)\n\n - Use-after-free memory issues exist in\n 'mozilla::dom::workers::WorkerPrivateParent',\n 'nsTextEditRules::CreateMozBR', and the SMIL Animation\n Controller that could lead to code execution.\n (CVE-2014-1537, CVE-2014-1538, CVE-2014-1541)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-48.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-49.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-52.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Thunderbird 24.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'24.6', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:21:16", "bulletinFamily": "scanner", "description": "The Mozilla Project reports :\n\nMFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)\n\nMFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer\n\nMFSA 2014-51 Use-after-free in Event Listener Manager\n\nMFSA 2014-52 Use-after-free with SMIL Animation Controller\n\nMFSA 2014-53 Buffer overflow in Web Audio Speex resampler\n\nMFSA 2014-54 Buffer overflow in Gamepad API\n\nMFSA 2014-55 Out of bounds write in NSPR", "modified": "2018-11-21T00:00:00", "id": "FREEBSD_PKG_888A0262F0D911E3BA0CB4B52FCE4CE8.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74444", "published": "2014-06-11T00:00:00", "title": "FreeBSD : mozilla -- multiple vulnerabilities (888a0262-f0d9-11e3-ba0c-b4b52fce4ce8)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74444);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/21 10:46:31\");\n\n script_cve_id(\"CVE-2014-1533\", \"CVE-2014-1534\", \"CVE-2014-1536\", \"CVE-2014-1537\", \"CVE-2014-1540\", \"CVE-2014-1541\", \"CVE-2014-1542\", \"CVE-2014-1543\", \"CVE-2014-1545\");\n\n script_name(english:\"FreeBSD : mozilla -- multiple vulnerabilities (888a0262-f0d9-11e3-ba0c-b4b52fce4ce8)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla Project reports :\n\nMFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)\n\nMFSA 2014-49 Use-after-free and out of bounds issues found using\nAddress Sanitizer\n\nMFSA 2014-51 Use-after-free in Event Listener Manager\n\nMFSA 2014-52 Use-after-free with SMIL Animation Controller\n\nMFSA 2014-53 Buffer overflow in Web Audio Speex resampler\n\nMFSA 2014-54 Buffer overflow in Gamepad API\n\nMFSA 2014-55 Out of bounds write in NSPR\"\n );\n # https://www.mozilla.org/security/announce/2014/mfsa2014-48.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-48/\"\n );\n # https://www.mozilla.org/security/announce/2014/mfsa2014-49.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-49/\"\n );\n # https://www.mozilla.org/security/announce/2014/mfsa2014-51.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-51/\"\n );\n # https://www.mozilla.org/security/announce/2014/mfsa2014-52.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-52/\"\n );\n # https://www.mozilla.org/security/announce/2014/mfsa2014-53.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-53/\"\n );\n # https://www.mozilla.org/security/announce/2014/mfsa2014-54.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-54/\"\n );\n # https://www.mozilla.org/security/announce/2014/mfsa2014-55.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-55/\"\n );\n # https://vuxml.freebsd.org/freebsd/888a0262-f0d9-11e3-ba0c-b4b52fce4ce8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?379c63f6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox<30.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"firefox-esr<24.6.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<2.26.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<30.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey<2.26.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-thunderbird<24.6.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"nspr<4.10.6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<24.6.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:21:56", "bulletinFamily": "scanner", "description": "mozilla-nspr was updated to version 4.10.6 to fix one security issue :\n\n - OOB write with sprintf and console functions (CVE-2014-1545)\n\nMozillaFirefox was updated to version 30.0 to fix eight security issues :\n\n - Miscellaneous memory safety hazards (CVE-2014-1533/CVE-2014-1534)\n\n - Use-after-free and out of bounds issues found using Address Sanitizer (CVE-2014-1536/CVE-2014-1537/CVE-2014-1538)\n\n - Use-after-free in Event Listener Manager (CVE-2014-1540)\n\n - Use-after-free with SMIL Animation Controller (CVE-2014-1541)\n\n - Buffer overflow in Web Audio Speex resampler (CVE-2014-1542)\n\nSeveral non-security bugs were also fixed in this release.", "modified": "2018-11-10T00:00:00", "id": "OPENSUSE-2014-432.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76181", "published": "2014-06-23T00:00:00", "title": "openSUSE Security Update : MozillaFirefox / mozilla-nspr (openSUSE-SU-2014:0819-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-432.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76181);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/10 11:50:02\");\n\n script_cve_id(\"CVE-2014-1533\", \"CVE-2014-1534\", \"CVE-2014-1536\", \"CVE-2014-1537\", \"CVE-2014-1538\", \"CVE-2014-1539\", \"CVE-2014-1540\", \"CVE-2014-1541\", \"CVE-2014-1542\", \"CVE-2014-1543\", \"CVE-2014-1545\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox / mozilla-nspr (openSUSE-SU-2014:0819-1)\");\n script_summary(english:\"Check for the openSUSE-2014-432 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"mozilla-nspr was updated to version 4.10.6 to fix one security issue :\n\n - OOB write with sprintf and console functions\n (CVE-2014-1545)\n\nMozillaFirefox was updated to version 30.0 to fix eight security\nissues :\n\n - Miscellaneous memory safety hazards\n (CVE-2014-1533/CVE-2014-1534)\n\n - Use-after-free and out of bounds issues found using\n Address Sanitizer\n (CVE-2014-1536/CVE-2014-1537/CVE-2014-1538)\n\n - Use-after-free in Event Listener Manager (CVE-2014-1540)\n\n - Use-after-free with SMIL Animation Controller\n (CVE-2014-1541)\n\n - Buffer overflow in Web Audio Speex resampler\n (CVE-2014-1542)\n\nSeveral non-security bugs were also fixed in this release.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=881874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox / mozilla-nspr packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaFirefox-30.0-1.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaFirefox-branding-upstream-30.0-1.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaFirefox-buildsymbols-30.0-1.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaFirefox-debuginfo-30.0-1.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaFirefox-debugsource-30.0-1.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaFirefox-devel-30.0-1.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaFirefox-translations-common-30.0-1.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaFirefox-translations-other-30.0-1.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libfreebl3-3.16-1.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libfreebl3-debuginfo-3.16-1.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libsoftokn3-3.16-1.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libsoftokn3-debuginfo-3.16-1.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"mozilla-nspr-4.10.6-1.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"mozilla-nspr-debuginfo-4.10.6-1.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"mozilla-nspr-debugsource-4.10.6-1.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"mozilla-nspr-devel-4.10.6-1.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"mozilla-nss-3.16-1.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"mozilla-nss-certs-3.16-1.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"mozilla-nss-certs-debuginfo-3.16-1.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"mozilla-nss-debuginfo-3.16-1.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"mozilla-nss-debugsource-3.16-1.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"mozilla-nss-devel-3.16-1.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"mozilla-nss-sysinit-3.16-1.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"mozilla-nss-sysinit-debuginfo-3.16-1.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"mozilla-nss-tools-3.16-1.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"mozilla-nss-tools-debuginfo-3.16-1.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.16-1.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.16-1.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.16-1.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.16-1.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.10.6-1.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.10.6-1.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.16-1.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.16-1.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.16-1.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.16-1.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.16-1.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.16-1.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-30.0-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-branding-upstream-30.0-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-buildsymbols-30.0-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debuginfo-30.0-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debugsource-30.0-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-devel-30.0-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-common-30.0-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-other-30.0-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-3.16-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-debuginfo-3.16-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-3.16-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-debuginfo-3.16-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nspr-4.10.6-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nspr-debuginfo-4.10.6-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nspr-debugsource-4.10.6-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nspr-devel-4.10.6-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-3.16-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-3.16-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-debuginfo-3.16-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debuginfo-3.16-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debugsource-3.16-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-devel-3.16-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-3.16-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.16-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-3.16-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-debuginfo-3.16-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.16-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.16-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.16-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.16-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.10.6-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.10.6-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.16-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.16-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.16-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.16-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.16-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.16-23.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / mozilla-nspr\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:22:00", "bulletinFamily": "scanner", "description": "seamonkey was updated to version 2.26.1 to fix nine security issues.\n\nThese security issues were fixed :\n\n - Miscellaneous memory safety hazards (CVE-2014-1533/CVE-2014-1534)\n\n - Use-after-free and out of bounds issues found using Address Sanitizer (CVE-2014-1536/CVE-2014-1537/CVE-2014-1538)\n\n - Use-after-free in Event Listener Manager (CVE-2014-1540)\n\n - Use-after-free with SMIL Animation Controller (CVE-2014-1541)\n\n - Buffer overflow in Web Audio Speex resampler (CVE-2014-1542)\n\n - Out of bounds write in NSPR (CVE-2014-1545)", "modified": "2018-11-10T00:00:00", "id": "OPENSUSE-2014-448.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76339", "published": "2014-07-02T00:00:00", "title": "openSUSE Security Update : seamonkey (openSUSE-SU-2014:0855-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-448.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76339);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/10 11:50:02\");\n\n script_cve_id(\"CVE-2014-1533\", \"CVE-2014-1534\", \"CVE-2014-1536\", \"CVE-2014-1537\", \"CVE-2014-1538\", \"CVE-2014-1539\", \"CVE-2014-1540\", \"CVE-2014-1541\", \"CVE-2014-1542\", \"CVE-2014-1543\", \"CVE-2014-1545\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (openSUSE-SU-2014:0855-1)\");\n script_summary(english:\"Check for the openSUSE-2014-448 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"seamonkey was updated to version 2.26.1 to fix nine security issues.\n\nThese security issues were fixed :\n\n - Miscellaneous memory safety hazards\n (CVE-2014-1533/CVE-2014-1534)\n\n - Use-after-free and out of bounds issues found using\n Address Sanitizer\n (CVE-2014-1536/CVE-2014-1537/CVE-2014-1538)\n\n - Use-after-free in Event Listener Manager (CVE-2014-1540)\n\n - Use-after-free with SMIL Animation Controller\n (CVE-2014-1541)\n\n - Buffer overflow in Web Audio Speex resampler\n (CVE-2014-1542)\n\n - Out of bounds write in NSPR (CVE-2014-1545)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=881874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"seamonkey-2.26.1-1.53.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"seamonkey-debuginfo-2.26.1-1.53.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"seamonkey-debugsource-2.26.1-1.53.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"seamonkey-dom-inspector-2.26.1-1.53.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"seamonkey-irc-2.26.1-1.53.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"seamonkey-translations-common-2.26.1-1.53.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"seamonkey-translations-other-2.26.1-1.53.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"seamonkey-venkman-2.26.1-1.53.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-2.26.1-28.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-debuginfo-2.26.1-28.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-debugsource-2.26.1-28.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-dom-inspector-2.26.1-28.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-irc-2.26.1-28.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-translations-common-2.26.1-28.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-translations-other-2.26.1-28.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-venkman-2.26.1-28.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:21:56", "bulletinFamily": "scanner", "description": "Mozilla Firefox was updated to version 24.6.0 to fix six security issues :\n\n - Miscellaneous memory safety hazards. (CVE-2014-1533 / CVE-2014-1534)\n\n - Use-after-free and out of bounds issues found using Address Sanitizer. (CVE-2014-1536 / CVE-2014-1537 / CVE-2014-1538)\n\n - Use-after-free with SMIL Animation Controller.\n (CVE-2014-1541) mozilla-nspr was updated to version 4.10.6 to fix one security issue :\n\n - Out of bounds write in NSPR. (CVE-2014-1545) Further information can be found at https://www.mozilla.org/security/announce/ .", "modified": "2014-07-26T00:00:00", "id": "SUSE_11_FIREFOX-2014-06-140612.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76188", "published": "2014-06-23T00:00:00", "title": "SuSE 11.3 Security Update : MozillaFirefox (SAT Patch Number 9370)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76188);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2014/07/26 00:30:55 $\");\n\n script_cve_id(\"CVE-2014-1533\", \"CVE-2014-1534\", \"CVE-2014-1536\", \"CVE-2014-1537\", \"CVE-2014-1538\", \"CVE-2014-1541\", \"CVE-2014-1545\");\n\n script_name(english:\"SuSE 11.3 Security Update : MozillaFirefox (SAT Patch Number 9370)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was updated to version 24.6.0 to fix six security\nissues :\n\n - Miscellaneous memory safety hazards. (CVE-2014-1533 /\n CVE-2014-1534)\n\n - Use-after-free and out of bounds issues found using\n Address Sanitizer. (CVE-2014-1536 / CVE-2014-1537 /\n CVE-2014-1538)\n\n - Use-after-free with SMIL Animation Controller.\n (CVE-2014-1541) mozilla-nspr was updated to version\n 4.10.6 to fix one security issue :\n\n - Out of bounds write in NSPR. (CVE-2014-1545) Further\n information can be found at\n https://www.mozilla.org/security/announce/ .\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=881874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1533.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1534.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1536.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1537.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1538.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1541.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1545.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9370.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-branding-SLED\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nspr-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-24.6.0esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-branding-SLED-24-0.7.48\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-translations-24.6.0esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libfreebl3-3.16.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libsoftokn3-3.16.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"mozilla-nspr-4.10.6-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"mozilla-nss-3.16.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"mozilla-nss-tools-3.16.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-24.6.0esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-branding-SLED-24-0.7.48\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-24.6.0esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libfreebl3-3.16.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.16.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libsoftokn3-3.16.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.16.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nspr-4.10.6-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.10.6-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nss-3.16.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.16.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nss-tools-3.16.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"MozillaFirefox-24.6.0esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"MozillaFirefox-branding-SLED-24-0.7.48\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"MozillaFirefox-translations-24.6.0esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libfreebl3-3.16.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libsoftokn3-3.16.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"mozilla-nspr-4.10.6-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"mozilla-nss-3.16.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"mozilla-nss-tools-3.16.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libfreebl3-32bit-3.16.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libsoftokn3-32bit-3.16.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"mozilla-nspr-32bit-4.10.6-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"mozilla-nss-32bit-3.16.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.16.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.16.1-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.10.6-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.16.1-0.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:36", "bulletinFamily": "unix", "description": "Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey, Jesse Ruderman, Gregor Wagner, Benoit Jacob and Karl Tomlinson discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1533, CVE-2014-1534)\n\nAbhishek Arya discovered multiple use-after-free and out-of-bounds read issues in Firefox. An attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1536, CVE-2014-1537, CVE-2014-1538)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in the event listener manager. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1540)\n\nA use-after-free was discovered in the SMIL animation controller. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1541)\n\nHolger Fuhrmannek discovered a buffer overflow in Web Audio. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1542)", "modified": "2014-06-11T00:00:00", "published": "2014-06-11T00:00:00", "id": "USN-2243-1", "href": "https://usn.ubuntu.com/2243-1/", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:23:07", "bulletinFamily": "unix", "description": "Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden and Kyle Huey discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1533)\n\nAbhishek Arya discovered multiple use-after-free and out-of-bounds read issues in Thunderbird. If a user had enabled scripting, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Thunderbird. (CVE-2014-1538)\n\nA use-after-free was discovered in the SMIL animation controller. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Thunderbird. (CVE-2014-1541)", "modified": "2014-06-19T00:00:00", "published": "2014-06-19T00:00:00", "id": "USN-2250-1", "href": "https://usn.ubuntu.com/2250-1/", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-07-19T22:14:14", "bulletinFamily": "scanner", "description": "This host is installed with Mozilla Firefox and is prone to multiple\nvulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2014-07-01T00:00:00", "id": "OPENVAS:1361412562310804702", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804702", "title": "Mozilla Firefox Multiple Vulnerabilities-01 July14 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_mult_vuln01_jul14_win.nasl 38580 2014-07-01 13:15:10Z jul$\n#\n# Mozilla Firefox Multiple Vulnerabilities-01 July14 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804702\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2014-1533\", \"CVE-2014-1534\", \"CVE-2014-1536\", \"CVE-2014-1537\",\n \"CVE-2014-1538\", \"CVE-2014-1540\", \"CVE-2014-1541\", \"CVE-2014-1542\",\n \"CVE-2014-1543\");\n script_bugtraq_id(67965, 67964, 67966, 67971, 67976, 67978, 67979, 67968, 67969);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-07-01 13:15:10 +0530 (Tue, 01 Jul 2014)\");\n script_name(\"Mozilla Firefox Multiple Vulnerabilities-01 July14 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An error in the 'PropertyProvider::FindJustificationRange()' function.\n\n - An error in the 'navigator.getGamepads()' method within the Gamepad API.\n\n - A use-after-free error in the 'mozilla::dom::workers::WorkerPrivateParent' class.\n\n - A use-after-free error in the 'nsEventListenerManager::CompileEventHandlerInternal()'\n function.\n\n - A boundary error related to AudioBuffer channel counts and sample rate range\n within the Web Audio Speex resampler.\n\n - And some unspecified errors exist.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct clickjacking attacks\nand compromise a user's system.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 30.0 on Windows\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 30.0 or later.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/59171\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-48.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"30.0\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:14:19", "bulletinFamily": "scanner", "description": "This host is installed with Mozilla Firefox and is prone to multiple\nvulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2014-07-01T00:00:00", "id": "OPENVAS:1361412562310804703", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804703", "title": "Mozilla Firefox Multiple Vulnerabilities-01 July14 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_mult_vuln01_jul14_macosx.nasl 38580 2014-07-01 13:15:10Z jul$\n#\n# Mozilla Firefox Multiple Vulnerabilities-01 July14 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804703\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2014-1533\", \"CVE-2014-1534\", \"CVE-2014-1536\", \"CVE-2014-1537\",\n \"CVE-2014-1538\", \"CVE-2014-1539\", \"CVE-2014-1540\", \"CVE-2014-1541\",\n \"CVE-2014-1542\", \"CVE-2014-1543\");\n script_bugtraq_id(67965, 67964, 67966, 67967, 67971,\n 67976, 67978, 67979, 67968, 67969);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-07-01 13:58:34 +0530 (Tue, 01 Jul 2014)\");\n script_name(\"Mozilla Firefox Multiple Vulnerabilities-01 July14 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An error in the 'PropertyProvider::FindJustificationRange()' function.\n\n - An error in the 'navigator.getGamepads()' method within the Gamepad API.\n\n - An error when handling cursor rendering related to an embedded flash object\n\n - A use-after-free error in the 'mozilla::dom::workers::WorkerPrivateParent' class.\n\n - A use-after-free error in the 'nsEventListenerManager::CompileEventHandlerInternal()'\n function.\n\n - A boundary error related to AudioBuffer channel counts and sample rate range\n within the Web Audio Speex resampler.\n\n - And some unspecified errors exist.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct clickjacking attacks\nand compromise a user's system.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 30.0 on Mac OS X\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 30.0 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/59171\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-48.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"30.0\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:22", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310850984", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850984", "title": "SuSE Update for MozillaFirefox SUSE-SU-2014:0824-3 (MozillaFirefox)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0824_3.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for MozillaFirefox SUSE-SU-2014:0824-3 (MozillaFirefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850984\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 16:11:07 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-1533\", \"CVE-2014-1534\", \"CVE-2014-1536\", \"CVE-2014-1537\", \"CVE-2014-1538\", \"CVE-2014-1541\", \"CVE-2014-1545\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for MozillaFirefox SUSE-SU-2014:0824-3 (MozillaFirefox)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MozillaFirefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"MozillaFirefox was updated to version 24.6.0 to fix six security issues:\n\n * Miscellaneous memory safety hazards. (CVE-2014-1533, CVE-2014-1534)\n\n * Use-after-free and out of bounds issues found using Address\n Sanitizer. (CVE-2014-1536, CVE-2014-1537, CVE-2014-1538)\n\n * Use-after-free with SMIL Animation Controller. (CVE-2014-1541)\n\n mozilla-nspr was updated to version 4.10.6 to fix one security issue:\n\n * Out of bounds write in NSPR. (CVE-2014-1545)\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/security/announce/\");\n\n script_tag(name:\"affected\", value:\"MozillaFirefox on SUSE Linux Enterprise Server 11 SP2 LTSS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0824_3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLES11.0SP2\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~24.6.0esr~0.3.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-SLED-24\", rpm:\"MozillaFirefox-branding-SLED-24~0.4.10.24\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~24.6.0esr~0.3.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.16.1~0.3.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr\", rpm:\"mozilla-nspr~4.10.6~0.3.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-devel\", rpm:\"mozilla-nspr-devel~4.10.6~0.3.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.16.1~0.3.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-devel\", rpm:\"mozilla-nss-devel~3.16.1~0.3.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.16.1~0.3.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.16.1~0.3.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-32bit\", rpm:\"mozilla-nspr-32bit~4.10.6~0.3.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.16.1~0.3.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:04", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-10-13T00:00:00", "id": "OPENVAS:1361412562310850804", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850804", "title": "SuSE Update for MozillaFirefox SUSE-SU-2014:0824-1 (MozillaFirefox)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0824_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for MozillaFirefox SUSE-SU-2014:0824-1 (MozillaFirefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850804\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:01 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2014-1533\", \"CVE-2014-1534\", \"CVE-2014-1536\", \"CVE-2014-1537\",\n \"CVE-2014-1538\", \"CVE-2014-1541\", \"CVE-2014-1545\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for MozillaFirefox SUSE-SU-2014:0824-1 (MozillaFirefox)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MozillaFirefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"MozillaFirefox was updated to version 24.6.0 to fix six security issues:\n\n * Miscellaneous memory safety hazards. (CVE-2014-1533, CVE-2014-1534)\n\n * Use-after-free and out of bounds issues found using Address\n Sanitizer. (CVE-2014-1536, CVE-2014-1537, CVE-2014-1538)\n\n * Use-after-free with SMIL Animation Controller. (CVE-2014-1541)\n\n mozilla-nspr was updated to version 4.10.6 to fix one security issue:\n\n * Out of bounds write in NSPR. (CVE-2014-1545)\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/security/announce/\");\n\n script_tag(name:\"affected\", value:\"MozillaFirefox on SUSE Linux Enterprise Server 11 SP3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0824_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLES11.0SP3\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~24.6.0esr~0.8.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-SLED-24\", rpm:\"MozillaFirefox-branding-SLED-24~0.7.48\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~24.6.0esr~0.8.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.16.1~0.8.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3\", rpm:\"libsoftokn3~3.16.1~0.8.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr\", rpm:\"mozilla-nspr~4.10.6~0.3.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.16.1~0.8.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.16.1~0.8.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.16.1~0.8.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-32bit\", rpm:\"libsoftokn3-32bit~3.16.1~0.8.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-32bit\", rpm:\"mozilla-nspr-32bit~4.10.6~0.3.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.16.1~0.8.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-x86\", rpm:\"libfreebl3-x86~3.16.1~0.8.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-x86\", rpm:\"libsoftokn3-x86~3.16.1~0.8.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-x86\", rpm:\"mozilla-nspr-x86~4.10.6~0.3.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-x86\", rpm:\"mozilla-nss-x86~3.16.1~0.8.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:25", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310851066", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851066", "title": "SuSE Update for MozillaFirefox SUSE-SU-2014:0824-2 (MozillaFirefox)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0824_2.nasl 12387 2018-11-16 14:06:23Z cfischer $\n#\n# SuSE Update for MozillaFirefox SUSE-SU-2014:0824-2 (MozillaFirefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851066\");\n script_version(\"$Revision: 12387 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 15:06:23 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 19:19:54 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-1533\", \"CVE-2014-1534\", \"CVE-2014-1536\", \"CVE-2014-1537\",\n \"CVE-2014-1538\", \"CVE-2014-1541\", \"CVE-2014-1545\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for MozillaFirefox SUSE-SU-2014:0824-2 (MozillaFirefox)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MozillaFirefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"MozillaFirefox was updated to version 24.6.0 to fix six security issues:\n\n * Miscellaneous memory safety hazards. (CVE-2014-1533, CVE-2014-1534)\n\n * Use-after-free and out of bounds issues found using Address\n Sanitizer. (CVE-2014-1536, CVE-2014-1537, CVE-2014-1538)\n\n * Use-after-free with SMIL Animation Controller. (CVE-2014-1541)\n\n mozilla-nspr was updated to version 4.10.6 to fix one security issue:\n\n * Out of bounds write in NSPR. (CVE-2014-1545)\n\n Special Instructions and Notes:\n\n Please reboot the system after installing this update.\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/security/announce/\");\n\n script_tag(name:\"affected\", value:\"MozillaFirefox on SUSE Linux Enterprise Server 11 SP1 LTSS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0824_2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP1\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLES11.0SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~24.6.0esr~0.3.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-SLED-24\", rpm:\"MozillaFirefox-branding-SLED-24~0.4.10.24\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~24.6.0esr~0.3.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.16.1~0.3.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr\", rpm:\"mozilla-nspr~4.10.6~0.3.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.16.1~0.3.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.16.1~0.3.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.16.1~0.3.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-32bit\", rpm:\"mozilla-nspr-32bit~4.10.6~0.3.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.16.1~0.3.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:39", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2014-06-17T00:00:00", "id": "OPENVAS:1361412562310850592", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850592", "title": "SuSE Update for Mozilla openSUSE-SU-2014:0797-1 (Mozilla)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0797_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for Mozilla openSUSE-SU-2014:0797-1 (Mozilla)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850592\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-17 10:04:47 +0530 (Tue, 17 Jun 2014)\");\n script_cve_id(\"CVE-2014-1533\", \"CVE-2014-1534\", \"CVE-2014-1536\", \"CVE-2014-1537\",\n \"CVE-2014-1538\", \"CVE-2014-1541\", \"CVE-2014-1545\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Update for Mozilla openSUSE-SU-2014:0797-1 (Mozilla)\");\n script_tag(name:\"affected\", value:\"Mozilla on openSUSE 11.4\");\n script_tag(name:\"insight\", value:\"These updates contain the latest security and maintenance updates for\n\n - Mozilla Firefox 24.6esr\n\n - Mozilla Thunderbird 24.6\n\n - Mozilla NSPR is also updated to 4.10.6\n\n to fix\n\n * MFSA 2014-48/CVE-2014-1533/CVE-2014-1534 Miscellaneous memory safety\n hazards\n\n * MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538 Use-after-free\n and out of bounds issues found using Address Sanitizer\n\n * MFSA 2014-52/CVE-2014-1541 Use-after-free with SMIL Animation Controller\n\n * MFSA 2014-55/CVE-2014-1545 Out of bounds write in NSPR\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:0797_1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Mozilla'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE11\\.4\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~24.6.0~115.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~24.6.0~115.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~24.6.0~115.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~24.6.0~115.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~24.6.0~115.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~24.6.0~115.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~24.6.0~115.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~24.6.0~115.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~24.6.0~97.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-buildsymbols\", rpm:\"MozillaThunderbird-buildsymbols~24.6.0~97.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-debuginfo\", rpm:\"MozillaThunderbird-debuginfo~24.6.0~97.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-debugsource\", rpm:\"MozillaThunderbird-debugsource~24.6.0~97.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~24.6.0~97.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~24.6.0~97.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~24.6.0~97.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"enigmail\", rpm:\"enigmail~1.6.0+24.6.0~97.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr\", rpm:\"mozilla-nspr~4.10.6~44.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-debuginfo\", rpm:\"mozilla-nspr-debuginfo~4.10.6~44.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-debugsource\", rpm:\"mozilla-nspr-debugsource~4.10.6~44.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-devel\", rpm:\"mozilla-nspr-devel~4.10.6~44.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-32bit\", rpm:\"mozilla-nspr-32bit~4.10.6~44.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-debuginfo-32bit\", rpm:\"mozilla-nspr-debuginfo-32bit~4.10.6~44.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-debuginfo-x86\", rpm:\"mozilla-nspr-debuginfo-x86~4.10.6~44.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-x86\", rpm:\"mozilla-nspr-x86~4.10.6~44.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:26", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-06-17T00:00:00", "id": "OPENVAS:1361412562310881950", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881950", "title": "CentOS Update for firefox CESA-2014:0741 centos5", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2014:0741 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881950\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-17 10:03:34 +0530 (Tue, 17 Jun 2014)\");\n script_cve_id(\"CVE-2014-1533\", \"CVE-2014-1538\", \"CVE-2014-1541\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for firefox CESA-2014:0741 centos5\");\n\n script_tag(name:\"affected\", value:\"firefox on CentOS 5\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner\nprovides the XUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Gary Kwong, Christoph Diehl, Christian Holler, Hannes\nVerschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey,\nAbhishek Arya, and Nils as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 24.6.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 24.6.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0741\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-June/020361.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~24.6.0~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:14:40", "bulletinFamily": "scanner", "description": "This host is installed with Mozilla Firefox ESR and is prone to multiple\nvulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2014-07-01T00:00:00", "id": "OPENVAS:1361412562310804705", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804705", "title": "Mozilla Firefox ESR Multiple Vulnerabilities-01 July14 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_esr_mult_vuln01_jul14_macosx.nasl 38580 2014-07-01 14:04:43Z jul$\n#\n# Mozilla Firefox ESR Multiple Vulnerabilities-01 July14 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804705\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2014-1533\", \"CVE-2014-1538\", \"CVE-2014-1541\");\n script_bugtraq_id(67965, 67976, 67979);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-07-01 15:31:57 +0530 (Tue, 01 Jul 2014)\");\n script_name(\"Mozilla Firefox ESR Multiple Vulnerabilities-01 July14 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox ESR and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - A use-after-free error in the 'nsTextEditRules::CreateMozBR()' function.\n\n - A use-after-free error in the 'RefreshDriverTimer::TickDriver()' function\n within the MIL Animation Controller.\n\n - And some unspecified errors exist.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to compromise a user's system.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version 24.x before 24.6 on Mac OS X\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 24.6 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/59170\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-48.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox-ESR/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(ffVer =~ \"^24\\.\" && version_in_range(version:ffVer,\n test_version:\"24.0\", test_version2:\"24.5\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:33", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-06-17T00:00:00", "id": "OPENVAS:1361412562310871178", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871178", "title": "RedHat Update for thunderbird RHSA-2014:0742-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2014:0742-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871178\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-17 10:06:54 +0530 (Tue, 17 Jun 2014)\");\n script_cve_id(\"CVE-2014-1533\", \"CVE-2014-1538\", \"CVE-2014-1541\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for thunderbird RHSA-2014:0742-01\");\n\n\n script_tag(name:\"affected\", value:\"thunderbird on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Gary Kwong, Christoph Diehl, Christian Holler, Hannes\nVerschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey,\nAbhishek Arya, and Nils as the original reporters of these issues.\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 24.6.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 24.6.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0742-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-June/msg00031.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~24.6.0~1.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~24.6.0~1.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:12", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2014-06-23T00:00:00", "id": "OPENVAS:1361412562310841861", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841861", "title": "Ubuntu Update for thunderbird USN-2250-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2250_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for thunderbird USN-2250-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841861\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-23 16:30:58 +0530 (Mon, 23 Jun 2014)\");\n script_cve_id(\"CVE-2014-1533\", \"CVE-2014-1538\", \"CVE-2014-1541\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for thunderbird USN-2250-1\");\n\n script_tag(name:\"affected\", value:\"thunderbird on Ubuntu 14.04 LTS,\n Ubuntu 13.10,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"Gary Kwong, Christoph Diehl, Christian Holler, Hannes\nVerschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden and Kyle Huey discovered\nmultiple memory safety issues in Thunderbird. If a user were tricked in to\nopening a specially crafted message with scripting enabled, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nThunderbird. (CVE-2014-1533)\n\nAbhishek Arya discovered multiple use-after-free and out-of-bounds read\nissues in Thunderbird. If a user had enabled scripting, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash or execute arbitrary code with the privileges of the user invoking\nThunderbird. (CVE-2014-1538)\n\nA use-after-free was discovered in the SMIL animation controller. If a\nuser had enabled scripting, an attacker could potentially exploit this\nto cause a denial of service via application crash or execute arbitrary\ncode with the privileges of the user invoking Thunderbird. (CVE-2014-1541)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2250-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2250-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|13\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:24.6.0+build1-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:24.6.0+build1-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:24.6.0+build1-0ubuntu0.13.10.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:27", "bulletinFamily": "unix", "description": "\nThe Mozilla Project reports:\n\nMFSA 2014-48 Miscellaneous memory safety hazards\n\t (rv:30.0 / rv:24.6)\nMFSA 2014-49 Use-after-free and out of bounds\n\t issues found using Address Sanitizer\nMFSA 2014-51 Use-after-free in Event Listener\n\t Manager\nMFSA 2014-52 Use-after-free with SMIL Animation\n\t Controller\nMFSA 2014-53 Buffer overflow in Web Audio Speex\n\t resampler\nMFSA 2014-54 Buffer overflow in Gamepad API\nMFSA 2014-55 Out of bounds write in NSPR\n\n", "modified": "2014-06-10T00:00:00", "published": "2014-06-10T00:00:00", "id": "888A0262-F0D9-11E3-BA0C-B4B52FCE4CE8", "href": "https://vuxml.freebsd.org/freebsd/888a0262-f0d9-11e3-ba0c-b4b52fce4ce8.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:55", "bulletinFamily": "software", "description": "Buffer overflows, memory corruptions, clickjacking.", "modified": "2014-06-13T00:00:00", "published": "2014-06-13T00:00:00", "id": "SECURITYVULNS:VULN:13820", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13820", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:57", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities\r\n\r\nEMC Identifier: ESA-2015-002\r\n \t\r\nCVE Identifier: CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-1902, CVE-2012-5885, CVE-2011-3389, CVE-2013-1767, CVE-2012-2137, CVE-2012-6548, CVE-2013-1797, CVE-2013-0231, CVE-2013-1774, CVE-2013-1848, CVE-2013-0311, CVE-2013-2634, CVE-2013-0268, CVE-2013-0913,CVE-2013-1772, CVE-2013-0216, CVE-2013-1792, CVE-2012-6549, CVE-2013-2635, CVE-2013-0914, CVE-2013-1796, CVE-2013-0160, CVE-2013-1860, CVE-2013-0349, CVE-2013-1798, CVE-2013-4242, CVE-2014-0138, CVE-2014-0139, CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139, CVE-2012-6085, CVE-2014-2403, CVE-2014-0446, CVE-2014-0457, CVE-2014-0453, CVE-2014-2412, CVE-2014-2398, CVE-2014-0458, CVE-2014-2397, CVE-2014-0460, CVE-2014-0429, CVE-2014-2428, CVE-2014-2423, CVE-2014-2420, CVE-2014-0448, CVE-2014-0459, CVE-2014-2427, CVE-2014-2414, CVE-2014-0461, CVE-2014-0454, CVE-2014-2422, CVE-2014-0464, CVE-2014-2401, CVE-2014-0456, CVE-2014-0455, CVE-2014-0451, CVE-2014-0449, CVE-2014-0432, CVE-2014-0463, CVE-2014-2410 , CVE-2014-2413, CVE-2014-2421, CVE-2014-2409, CVE-2014-2402, CVE-2014-0452, CVE-2010-5107, CVE-2014-1545, CVE-2014-1541, CVE-2014-1534, CVE-2014-1533, CVE-2014-1536, CVE-2014-1537, CVE-2014-1538, CVE-2013-2005, CVE-2013-2002, CVE-2014-0092, CVE-2014-0015, CVE-2014-4220, CVE-2014-2490, CVE-2014-4266, CVE-2014-4219, CVE-2014-2483, CVE-2014-4263, CVE-2014-4264, CVE-2014-4268, CVE-2014-4252, CVE-2014-4223, CVE-2014-4247, CVE-2014-4218, CVE-2014-4221, CVE-2014-4262, CVE-2014-4227, CVE-2014-4208, CVE-2014-4209, CVE-2014-4265, CVE-2014-4244,\r\nCVE-2014-4216, CVE-2011-0020, CVE-2011-0064, CVE-2014-3638, CVE-2014-3639, CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566, CVE-2014-4330, CVE-2014-3613, CVE-2014-3620, CVE-2015-0512\r\n\r\nSeverity Rating: View details below for CVSSv2 scores\r\n\r\nAffected products: \r\nUnisphere Central versions prior to 4.0\r\n\r\nSummary: \r\nUnisphere Central requires an update to address various security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.\r\n\r\nDetails: \r\nUnisphere Central requires an update to address various security vulnerabilities:\r\n\r\n1.\tUnvalidated Redirect Vulnerability (CVE-2015-0512)\r\n\r\nA potential vulnerability in Unisphere Central may allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The attacker can specify the location of the arbitrary site in the unvalidated parameter of a crafted URL. If this URL is accessed, the browser is redirected to the arbitrary site specified in the parameter.\r\n\r\nCVSSv2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)\r\n\r\n2.\tMultiple Embedded Component Vulnerabilities\r\n\r\nThe following vulnerabilities affecting multiple embedded components were addressed:\r\n\r\n\u2022\tPostgreSQL (CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-1902)\r\n\u2022\tApache Tomcat HTTP Digest Access Bypass (CVE-2012-5885)\r\n\u2022\tSSL3.0/TLS1.0 Weak CBC Mode Vulnerability (CVE-2011-3389)\r\n\u2022\tSUSE Kernel Updates (CVE-2013-1767, CVE-2012-2137, CVE-2012-6548, CVE-2013-1797, CVE-2013-0231,CVE-2013-1774, CVE-2013-1848, CVE-2013-0311, CVE-2013-2634, CVE-2013-0268, CVE-2013-0913, CVE-2013-1772, CVE-2013-0216, CVE-2013-1792, CVE-2012-6549, CVE-2013-2635, CVE-2013-0914, CVE-2013-1796, CVE-2013-0160, CVE-2013-1860, CVE-2013-0349, CVE-2013-1798)\r\n\u2022\tLibgcrypt (CVE-2013-4242)\r\n\u2022\tcURL/libcURL Multiple Vulnerabilities (CVE-2014-0138, CVE-2014-0139, CVE-2014-0015, CVE-2014-3613, CVE-2014-3620)\r\n\u2022\tOpenSSL Multiple Vulnerabilities (CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139, CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566)\r\n\u2022\tGNU Privacy Guard (GPG2) Update (CVE-2012-6085)\r\n\u2022\tJava Runtime Environment (CVE-2014-2403, CVE-2014-0446, CVE-2014-0457, CVE-2014-0453, CVE-2014-2412, CVE-2014-2398, CVE-2014-0458, CVE-2014-2397, CVE-2014-0460, CVE-2014-0429, CVE-2014-2428, CVE-2014-2423, CVE-2014-2420, CVE-2014-0448, CVE-2014-0459, CVE-2014-2427, CVE-2014-2414, CVE-2014-0461, CVE-2014-0454, CVE-2014-2422, CVE-2014-0464, CVE-2014-2401, CVE-2014-0456, CVE-2014-0455, CVE-2014-0451, CVE-2014-0449, CVE-2014-0432, CVE-2014-0463, CVE-2014-2410, CVE-2014-2413, CVE-2014-2421, CVE-2014-2409, CVE-2014-2402, CVE-2014-0452, CVE-2014-4220, CVE-2014-2490, CVE-2014-4266, CVE-2014-4219, CVE-2014-2483, CVE-2014-4263, CVE-2014-4264, CVE-2014-4268, CVE-2014-4252, CVE-2014-4223, CVE-2014-4247, CVE-2014-4218, CVE-2014-4221, CVE-2014-4262, CVE-2014-4227, CVE-2014-4208, CVE-2014-4209, CVE-2014-4265, CVE-2014-4244, CVE-2014-4216)\r\n\u2022\tOpenSSH Denial of Service (CVE-2010-5107)\r\n\u2022\tNetwork Security Services (NSS) Update (CVE-2014-1545, CVE-2014-1541, CVE-2014-1534, CVE-2014-1533, CVE-2014-1536, CVE-2014-1537, CVE-2014-1538)\r\n\u2022\t Xorg-X11 Update (CVE-2013-2005, CVE-2013-2002)\r\n\u2022\tGnuTLS SSL Verification Vulnerability (CVE-2014-0092)\r\n\u2022\tPango Security Update (CVE-2011-0020, CVE-2011-0064)\r\n\u2022\tD-Bus Denial of Service (CVE-2014-3638,CVE-2014-3639)\r\n\u2022\tPerl Denial of Service (CVE-2014-4330)\r\nCVSSv2 Base Score: Refer to NVD (http://nvd.nist.gov) for individual scores for each CVE listed above\r\n\r\nFor more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm. To search for a particular CVE, use the NVD database\u2019s search utility at http://web.nvd.nist.gov/view/vuln/search\r\n\r\nResolution: \r\nThe following Unisphere Central release contains resolutions to the above issues:\r\n\u2022\tUnisphere Central version 4.0.\r\n\r\nEMC strongly recommends all customers upgrade at the earliest opportunity. Contact EMC Unisphere Central customer support to download the required upgrades. \r\n\r\nLink to remedies:\r\nRegistered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/products/28224_Unisphere-Central\r\n\r\n\r\nIf you have any questions, please contact EMC Support.\r\n\r\nRead and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. \r\n\r\n\r\nFor an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.\r\n\r\nEMC Product Security Response Center\r\nsecurity_alert@emc.com\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (Cygwin)\r\n\r\niEYEARECAAYFAlTKSaIACgkQtjd2rKp+ALzINgCg01qlCrN0carogi8MwnbjGNrP\r\n6oIAnRiS6bIIqnGmGN0c+ayX74Qad4vY\r\n=5UIE\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2015-02-02T00:00:00", "published": "2015-02-02T00:00:00", "id": "SECURITYVULNS:DOC:31682", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31682", "title": "ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:42:58", "bulletinFamily": "unix", "description": "MozillaFirefox was updated to version 24.6.0 to fix six security issues:\n\n * Miscellaneous memory safety hazards. (CVE-2014-1533, CVE-2014-1534)\n * Use-after-free and out of bounds issues found using Address\n Sanitizer. (CVE-2014-1536, CVE-2014-1537, CVE-2014-1538)\n * Use-after-free with SMIL Animation Controller. (CVE-2014-1541)\n\n mozilla-nspr was updated to version 4.10.6 to fix one security issue:\n\n * Out of bounds write in NSPR. (CVE-2014-1545)\n\n Further information can be found at\n <a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/\">https://www.mozilla.org/security/announce/</a>\n <<a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/\">https://www.mozilla.org/security/announce/</a>> .\n\n Security Issues references:\n\n * CVE-2014-1533\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1533\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1533</a>>\n * CVE-2014-1534\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1534\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1534</a>>\n * CVE-2014-1536\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1536\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1536</a>>\n * CVE-2014-1537\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1537\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1537</a>>\n * CVE-2014-1538\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1538\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1538</a>>\n * CVE-2014-1541\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541</a>>\n * CVE-2014-1545\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545</a>>\n\n", "modified": "2014-06-21T01:04:47", "published": "2014-06-21T01:04:47", "id": "SUSE-SU-2014:0824-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html", "title": "Security update for MozillaFirefox (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:09:51", "bulletinFamily": "unix", "description": "Mozilla Firefox has been updated to 24.6.0 to fix the following security\n issues:\n\n * Miscellaneous memory safety hazards (CVE-2014-1533/CVE-2014-1534)\n * Use-after-free and out of bounds issues found using Address\n Sanitizer (CVE-2014-1536/CVE-2014-1537/CVE-2014-1538)\n * Use-after-free with SMIL Animation Controller (CVE-2014-1541)\n\n mozilla-nspr has been updated to version 4.10.6 to fix one security issue:\n\n * Out of bounds write in NSPR (CVE-2014-1545)\n\n Further information can be found at\n <a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/\">https://www.mozilla.org/security/announce/</a>\n <<a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/\">https://www.mozilla.org/security/announce/</a>>\n\n Security Issues:\n\n * CVE-2014-1533\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1533\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1533</a>>\n * CVE-2014-1534\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1534\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1534</a>>\n * CVE-2014-1536\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1536\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1536</a>>\n * CVE-2014-1537\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1537\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1537</a>>\n * CVE-2014-1538\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1538\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1538</a>>\n * CVE-2014-1541\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541</a>>\n * CVE-2014-1545\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545</a>>\n\n\n", "modified": "2014-07-17T02:04:25", "published": "2014-07-17T02:04:25", "id": "SUSE-SU-2014:0905-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00011.html", "type": "suse", "title": "Security update for Mozilla Firefox (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:47:11", "bulletinFamily": "unix", "description": "MozillaFirefox was updated to version 24.6.0 to fix six security issues:\n\n * Miscellaneous memory safety hazards. (CVE-2014-1533, CVE-2014-1534)\n * Use-after-free and out of bounds issues found using Address\n Sanitizer. (CVE-2014-1536, CVE-2014-1537, CVE-2014-1538)\n * Use-after-free with SMIL Animation Controller. (CVE-2014-1541)\n\n mozilla-nspr was updated to version 4.10.6 to fix one security issue:\n\n * Out of bounds write in NSPR. (CVE-2014-1545)\n\n Further information can be found at\n <a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/\">https://www.mozilla.org/security/announce/</a>\n <<a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/\">https://www.mozilla.org/security/announce/</a>> .\n\n Security Issues references:\n\n * CVE-2014-1533\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1533\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1533</a>>\n * CVE-2014-1534\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1534\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1534</a>>\n * CVE-2014-1536\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1536\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1536</a>>\n * CVE-2014-1537\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1537\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1537</a>>\n * CVE-2014-1538\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1538\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1538</a>>\n * CVE-2014-1541\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541</a>>\n * CVE-2014-1545\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545</a>>\n\n", "modified": "2014-06-25T00:04:17", "published": "2014-06-25T00:04:17", "id": "SUSE-SU-2014:0824-3", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00027.html", "title": "Security update for MozillaFirefox (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:46:48", "bulletinFamily": "unix", "description": "MozillaFirefox was updated to version 24.6.0 to fix six security issues:\n\n * Miscellaneous memory safety hazards. (CVE-2014-1533, CVE-2014-1534)\n * Use-after-free and out of bounds issues found using Address\n Sanitizer. (CVE-2014-1536, CVE-2014-1537, CVE-2014-1538)\n * Use-after-free with SMIL Animation Controller. (CVE-2014-1541)\n\n mozilla-nspr was updated to version 4.10.6 to fix one security issue:\n\n * Out of bounds write in NSPR. (CVE-2014-1545)\n\n Further information can be found at\n <a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/\">https://www.mozilla.org/security/announce/</a>\n <<a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/\">https://www.mozilla.org/security/announce/</a>> .\n\n Security Issues references:\n\n * CVE-2014-1533\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1533\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1533</a>>\n * CVE-2014-1534\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1534\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1534</a>>\n * CVE-2014-1536\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1536\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1536</a>>\n * CVE-2014-1537\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1537\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1537</a>>\n * CVE-2014-1538\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1538\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1538</a>>\n * CVE-2014-1541\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541</a>>\n * CVE-2014-1545\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545</a>>\n\n", "modified": "2014-06-23T20:09:15", "published": "2014-06-23T20:09:15", "id": "SUSE-SU-2014:0824-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00024.html", "type": "suse", "title": "Security update for MozillaFirefox (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:37:36", "bulletinFamily": "unix", "description": "These updates contain the latest security and maintenance updates for\n - Mozilla Firefox 24.6esr\n - Mozilla Thunderbird 24.6\n - Mozilla NSPR is also updated to 4.10.6\n\n to fix\n * MFSA 2014-48/CVE-2014-1533/CVE-2014-1534 Miscellaneous memory safety\n hazards\n * MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538 Use-after-free\n and out of bounds issues found using Address Sanitizer\n * MFSA 2014-52/CVE-2014-1541 Use-after-free with SMIL Animation Controller\n * MFSA 2014-55/CVE-2014-1545 Out of bounds write in NSPR\n\n", "modified": "2014-06-16T08:04:13", "published": "2014-06-16T08:04:13", "id": "OPENSUSE-SU-2014:0797-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html", "type": "suse", "title": "Mozilla updates 2014/06 (critical)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:21:58", "bulletinFamily": "unix", "description": "This patch contains security updates for\n\n * mozilla-nss 3.16.4\n - The following 1024-bit root CA certificate was restored to allow more\n time to develop a better transition strategy for affected sites. It\n was removed in NSS 3.16.3, but discussion in the\n mozilla.dev.security.policy forum led to the decision to keep this\n root included longer in order to give website administrators more time\n to update their web servers.\n - CN = GTE CyberTrust Global Root\n * In NSS 3.16.3, the 1024-bit "Entrust.net Secure Server Certification\n Authority" root CA certificate was removed. In NSS 3.16.4, a 2048-bit\n intermediate CA certificate has been included, without explicit trust.\n The intention is to mitigate the effects of the previous removal of\n the 1024-bit Entrust.net root certificate, because many public\n Internet sites still use the "USERTrust Legacy Secure Server CA"\n intermediate certificate that is signed by the 1024-bit Entrust.net\n root certificate. The inclusion of the intermediate certificate is a\n temporary measure to allow those sites to function, by allowing them\n to find a trust path to another 2048-bit root CA certificate. The\n temporarily included intermediate certificate expires November 1, 2015.\n\n * Firefox 31.1esr Firefox is updated from 24esr to 31esr as maintenance\n for version 24 stopped\n\n", "modified": "2014-09-09T18:04:16", "published": "2014-09-09T18:04:16", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00004.html", "id": "OPENSUSE-SU-2014:1100-1", "title": "Firefox update to 31.1esr (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.\nPer: http://cwe.mitre.org/data/definitions/416.html\n\n\"CWE-416: Use After Free\"", "modified": "2017-12-28T02:29:00", "id": "CVE-2014-1538", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1538", "published": "2014-06-11T10:57:00", "title": "CVE-2014-1538", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate.", "modified": "2018-10-30T16:27:00", "id": "CVE-2014-1542", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1542", "published": "2014-06-11T10:57:00", "title": "CVE-2014-1542", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.\nPer: http://cwe.mitre.org/data/definitions/125.html\n\n\"CWE-125: Out-of-bounds Read\"", "modified": "2017-12-28T02:29:00", "id": "CVE-2014-1536", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1536", "published": "2014-06-11T10:57:00", "title": "CVE-2014-1536", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "modified": "2017-12-28T02:29:00", "id": "CVE-2014-1534", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1534", "published": "2014-06-11T10:57:00", "title": "CVE-2014-1534", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.\nPer http://cwe.mitre.org/data/definitions/416.html:\n\"CWE-416: Use After Free\"", "modified": "2017-12-28T02:29:00", "id": "CVE-2014-1540", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1540", "published": "2014-06-11T10:57:00", "title": "CVE-2014-1540", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "modified": "2017-12-28T02:29:00", "id": "CVE-2014-1533", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1533", "published": "2014-06-11T10:57:00", "title": "CVE-2014-1533", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.\nPer http://cwe.mitre.org/data/definitions/416.html: \"CWE-416: Use After Free\"", "modified": "2017-12-28T02:29:00", "id": "CVE-2014-1537", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1537", "published": "2014-06-11T10:57:00", "title": "CVE-2014-1537", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.\nPer http://cwe.mitre.org/data/definitions/416.html:\n\"CWE-416: Use After Free\"", "modified": "2017-12-28T02:29:00", "id": "CVE-2014-1541", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1541", "published": "2014-06-11T10:57:00", "title": "CVE-2014-1541", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mozilla": [{"lastseen": "2016-09-05T13:37:43", "bulletinFamily": "software", "description": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a number of use-after-free and out of bounds read \nissues using the Address Sanitizer tool. These issues are potentially exploitable, \nallowing for remote code execution. \n\nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonky products because scripting is disabled, but is \npotentially a risk in browser or browser-like contexts.", "modified": "2014-06-10T00:00:00", "published": "2014-06-10T00:00:00", "id": "MFSA2014-49", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2014-49/", "type": "mozilla", "title": "Use-after-free and out of bounds issues found using Address Sanitizer", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-05T13:37:48", "bulletinFamily": "software", "description": "Mozilla developers and community identified and fixed several\nmemory safety bugs in the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.", "modified": "2014-06-10T00:00:00", "published": "2014-06-10T00:00:00", "id": "MFSA2014-48", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2014-48/", "type": "mozilla", "title": "Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-05T13:37:41", "bulletinFamily": "software", "description": "Security researcher Holger Fuhrmannek used the used the\nAddress Sanitizer tool to discover a buffer overflow with the Speex resampler in\nWeb Audio when working with audio content that exceeds expected bounds. This\nleads to a potentially exploitable crash.", "modified": "2014-06-10T00:00:00", "published": "2014-06-10T00:00:00", "id": "MFSA2014-53", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2014-53/", "type": "mozilla", "title": "Buffer overflow in Web Audio Speex resampler", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-05T13:37:48", "bulletinFamily": "software", "description": "Security researchers Tyson Smith and Jesse\nSchwartzentruber of the BlackBerry Security Automated Analysis Team\nused the Address Sanitizer tool while fuzzing to discover a use-after-free in\nthe event listener manager. This can be triggered by web content and leads to a\npotentially exploitable crash. This issue was introduced in Firefox 29 and does\nnot affect earlier versions.", "modified": "2014-06-10T00:00:00", "published": "2014-06-10T00:00:00", "id": "MFSA2014-51", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2014-51/", "type": "mozilla", "title": "Use-after-free in Event Listener Manager", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-05T13:37:46", "bulletinFamily": "software", "description": "Security researcher Nils used the Address Sanitizer to\ndiscover a use-after-free problem with the SMIL Animation Controller when\ninteracting with and rendering improperly formed web content. This causes a\npotentially exploitable crash. \n\nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonky products because scripting is disabled, but is \npotentially a risk in browser or browser-like contexts.", "modified": "2014-06-10T00:00:00", "published": "2014-06-10T00:00:00", "id": "MFSA2014-52", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2014-52/", "type": "mozilla", "title": "Use-after-free with SMIL Animation Controller", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:28", "bulletinFamily": "unix", "description": "[24.6.0-1.0.1.el6_5]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one\n[24.6.0-1]\n- Update to 24.6.0 ESR\n[24.5.0-2]\n- Disabled unused patches", "modified": "2014-06-10T00:00:00", "published": "2014-06-10T00:00:00", "id": "ELSA-2014-0741", "href": "http://linux.oracle.com/errata/ELSA-2014-0741.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:57", "bulletinFamily": "unix", "description": "[24.6.0-1.0.1.el6_5]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[24.6.0-1]\n- Update to 24.6.0", "modified": "2014-06-10T00:00:00", "published": "2014-06-10T00:00:00", "id": "ELSA-2014-0742", "href": "http://linux.oracle.com/errata/ELSA-2014-0742.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-05-29T18:34:50", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:0741\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Gary Kwong, Christoph Diehl, Christian Holler, Hannes\nVerschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey,\nAbhishek Arya, and Nils as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 24.6.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 24.6.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-June/020361.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-June/020365.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0741.html", "modified": "2014-06-11T11:38:33", "published": "2014-06-11T10:49:01", "href": "http://lists.centos.org/pipermail/centos-announce/2014-June/020361.html", "id": "CESA-2014:0741", "title": "firefox security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:03", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:0742\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Gary Kwong, Christoph Diehl, Christian Holler, Hannes\nVerschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey,\nAbhishek Arya, and Nils as the original reporters of these issues.\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 24.6.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 24.6.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-June/020362.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-June/020366.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0742.html", "modified": "2014-06-11T11:39:42", "published": "2014-06-11T10:54:29", "href": "http://lists.centos.org/pipermail/centos-announce/2014-June/020362.html", "id": "CESA-2014:0742", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-05-29T14:34:26", "bulletinFamily": "unix", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Gary Kwong, Christoph Diehl, Christian Holler, Hannes\nVerschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey,\nAbhishek Arya, and Nils as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 24.6.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 24.6.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "modified": "2018-06-06T20:24:11", "published": "2014-06-10T04:00:00", "id": "RHSA-2014:0741", "href": "https://access.redhat.com/errata/RHSA-2014:0741", "type": "redhat", "title": "(RHSA-2014:0741) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:33:49", "bulletinFamily": "unix", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Gary Kwong, Christoph Diehl, Christian Holler, Hannes\nVerschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey,\nAbhishek Arya, and Nils as the original reporters of these issues.\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 24.6.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 24.6.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n", "modified": "2018-06-06T20:24:23", "published": "2014-06-10T04:00:00", "id": "RHSA-2014:0742", "href": "https://access.redhat.com/errata/RHSA-2014:0742", "type": "redhat", "title": "(RHSA-2014:0742) Important: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:21:18", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2955-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJune 11, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceweasel\nCVE ID : CVE-2014-1533 CVE-2014-1538 CVE-2014-1541 CVE-2014-1545\n\nMultiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors and\nbuffer overflows may lead to the execution of arbitrary code or denial\nof service.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 24.6.0esr-1~deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 30.0-1.\n\nWe recommend that you upgrade your iceweasel packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-06-11T14:34:07", "published": "2014-06-11T14:34:07", "id": "DEBIAN:DSA-2955-1:7EADC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00135.html", "title": "[SECURITY] [DSA 2955-1] iceweasel security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:21:35", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2960-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJune 16, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nCVE ID : CVE-2014-1533 CVE-2014-1538 CVE-2014-1541 CVE-2014-1545\n\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail and news client: Multiple memory safety \nerrors and buffer overflows may lead to the execution of arbitrary code\nor denial of service.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 24.6.0-1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-06-16T17:13:47", "published": "2014-06-16T17:13:47", "id": "DEBIAN:DSA-2960-1:520CF", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00140.html", "title": "[SECURITY] [DSA 2960-1] icedove security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:40", "bulletinFamily": "unix", "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-31.5.3\"\n \n\nAll firefox-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-31.5.3\"\n \n\nAll thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-31.5.0\"\n \n\nAll thunderbird-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-31.5.0\"\n \n\nAll seamonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.33.1\"\n \n\nAll seamonkey-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.33.1\"\n \n\nAll nspr users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nspr-4.10.6\"", "modified": "2015-04-08T00:00:00", "published": "2015-04-07T00:00:00", "id": "GLSA-201504-01", "href": "https://security.gentoo.org/glsa/201504-01", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}