Search...

openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2014:0976-1)

2014-08-11T00:00:00

ID OPENVAS:1361412562310850603
Type openvas
Reporter Copyright (C) 2014 Greenbone Networks GmbH
Modified 2020-01-31T00:00:00

Description

The remote host is missing an update for the

                                        
                                            # Copyright (C) 2014 Greenbone Networks GmbH
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (C) of their respective author(s)
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.850603");
  script_version("2020-01-31T08:23:39+0000");
  script_tag(name:"last_modification", value:"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)");
  script_tag(name:"creation_date", value:"2014-08-11 12:25:57 +0200 (Mon, 11 Aug 2014)");
  script_cve_id("CVE-2014-1544", "CVE-2014-1547", "CVE-2014-1548", "CVE-2014-1555",
                "CVE-2014-1556", "CVE-2014-1557");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_name("openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2014:0976-1)");

  script_tag(name:"affected", value:"MozillaThunderbird on openSUSE 13.1, openSUSE 12.3");

  script_tag(name:"insight", value:"MozillaThunderbird was updated to Thunderbird 24.7.0 (bnc#887746)

  * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety
  hazards

  * MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free with
  FireOnStateChange event

  * MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable WebGL crash with
  Cesium JavaScript library

  * MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free while when
  manipulating certificates in the trusted cache (solved with NSS 3.16.2
  requirement)

  * MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia library when
  scaling high quality images

  A standalone enigmail 1.7 package that was previously built as part of
  MozillaThunderbird was added.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  script_xref(name:"openSUSE-SU", value:"2014:0976-1");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'MozillaThunderbird'
  package(s) announced via the referenced advisory.");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=(openSUSE12\.3|openSUSE13\.1)");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "openSUSE12.3") {
  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird", rpm:"MozillaThunderbird~24.7.0~61.55.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-buildsymbols", rpm:"MozillaThunderbird-buildsymbols~24.7.0~61.55.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-debuginfo", rpm:"MozillaThunderbird-debuginfo~24.7.0~61.55.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-debugsource", rpm:"MozillaThunderbird-debugsource~24.7.0~61.55.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-devel", rpm:"MozillaThunderbird-devel~24.7.0~61.55.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-translations-common", rpm:"MozillaThunderbird-translations-common~24.7.0~61.55.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-translations-other", rpm:"MozillaThunderbird-translations-other~24.7.0~61.55.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"enigmail", rpm:"enigmail~1.7~2.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"enigmail-debuginfo", rpm:"enigmail-debuginfo~1.7~2.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"enigmail-debugsource", rpm:"enigmail-debugsource~1.7~2.1", rls:"openSUSE12.3"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "openSUSE13.1") {
  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird", rpm:"MozillaThunderbird~24.7.0~70.27.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-buildsymbols", rpm:"MozillaThunderbird-buildsymbols~24.7.0~70.27.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-debuginfo", rpm:"MozillaThunderbird-debuginfo~24.7.0~70.27.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-debugsource", rpm:"MozillaThunderbird-debugsource~24.7.0~70.27.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-devel", rpm:"MozillaThunderbird-devel~24.7.0~70.27.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-translations-common", rpm:"MozillaThunderbird-translations-common~24.7.0~70.27.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-translations-other", rpm:"MozillaThunderbird-translations-other~24.7.0~70.27.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"enigmail", rpm:"enigmail~1.7~2.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"enigmail-debuginfo", rpm:"enigmail-debuginfo~1.7~2.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"enigmail-debugsource", rpm:"enigmail-debugsource~1.7~2.1", rls:"openSUSE13.1"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310850603", "type": "openvas", "bulletinFamily": "scanner", "title": "openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2014:0976-1)", "description": "The remote host is missing an update for the ", "published": "2014-08-11T00:00:00", "modified": "2020-01-31T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850603", "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "references": ["2014:0976-1"], "cvelist": ["CVE-2014-1548", "CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1557"], "lastseen": "2020-01-31T18:39:33", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "suse", "idList": ["SUSE-SU-2014:0960-1", "OPENSUSE-SU-2014:0950-1", "OPENSUSE-SU-2014:0939-1", "OPENSUSE-SU-2014:0976-1"]}, {"type": "nessus", "idList": ["MACOSX_THUNDERBIRD_24_7.NASL", "MACOSX_FIREFOX_24_7_ESR.NASL", "OPENSUSE-2014-487.NASL", "MOZILLA_FIREFOX_24_7_ESR.NASL", "SOLARIS11_FIREFOX_20141216.NASL", "SL_20140722_THUNDERBIRD_ON_SL5_X.NASL", "DEBIAN_DSA-2986.NASL", "REDHAT-RHSA-2014-0919.NASL", "DEBIAN_DSA-2996.NASL", "MOZILLA_THUNDERBIRD_24_7.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2986-1:01B98", "DEBIAN:DSA-2996-1:8C612"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310804733", "OPENVAS:1361412562310850601", "OPENVAS:702996", "OPENVAS:1361412562310702996", "OPENVAS:1361412562310702986", "OPENVAS:1361412562310123372", "OPENVAS:1361412562310871204", "OPENVAS:1361412562310881976", "OPENVAS:702986", "OPENVAS:1361412562310804732"]}, {"type": "kaspersky", "idList": ["KLA10119"]}, {"type": "cve", "idList": ["CVE-2014-1556", "CVE-2014-1557", "CVE-2014-1547", "CVE-2014-1555", "CVE-2014-1544", "CVE-2014-1548"]}, {"type": "centos", "idList": ["CESA-2014:0916", "CESA-2014:0918", "CESA-2014:0919"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0918", "ELSA-2014-0919"]}, {"type": "redhat", "idList": ["RHSA-2014:0919", "RHSA-2014:0916", "RHSA-2014:0918"]}, {"type": "ubuntu", "idList": ["USN-2296-1", "USN-2295-1", "USN-2343-1"]}, {"type": "freebsd", "idList": ["978B0F76-122D-11E4-AFE3-BC5FF4FB5E7B"]}, {"type": "mozilla", "idList": ["MFSA2014-56", "MFSA2014-63", "MFSA2014-61", "MFSA2014-62"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13890"]}], "modified": "2020-01-31T18:39:33", "rev": 2}, "score": {"value": 8.1, "vector": "NONE", "modified": "2020-01-31T18:39:33", "rev": 2}, "vulnersScore": 8.1}, "pluginID": "1361412562310850603", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850603\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-08-11 12:25:57 +0200 (Mon, 11 Aug 2014)\");\n script_cve_id(\"CVE-2014-1544\", \"CVE-2014-1547\", \"CVE-2014-1548\", \"CVE-2014-1555\",\n \"CVE-2014-1556\", \"CVE-2014-1557\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2014:0976-1)\");\n\n script_tag(name:\"affected\", value:\"MozillaThunderbird on openSUSE 13.1, openSUSE 12.3\");\n\n script_tag(name:\"insight\", value:\"MozillaThunderbird was updated to Thunderbird 24.7.0 (bnc#887746)\n\n * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety\n hazards\n\n * MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free with\n FireOnStateChange event\n\n * MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable WebGL crash with\n Cesium JavaScript library\n\n * MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free while when\n manipulating certificates in the trusted cache (solved with NSS 3.16.2\n requirement)\n\n * MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia library when\n scaling high quality images\n\n A standalone enigmail 1.7 package that was previously built as part of\n MozillaThunderbird was added.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:0976-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MozillaThunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE12\\.3|openSUSE13\\.1)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE12.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~24.7.0~61.55.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-buildsymbols\", rpm:\"MozillaThunderbird-buildsymbols~24.7.0~61.55.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debuginfo\", rpm:\"MozillaThunderbird-debuginfo~24.7.0~61.55.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debugsource\", rpm:\"MozillaThunderbird-debugsource~24.7.0~61.55.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~24.7.0~61.55.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~24.7.0~61.55.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~24.7.0~61.55.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"enigmail\", rpm:\"enigmail~1.7~2.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"enigmail-debuginfo\", rpm:\"enigmail-debuginfo~1.7~2.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"enigmail-debugsource\", rpm:\"enigmail-debugsource~1.7~2.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSE13.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~24.7.0~70.27.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-buildsymbols\", rpm:\"MozillaThunderbird-buildsymbols~24.7.0~70.27.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debuginfo\", rpm:\"MozillaThunderbird-debuginfo~24.7.0~70.27.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debugsource\", rpm:\"MozillaThunderbird-debugsource~24.7.0~70.27.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~24.7.0~70.27.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~24.7.0~70.27.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~24.7.0~70.27.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"enigmail\", rpm:\"enigmail~1.7~2.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"enigmail-debuginfo\", rpm:\"enigmail-debuginfo~1.7~2.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"enigmail-debugsource\", rpm:\"enigmail-debugsource~1.7~2.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "naslFamily": "SuSE Local Security Checks", "immutableFields": []}

{"suse": [{"lastseen": "2016-09-04T11:56:37", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1548", "CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1557"], "description": "MozillaThunderbird was updated to Thunderbird 24.7.0 (bnc#887746)\n * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety\n hazards\n * MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free with\n FireOnStateChange event\n * MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable WebGL crash with\n Cesium JavaScript library\n * MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free while when\n manipulating certificates in the trusted cache (solved with NSS 3.16.2\n requirement)\n * MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia library when\n scaling high quality images\n\n A standalone enigmail 1.7 package that was previously built as part of\n MozillaThunderbird was added.\n\n", "edition": 1, "modified": "2014-08-11T10:05:21", "published": "2014-08-11T10:05:21", "id": "OPENSUSE-SU-2014:0976-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00005.html", "title": "MozillaThunderbird: Update to 24.7.0 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:17:41", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1548", "CVE-2014-1492", "CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1557"], "description": "update to Firefox 24.7.0 and Thunderbird 24.7.0 including fixes for\n\n * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety\n hazards\n * MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free with\n FireOnStateChange event\n * MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable WebGL crash with\n Cesium JavaScript library\n * MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free while when\n manipulating certificates in the trusted cache (solved with NSS 3.16.2\n requirement)\n * MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia library when\n scaling high quality images\n - require NSS 3.16.2\n\n", "edition": 1, "modified": "2014-07-30T20:47:31", "published": "2014-07-30T20:47:31", "id": "OPENSUSE-SU-2014:0950-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00021.html", "title": "Mozilla updates 07/2014 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:33:54", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1559", "CVE-2014-1548", "CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1558", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1552", "CVE-2014-1549", "CVE-2014-1557", "CVE-2014-1550", "CVE-2014-1560", "CVE-2014-1561"], "description": "MozillaFirefox was updated to version 31 to fix various security issues\n and bugs:\n\n * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety\n hazards\n * MFSA 2014-57/CVE-2014-1549 (bmo#1020205) Buffer overflow during Web\n Audio buffering for playback\n * MFSA 2014-58/CVE-2014-1550 (bmo#1020411) Use-after-free in Web Audio due\n to incorrect control message ordering\n * MFSA 2014-60/CVE-2014-1561 (bmo#1000514, bmo#910375) Toolbar dialog\n customization event spoofing\n * MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free with\n FireOnStateChange event\n * MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable WebGL crash with\n Cesium JavaScript library\n * MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free while when\n manipulating certificates in the trusted cache (solved with NSS 3.16.2\n requirement)\n * MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia library when\n scaling high quality images\n * MFSA 2014-65/CVE-2014-1558/CVE-2014-1559/CVE-2014-1560 (bmo#1015973,\n bmo#1026022, bmo#997795) Certificate parsing broken by non-standard\n character encoding\n * MFSA 2014-66/CVE-2014-1552 (bmo#985135) IFRAME sandbox same-origin\n access through redirect\n\n Mozilla-nss was updated to 3.16.3: New Functions:\n * CERT_GetGeneralNameTypeFromString (This function was already added in\n NSS 3.16.2, however, it wasn't declared in a public header file.)\n Notable Changes:\n * The following 1024-bit CA certificates were removed\n - Entrust.net Secure Server Certification Authority\n - GTE CyberTrust Global Root\n - ValiCert Class 1 Policy Validation Authority\n - ValiCert Class 2 Policy Validation Authority\n - ValiCert Class 3 Policy Validation Authority\n * Additionally, the following CA certificate was removed as requested by\n the CA:\n - TDC Internet Root CA\n * The following CA certificates were added:\n - Certification Authority of WoSign\n - CA \u00c3\u00a6\u00c2\u00b2\u00c2\u0083\u00c3\u00a9\u00c2\u0080\u00c2\u009a\u00c3\u00a6\u00c2\u00a0\u00c2\u00b9\u00c3\u00a8\u00c2\u00af\u00c2\u0081\u00c3\u00a4\u00c2\u00b9\u00c2\u00a6\n - DigiCert Assured ID Root G2\n - DigiCert Assured ID Root G3\n - DigiCert Global Root G2\n - DigiCert Global Root G3\n - DigiCert Trusted Root G4\n - QuoVadis Root CA 1 G3\n - QuoVadis Root CA 2 G3\n - QuoVadis Root CA 3 G3\n * The Trust Bits were changed for the following CA certificates\n - Class 3 Public Primary Certification Authority\n - Class 3 Public Primary Certification Authority\n - Class 2 Public Primary Certification Authority - G2\n - VeriSign Class 2 Public Primary Certification Authority - G3\n - AC Ra\u00c3\u0083\u00c2\u00adz Certic\u00c3\u0083\u00c2\u00a1mara S.A.\n - NetLock Uzleti (Class B) Tanusitvanykiado\n - NetLock Expressz (Class C) Tanusitvanykiado changes in 3.16.2 New\n functionality:\n * DTLS 1.2 is supported.\n * The TLS application layer protocol negotiation (ALPN) extension is also\n supported on the server side.\n * RSA-OEAP is supported. Use the new PK11_PrivDecrypt and PK11_PubEncrypt\n functions with the CKM_RSA_PKCS_OAEP mechanism.\n * New Intel AES assembly code for 32-bit and 64-bit Windows, contributed\n by Shay Gueron and Vlad Krasnov of Intel. Notable Changes:\n * The btoa command has a new command-line option -w suffix, which causes\n the output to be wrapped in BEGIN/END lines with the given suffix\n * The certutil commands supports additionals types of subject alt name\n extensions.\n * The certutil command supports generic certificate extensions, by loading\n binary data from files, which have been prepared using external tools,\n or which have been extracted from other existing certificates and dumped\n to file.\n * The certutil command supports three new certificate usage specifiers.\n * The pp command supports printing UTF-8 (-u).\n * On Linux, NSS is built with the -ffunction-sections -fdata-sections\n compiler flags and the --gc-sections linker flag to allow unused\n functions to be discarded. changes in 3.16.1 New functionality:\n * Added the "ECC" flag for modutil to select the module used for elliptic\n curve cryptography (ECC) operations. New Macros\n * PUBLIC_MECH_ECC_FLAG a public mechanism flag for elliptic curve\n cryptography (ECC)\n operations\n * SECMOD_ECC_FLAG an NSS-internal mechanism flag for elliptic curve\n cryptography (ECC) operations. This macro has the same numeric value as\n PUBLIC_MECH_ECC_FLAG. Notable Changes:\n * Imposed name constraints on the French government root CA ANSSI (DCISS).\n\n", "edition": 1, "modified": "2014-07-30T20:43:23", "published": "2014-07-30T20:43:23", "id": "OPENSUSE-SU-2014:0939-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00020.html", "type": "suse", "title": "MozillaFirefox: Update to Mozilla Firefox 31 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:38:59", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1559", "CVE-2014-1548", "CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1558", "CVE-2014-1551", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1552", "CVE-2014-1549", "CVE-2014-1557", "CVE-2014-1550", "CVE-2014-1560", "CVE-2014-1561"], "description": "Mozilla Firefox has been updated to the 24.7ESR security release.\n\n Security issues fixed in this release:\n\n * CVE-2014-1544 -\n <a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/2014/mfsa2014-63.html\">https://www.mozilla.org/security/announce/2014/mfsa2014-63.html</a>\n <<a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/2014/mfsa2014-63.html\">https://www.mozilla.org/security/announce/2014/mfsa2014-63.html</a>>\n * CVE-2014-1548 -\n <a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/2014/mfsa2014-56.html\">https://www.mozilla.org/security/announce/2014/mfsa2014-56.html</a>\n <<a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/2014/mfsa2014-56.html\">https://www.mozilla.org/security/announce/2014/mfsa2014-56.html</a>>\n * CVE-2014-1549 -\n <a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/2014/mfsa2014-57.html\">https://www.mozilla.org/security/announce/2014/mfsa2014-57.html</a>\n <<a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/2014/mfsa2014-57.html\">https://www.mozilla.org/security/announce/2014/mfsa2014-57.html</a>>\n * CVE-2014-1550 -\n <a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/2014/mfsa2014-58.html\">https://www.mozilla.org/security/announce/2014/mfsa2014-58.html</a>\n <<a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/2014/mfsa2014-58.html\">https://www.mozilla.org/security/announce/2014/mfsa2014-58.html</a>>\n * CVE-2014-1551 -\n <a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/2014/mfsa2014-59.html\">https://www.mozilla.org/security/announce/2014/mfsa2014-59.html</a>\n <<a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/2014/mfsa2014-59.html\">https://www.mozilla.org/security/announce/2014/mfsa2014-59.html</a>>\n * CVE-2014-1552 -\n <a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/2014/mfsa2014-66.html\">https://www.mozilla.org/security/announce/2014/mfsa2014-66.html</a>\n <<a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/2014/mfsa2014-66.html\">https://www.mozilla.org/security/announce/2014/mfsa2014-66.html</a>>\n * CVE-2014-1555 -\n <a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/2014/mfsa2014-61.html\">https://www.mozilla.org/security/announce/2014/mfsa2014-61.html</a>\n <<a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/2014/mfsa2014-61.html\">https://www.mozilla.org/security/announce/2014/mfsa2014-61.html</a>>\n * CVE-2014-1556 -\n <a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/2014/mfsa2014-62.html\">https://www.mozilla.org/security/announce/2014/mfsa2014-62.html</a>\n <<a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/2014/mfsa2014-62.html\">https://www.mozilla.org/security/announce/2014/mfsa2014-62.html</a>>\n * CVE-2014-1557 -\n <a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/2014/mfsa2014-64.html\">https://www.mozilla.org/security/announce/2014/mfsa2014-64.html</a>\n <<a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/2014/mfsa2014-64.html\">https://www.mozilla.org/security/announce/2014/mfsa2014-64.html</a>>\n * CVE-2014-1558, CVE-2014-1559, CVE-2014-1560 -\n <a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/2014/mfsa2014-65.html\">https://www.mozilla.org/security/announce/2014/mfsa2014-65.html</a>\n <<a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/2014/mfsa2014-65.html\">https://www.mozilla.org/security/announce/2014/mfsa2014-65.html</a>>\n * CVE-2014-1561 -\n <a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/2014/mfsa2014-60.html\">https://www.mozilla.org/security/announce/2014/mfsa2014-60.html</a>\n <<a rel=\"nofollow\" href=\"https://www.mozilla.org/security/announce/2014/mfsa2014-60.html\">https://www.mozilla.org/security/announce/2014/mfsa2014-60.html</a>>\n\n Security Issues:\n\n * CVE-2014-1557\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1557\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1557</a>>\n * CVE-2014-1547\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1547\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1547</a>>\n * CVE-2014-1548\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1548\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1548</a>>\n * CVE-2014-1556\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1556\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1556</a>>\n * CVE-2014-1544\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544</a>>\n * CVE-2014-1555\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1555\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1555</a>>\n\n", "edition": 1, "modified": "2014-08-02T01:04:22", "published": "2014-08-02T01:04:22", "id": "SUSE-SU-2014:0960-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00001.html", "title": "Security update for Mozilla Firefox (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-20T12:27:49", "description": "MozillaThunderbird was updated to Thunderbird 24.7.0 (bnc#887746)\n\n - MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous\n memory safety hazards\n\n - MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free\n with FireOnStateChange event\n\n - MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable\n WebGL crash with Cesium JavaScript library\n\n - MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free\n while when manipulating certificates in the trusted\n cache (solved with NSS 3.16.2 requirement)\n\n - MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia\n library when scaling high quality images\n\nA standalone enigmail 1.7 package that was previously built as part of\nMozillaThunderbird was added.", "edition": 18, "published": "2014-08-12T00:00:00", "title": "openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2014:0976-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1548", "CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1557"], "modified": "2014-08-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:enigmail-debugsource", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:enigmail", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:enigmail-debuginfo"], "id": "OPENSUSE-2014-487.NASL", "href": "https://www.tenable.com/plugins/nessus/77131", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-487.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77131);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-1544\", \"CVE-2014-1547\", \"CVE-2014-1548\", \"CVE-2014-1555\", \"CVE-2014-1556\", \"CVE-2014-1557\");\n script_bugtraq_id(68811, 68814, 68816, 68818, 68822, 68824);\n\n script_name(english:\"openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2014:0976-1)\");\n script_summary(english:\"Check for the openSUSE-2014-487 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MozillaThunderbird was updated to Thunderbird 24.7.0 (bnc#887746)\n\n - MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous\n memory safety hazards\n\n - MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free\n with FireOnStateChange event\n\n - MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable\n WebGL crash with Cesium JavaScript library\n\n - MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free\n while when manipulating certificates in the trusted\n cache (solved with NSS 3.16.2 requirement)\n\n - MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia\n library when scaling high quality images\n\nA standalone enigmail 1.7 package that was previously built as part of\nMozillaThunderbird was added.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=887746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-08/msg00007.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaThunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaThunderbird-24.7.0-61.55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaThunderbird-buildsymbols-24.7.0-61.55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaThunderbird-debuginfo-24.7.0-61.55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaThunderbird-debugsource-24.7.0-61.55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaThunderbird-devel-24.7.0-61.55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaThunderbird-translations-common-24.7.0-61.55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"MozillaThunderbird-translations-other-24.7.0-61.55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"enigmail-1.7-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"enigmail-debuginfo-1.7-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"enigmail-debugsource-1.7-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-24.7.0-70.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-buildsymbols-24.7.0-70.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-debuginfo-24.7.0-70.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-debugsource-24.7.0-70.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-devel-24.7.0-70.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-translations-common-24.7.0-70.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-translations-other-24.7.0-70.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"enigmail-1.7-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"enigmail-debuginfo-1.7-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"enigmail-debugsource-1.7-2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T03:44:40", "description": "The version of Firefox ESR 24.x installed on the remote host is prior\nto 24.7. It is, therefore, affected by the following vulnerabilities :\n\n - When a pair of NSSCertificate structures are added to a\n trust domain and then one of them is removed during use,\n a use-after-free error occurs which may cause the\n application to crash. This crash is potentially\n exploitable. (CVE-2014-1544)\n\n - There are multiple memory safety hazards within the\n browser engine. These hazards may lead to memory\n corruption vulnerabilities, which may allow attackers\n to execute arbitrary code. (CVE-2014-1547,\n CVE-2014-1548)\n\n - Triggering the FireOnStateChange event has the\n potential to crash the application. This may lead to\n a use-after-free and an exploitable crash.\n (CVE-2014-1555)\n\n - When using the Cesium JavaScript library to generate\n WebGL content, the application may crash. This crash\n is potentially exploitable. (CVE-2014-1556)\n\n - There is a flaw in the Skia library when scaling images\n of high quality. If the image data is discarded while\n being processed, the library may crash. This crash\n is potentially exploitable. (CVE-2014-1557)", "edition": 27, "published": "2014-07-24T00:00:00", "title": "Firefox ESR 24.x< 24.7 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1548", "CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1557"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MACOSX_FIREFOX_24_7_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/76758", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76758);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2014-1544\",\n \"CVE-2014-1547\",\n \"CVE-2014-1548\",\n \"CVE-2014-1555\",\n \"CVE-2014-1556\",\n \"CVE-2014-1557\"\n );\n script_bugtraq_id(\n 68811,\n 68814,\n 68816,\n 68818,\n 68822,\n 68824\n );\n\n script_name(english:\"Firefox ESR 24.x< 24.7 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox ESR 24.x installed on the remote host is prior\nto 24.7. It is, therefore, affected by the following vulnerabilities :\n\n - When a pair of NSSCertificate structures are added to a\n trust domain and then one of them is removed during use,\n a use-after-free error occurs which may cause the\n application to crash. This crash is potentially\n exploitable. (CVE-2014-1544)\n\n - There are multiple memory safety hazards within the\n browser engine. These hazards may lead to memory\n corruption vulnerabilities, which may allow attackers\n to execute arbitrary code. (CVE-2014-1547,\n CVE-2014-1548)\n\n - Triggering the FireOnStateChange event has the\n potential to crash the application. This may lead to\n a use-after-free and an exploitable crash.\n (CVE-2014-1555)\n\n - When using the Cesium JavaScript library to generate\n WebGL content, the application may crash. This crash\n is potentially exploitable. (CVE-2014-1556)\n\n - There is a flaw in the Skia library when scaling images\n of high quality. If the image data is discarded while\n being processed, the library may crash. This crash\n is potentially exploitable. (CVE-2014-1557)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-56.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-61.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-62.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-63.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-64.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Firefox ESR 24.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-1548\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nis_esr = get_kb_item(kb_base+\"/is_esr\");\nif (isnull(is_esr)) audit(AUDIT_NOT_INST, \"Mozilla Firefox ESR\");\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:TRUE, fix:'24.7', min:'24.0', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T03:58:00", "description": "The version of Thunderbird 24.x installed on the remote host is a version\nprior to 24.7. It is, therefore, affected by the following\nvulnerabilities :\n\n - When a pair of NSSCertificate structures are added to a\n trust domain and then one of them is removed during use,\n a use-after-free error occurs which may cause the\n application to crash. This crash is potentially\n exploitable. (CVE-2014-1544)\n\n - There are multiple memory safety hazards within the\n browser engine. These hazards may lead to memory\n corruption vulnerabilities, which may allow attackers\n to execute arbitrary code. (CVE-2014-1547,\n CVE-2014-1548)\n\n - Triggering the FireOnStateChange event has the\n potential to crash the application. This may lead to\n a use-after-free and an exploitable crash.\n (CVE-2014-1555)\n\n - When using the Cesium JavaScript library to generate\n WebGL content, the application may crash. This crash\n is potentially exploitable. (CVE-2014-1556)\n\n - There is a flaw in the Skia library when scaling images\n of high quality. If the image data is discarded while\n being processed, the library may crash. This crash\n is potentially exploitable. (CVE-2014-1557)", "edition": 27, "published": "2014-07-24T00:00:00", "title": "Mozilla Thunderbird 24.x < 24.7 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1548", "CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1557"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MACOSX_THUNDERBIRD_24_7.NASL", "href": "https://www.tenable.com/plugins/nessus/76760", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76760);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2014-1544\",\n \"CVE-2014-1547\",\n \"CVE-2014-1548\",\n \"CVE-2014-1555\",\n \"CVE-2014-1557\"\n );\n script_bugtraq_id(\n 68811,\n 68814,\n 68816,\n 68818,\n 68822,\n 68824\n );\n\n script_name(english:\"Mozilla Thunderbird 24.x < 24.7 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version of Thunderbird.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a mail client that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Thunderbird 24.x installed on the remote host is a version\nprior to 24.7. It is, therefore, affected by the following\nvulnerabilities :\n\n - When a pair of NSSCertificate structures are added to a\n trust domain and then one of them is removed during use,\n a use-after-free error occurs which may cause the\n application to crash. This crash is potentially\n exploitable. (CVE-2014-1544)\n\n - There are multiple memory safety hazards within the\n browser engine. These hazards may lead to memory\n corruption vulnerabilities, which may allow attackers\n to execute arbitrary code. (CVE-2014-1547,\n CVE-2014-1548)\n\n - Triggering the FireOnStateChange event has the\n potential to crash the application. This may lead to\n a use-after-free and an exploitable crash.\n (CVE-2014-1555)\n\n - When using the Cesium JavaScript library to generate\n WebGL content, the application may crash. This crash\n is potentially exploitable. (CVE-2014-1556)\n\n - There is a flaw in the Skia library when scaling images\n of high quality. If the image data is discarded while\n being processed, the library may crash. This crash\n is potentially exploitable. (CVE-2014-1557)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-56.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-61.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-62.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-63.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-64.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Thunderbird 24.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-1548\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_thunderbird_installed.nasl\");\n script_require_keys(\"MacOSX/Thunderbird/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Thunderbird\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Thunderbird install is in the ESR branch.');\n\nmozilla_check_version(product:'thunderbird', version:version, path:path, esr:FALSE, fix:'24.7', min:'24.0', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:48:41", "description": "Multiple security issues have been found in Icedove, Debian's version\nof the Mozilla Thunderbird mail and news client: Multiple memory\nsafety errors and use-after-frees may lead to the execution of\narbitrary code or denial of service.", "edition": 16, "published": "2014-08-04T00:00:00", "title": "Debian DSA-2996-1 : icedove - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1557"], "modified": "2014-08-04T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:icedove"], "id": "DEBIAN_DSA-2996.NASL", "href": "https://www.tenable.com/plugins/nessus/76977", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2996. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76977);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-1544\", \"CVE-2014-1547\", \"CVE-2014-1555\", \"CVE-2014-1556\", \"CVE-2014-1557\");\n script_bugtraq_id(68811, 68814, 68816, 68822, 68824);\n script_xref(name:\"DSA\", value:\"2996\");\n\n script_name(english:\"Debian DSA-2996-1 : icedove - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Icedove, Debian's version\nof the Mozilla Thunderbird mail and news client: Multiple memory\nsafety errors and use-after-frees may lead to the execution of\narbitrary code or denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/icedove\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2996\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icedove packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 24.7.0-1~deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"calendar-google-provider\", reference:\"24.7.0-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove\", reference:\"24.7.0-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove-dbg\", reference:\"24.7.0-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove-dev\", reference:\"24.7.0-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceowl-extension\", reference:\"24.7.0-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:48:40", "description": "Multiple security issues have been found in Iceweasel, Debian's\nversion of the Mozilla Firefox web browser: Multiple memory safety\nerrors and use-after-frees may lead to the execution of arbitrary code\nor denial of service.", "edition": 16, "published": "2014-07-26T00:00:00", "title": "Debian DSA-2986-1 : iceweasel - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1557"], "modified": "2014-07-26T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:iceweasel", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2986.NASL", "href": "https://www.tenable.com/plugins/nessus/76841", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2986. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76841);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-1544\", \"CVE-2014-1547\", \"CVE-2014-1555\", \"CVE-2014-1556\", \"CVE-2014-1557\");\n script_bugtraq_id(68811, 68814, 68816, 68822, 68824);\n script_xref(name:\"DSA\", value:\"2986\");\n\n script_name(english:\"Debian DSA-2986-1 : iceweasel - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Iceweasel, Debian's\nversion of the Mozilla Firefox web browser: Multiple memory safety\nerrors and use-after-frees may lead to the execution of arbitrary code\nor denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/iceweasel\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2986\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the iceweasel packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 24.7.0esr-1~deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-dbg\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-dev\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ach\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-af\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-all\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-an\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ar\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-as\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ast\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-be\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bg\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-br\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bs\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ca\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-cs\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-csb\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-cy\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-da\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-de\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-el\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-eo\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-et\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-eu\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fa\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ff\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fi\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fr\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gd\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gl\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-he\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hr\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hu\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-id\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-is\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-it\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ja\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-kk\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-km\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-kn\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ko\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ku\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lij\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lt\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lv\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mai\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mk\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ml\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mr\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ms\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nl\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-or\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pl\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-rm\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ro\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ru\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-si\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sk\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sl\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-son\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sq\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sr\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ta\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-te\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-th\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-tr\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-uk\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-vi\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-xh\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zu\", reference:\"24.7.0esr-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:00:51", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates.", "edition": 24, "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : firefox (multiple_vulnerabilities_fixed_in_firefox1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1548", "CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1551", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1557"], "modified": "2015-01-19T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:firefox", "cpe:/o:oracle:solaris:11.2"], "id": "SOLARIS11_FIREFOX_20141216.NASL", "href": "https://www.tenable.com/plugins/nessus/80610", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80610);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-1544\", \"CVE-2014-1547\", \"CVE-2014-1548\", \"CVE-2014-1551\", \"CVE-2014-1555\", \"CVE-2014-1556\", \"CVE-2014-1557\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : firefox (multiple_vulnerabilities_fixed_in_firefox1)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates.\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-fixed-in-firefox-2470-esr\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7bb86a99\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.2.5.5.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:firefox\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^firefox$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.2.5.0.5.0\", sru:\"SRU 11.2.5.5.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : firefox\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_hole(port:0, extra:error_extra);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"firefox\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T04:11:13", "description": "The version of Thunderbird 24.x installed on the remote host is a version\nprior to 24.7. It is, therefore, affected by the following\nvulnerabilities :\n\n - When a pair of NSSCertificate structures are added to a\n trust domain and then one of them is removed during use,\n a use-after-free error occurs which may cause the\n application to crash. This crash is potentially\n exploitable. (CVE-2014-1544)\n\n - There are multiple memory safety hazards within the\n browser engine. These hazards may lead to memory\n corruption vulnerabilities, which may allow attackers\n to execute arbitrary code. (CVE-2014-1547,\n CVE-2014-1548)\n\n - There is a potential use-after-free issue in\n DirectWrite font handling. This may allow an attacker\n to potentially execute arbitrary code within the context\n of the user running the application. (CVE-2014-1551)\n\n - Triggering the FireOnStateChange event has the\n potential to crash the application. This may lead to\n a use-after-free and an exploitable crash.\n (CVE-2014-1555)\n\n - When using the Cesium JavaScript library to generate\n WebGL content, the application may crash. This crash\n is potentially exploitable. (CVE-2014-1556)", "edition": 27, "published": "2014-07-24T00:00:00", "title": "Mozilla Thunderbird 24.x < 24.7 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1548", "CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1551", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1557"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MOZILLA_THUNDERBIRD_24_7.NASL", "href": "https://www.tenable.com/plugins/nessus/76764", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76764);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2014-1544\",\n \"CVE-2014-1547\",\n \"CVE-2014-1548\",\n \"CVE-2014-1551\",\n \"CVE-2014-1555\",\n \"CVE-2014-1557\"\n );\n script_bugtraq_id(\n 68811,\n 68814,\n 68816,\n 68817,\n 68818,\n 68822,\n 68824\n );\n\n script_name(english:\"Mozilla Thunderbird 24.x < 24.7 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Thunderbird.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a mail client that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Thunderbird 24.x installed on the remote host is a version\nprior to 24.7. It is, therefore, affected by the following\nvulnerabilities :\n\n - When a pair of NSSCertificate structures are added to a\n trust domain and then one of them is removed during use,\n a use-after-free error occurs which may cause the\n application to crash. This crash is potentially\n exploitable. (CVE-2014-1544)\n\n - There are multiple memory safety hazards within the\n browser engine. These hazards may lead to memory\n corruption vulnerabilities, which may allow attackers\n to execute arbitrary code. (CVE-2014-1547,\n CVE-2014-1548)\n\n - There is a potential use-after-free issue in\n DirectWrite font handling. This may allow an attacker\n to potentially execute arbitrary code within the context\n of the user running the application. (CVE-2014-1551)\n\n - Triggering the FireOnStateChange event has the\n potential to crash the application. This may lead to\n a use-after-free and an exploitable crash.\n (CVE-2014-1555)\n\n - When using the Cesium JavaScript library to generate\n WebGL content, the application may crash. This crash\n is potentially exploitable. (CVE-2014-1556)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-56.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-59.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-61.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-62.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-63.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-64.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Thunderbird 24.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-1551\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'24.7', min:'24.0', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T04:07:16", "description": "The version of Firefox ESR 24.x installed on the remote host is prior\nto 24.7. It is, therefore, affected by the following vulnerabilities :\n\n - When a pair of NSSCertificate structures are added to a\n trust domain and then one of them is removed during use,\n a use-after-free error occurs which may cause the\n application to crash. This crash is potentially\n exploitable. (CVE-2014-1544)\n\n - There are multiple memory safety hazards within the\n browser engine. These hazards may lead to memory\n corruption vulnerabilities, which may allow attackers\n to execute arbitrary code. (CVE-2014-1547,\n CVE-2014-1548)\n\n - There is a potential use-after-free issue in\n DirectWrite font handling. This may allow an attacker\n to potentially execute arbitrary code within the context\n of the user running the application. (CVE-2014-1551)\n\n - Triggering the FireOnStateChange event has the\n potential to crash the application. This may lead to\n a use-after-free and an exploitable crash.\n (CVE-2014-1555)\n\n - When using the Cesium JavaScript library to generate\n WebGL content, the application may crash. This crash\n is potentially exploitable. (CVE-2014-1556)\n\n - There is a flaw in the Skia library when scaling images\n of high quality. If the image data is discarded while\n being processed, the library may crash. This crash\n is potentially exploitable. (CVE-2014-1557)", "edition": 27, "published": "2014-07-24T00:00:00", "title": "Firefox ESR 24.x < 24.7 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1548", "CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1551", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1557"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MOZILLA_FIREFOX_24_7_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/76762", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76762);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2014-1544\",\n \"CVE-2014-1547\",\n \"CVE-2014-1548\",\n \"CVE-2014-1551\",\n \"CVE-2014-1555\",\n \"CVE-2014-1556\",\n \"CVE-2014-1557\"\n );\n script_bugtraq_id(\n 68811,\n 68814,\n 68816,\n 68817,\n 68818,\n 68822,\n 68824\n );\n\n script_name(english:\"Firefox ESR 24.x < 24.7 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox ESR 24.x installed on the remote host is prior\nto 24.7. It is, therefore, affected by the following vulnerabilities :\n\n - When a pair of NSSCertificate structures are added to a\n trust domain and then one of them is removed during use,\n a use-after-free error occurs which may cause the\n application to crash. This crash is potentially\n exploitable. (CVE-2014-1544)\n\n - There are multiple memory safety hazards within the\n browser engine. These hazards may lead to memory\n corruption vulnerabilities, which may allow attackers\n to execute arbitrary code. (CVE-2014-1547,\n CVE-2014-1548)\n\n - There is a potential use-after-free issue in\n DirectWrite font handling. This may allow an attacker\n to potentially execute arbitrary code within the context\n of the user running the application. (CVE-2014-1551)\n\n - Triggering the FireOnStateChange event has the\n potential to crash the application. This may lead to\n a use-after-free and an exploitable crash.\n (CVE-2014-1555)\n\n - When using the Cesium JavaScript library to generate\n WebGL content, the application may crash. This crash\n is potentially exploitable. (CVE-2014-1556)\n\n - There is a flaw in the Skia library when scaling images\n of high quality. If the image data is discarded while\n being processed, the library may crash. This crash\n is potentially exploitable. (CVE-2014-1557)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-56.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-59.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-61.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-62.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-63.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-64.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Firefox ESR 24.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-1551\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'24.7', min:'24.0', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:14:45", "description": "Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nThe Red Hat Security Response Team has rated this update as having\nCritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2014-1547, CVE-2014-1555, CVE-2014-1556,\nCVE-2014-1557)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christian Holler, David Keeler, Byron\nCampen, Jethro Beekman, Patrick Cozzi, and Mozilla community member\nJohn as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 24.7.0 ESR. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 24.7.0 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 22, "published": "2014-07-23T00:00:00", "title": "RHEL 5 / 6 / 7 : firefox (RHSA-2014:0919)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1547", "CVE-2014-1557"], "modified": "2014-07-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6.5", "p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.7", "p-cpe:/a:redhat:enterprise_linux:xulrunner", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:xulrunner-devel", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-0919.NASL", "href": "https://www.tenable.com/plugins/nessus/76700", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0919. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76700);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-1547\", \"CVE-2014-1555\", \"CVE-2014-1556\", \"CVE-2014-1557\");\n script_xref(name:\"RHSA\", value:\"2014:0919\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : firefox (RHSA-2014:0919)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nThe Red Hat Security Response Team has rated this update as having\nCritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2014-1547, CVE-2014-1555, CVE-2014-1556,\nCVE-2014-1557)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christian Holler, David Keeler, Byron\nCampen, Jethro Beekman, Patrick Cozzi, and Mozilla community member\nJohn as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 24.7.0 ESR. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 24.7.0 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1436f2f7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1556\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0919\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-24.7.0-1.el5_10\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-debuginfo-24.7.0-1.el5_10\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-24.7.0-1.el6_5\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-debuginfo-24.7.0-1.el6_5\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-24.7.0-1.el7_0\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-debuginfo-24.7.0-1.el7_0\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"xulrunner-24.7.0-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"xulrunner-debuginfo-24.7.0-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"xulrunner-devel-24.7.0-1.el7_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo / xulrunner / xulrunner-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:29:38", "description": "An updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2014-1547, CVE-2014-1555,\nCVE-2014-1556, CVE-2014-1557)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christian Holler, David Keeler, Byron\nCampen, Jethro Beekman, Patrick Cozzi, and Mozilla community member\nJohn as the original reporters of these issues.\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 24.7.0. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 24.7.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.", "edition": 21, "published": "2014-07-23T00:00:00", "title": "CentOS 5 / 6 : thunderbird (CESA-2014:0918)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1547", "CVE-2014-1557"], "modified": "2014-07-23T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2014-0918.NASL", "href": "https://www.tenable.com/plugins/nessus/76687", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0918 and \n# CentOS Errata and Security Advisory 2014:0918 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76687);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-1547\", \"CVE-2014-1555\", \"CVE-2014-1556\", \"CVE-2014-1557\");\n script_xref(name:\"RHSA\", value:\"2014:0918\");\n\n script_name(english:\"CentOS 5 / 6 : thunderbird (CESA-2014:0918)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2014-1547, CVE-2014-1555,\nCVE-2014-1556, CVE-2014-1557)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christian Holler, David Keeler, Byron\nCampen, Jethro Beekman, Patrick Cozzi, and Mozilla community member\nJohn as the original reporters of these issues.\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 24.7.0. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 24.7.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-July/020430.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?922c85f1\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-July/020439.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?723d4e74\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-1547\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-24.7.0-1.el5.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-24.7.0-1.el6.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:22:55", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1557"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2996-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nAugust 03, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nCVE ID : CVE-2014-1544 CVE-2014-1547 CVE-2014-1555 CVE-2014-1556 \n CVE-2014-1557\n\nMultiple security issues have been found in Icedove, Debian's version of \nthe Mozilla Thunderbird mail and news client: Multiple memory safety \nerrors and use-after-frees may lead to the execution of arbitrary code \nor denial of service.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 24.7.0-1~deb7u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "modified": "2014-08-03T08:53:00", "published": "2014-08-03T08:53:00", "id": "DEBIAN:DSA-2996-1:8C612", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00178.html", "title": "[SECURITY] [DSA 2996-1] icedove security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:22:34", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1557"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2986-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 23, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceweasel\nCVE ID : CVE-2014-1544 CVE-2014-1547 CVE-2014-1555 CVE-2014-1556 \n CVE-2014-1557\n\nMultiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors and \nuse-after-frees may lead to the execution of arbitrary code or denial\nof service.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 24.7.0esr-1~deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 31.0-1.\n\nWe recommend that you upgrade your iceweasel packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2014-07-23T19:51:09", "published": "2014-07-23T19:51:09", "id": "DEBIAN:DSA-2986-1:01B98", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00168.html", "title": "[SECURITY] [DSA 2986-1] iceweasel security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T01:09:32", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1544"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3071-1 security@debian.org\nhttp://www.debian.org/security/ Sebastien Delafond\nNovember 11, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : nss\nCVE ID : CVE-2014-1544\n\nIn nss, a set of libraries designed to support cross-platform\ndevelopment of security-enabled client and server applications, Tyson\nSmith and Jesse Schwartzentruber discovered a use-after-free\nvulnerability that allows remote attackers to execute arbitrary code by\ntriggering the improper removal of an NSSCertificate structure from a\ntrust domain.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2:3.14.5-1+deb7u3.\n\nFor the upcoming stable distribution (jessie), this problem has been\nfixed in version 2:3.16.3-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:3.16.3-1.\n\nWe recommend that you upgrade your nss packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2014-11-11T21:01:50", "published": "2014-11-11T21:01:50", "id": "DEBIAN:DSA-3071-1:BBA13", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00259.html", "title": "[SECURITY] [DSA 3071-1] nss security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:37:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1557"], "description": "Multiple security issues have been found in Icedove, Debian", "modified": "2019-03-19T00:00:00", "published": "2014-08-03T00:00:00", "id": "OPENVAS:1361412562310702996", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702996", "type": "openvas", "title": "Debian Security Advisory DSA 2996-1 (icedove - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2996.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2996-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702996\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-1544\", \"CVE-2014-1547\", \"CVE-2014-1555\", \"CVE-2014-1556\", \"CVE-2014-1557\");\n script_name(\"Debian Security Advisory DSA 2996-1 (icedove - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-03 00:00:00 +0200 (Sun, 03 Aug 2014)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2996.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"icedove on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 24.7.0-1~deb7u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your icedove packages.\");\n script_tag(name:\"summary\", value:\"Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail and news client: Multiple memory safety\nerrors and use-after-frees may lead to the execution of arbitrary code\nor denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"calendar-timezones\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1557"], "description": "Multiple security issues have been found in Iceweasel, Debian", "modified": "2019-03-19T00:00:00", "published": "2014-07-23T00:00:00", "id": "OPENVAS:1361412562310702986", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702986", "type": "openvas", "title": "Debian Security Advisory DSA 2986-1 (iceweasel - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2986.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2986-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702986\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-1544\", \"CVE-2014-1547\", \"CVE-2014-1555\", \"CVE-2014-1556\", \"CVE-2014-1557\");\n script_name(\"Debian Security Advisory DSA 2986-1 (iceweasel - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-23 00:00:00 +0200 (Wed, 23 Jul 2014)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2986.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"iceweasel on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 24.7.0esr-1~deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 31.0-1.\n\nWe recommend that you upgrade your iceweasel packages.\");\n script_tag(name:\"summary\", value:\"Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors and\nuse-after-frees may lead to the execution of arbitrary code or denial\nof service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ak\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-csb\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ku\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nso\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta-lk\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zu\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmozjs17d\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmozjs17d-dbg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmozjs24d\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmozjs24d-dbg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xulrunner-17.0\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xulrunner-17.0-dbg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xulrunner-24.0\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xulrunner-24.0-dbg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:14:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1557"], "description": "This host is installed with Mozilla Firefox ESR and is prone to multiple\nvulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2014-08-07T00:00:00", "id": "OPENVAS:1361412562310804733", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804733", "type": "openvas", "title": "Mozilla Firefox ESR Multiple Vulnerabilities-01 August14 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_esr_mult_vuln01_aug14_macosx.nasl 39607 2014-08-07 09:58:30Z Aug$\n#\n# Mozilla Firefox ESR Multiple Vulnerabilities-01 August14 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804733\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2014-1547\", \"CVE-2014-1555\", \"CVE-2014-1557\",\n \"CVE-2014-1544\", \"CVE-2014-1556\");\n script_bugtraq_id(68811, 68814, 68824, 68816, 68822);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-08-07 11:22:55 +0530 (Thu, 07 Aug 2014)\");\n script_name(\"Mozilla Firefox ESR Multiple Vulnerabilities-01 August14 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox ESR and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - A use-after-free error related to ordering of control messages for Web Audio.\n\n - A use-after-free error when handling the FireOnStateChange event.\n\n - An unspecified error when using the Cesium JavaScript library to generate\n WebGL content.\nand Some unspecified errors.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to bypass certain security\nrestrictions and compromise a user's system.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version 24.x before 24.7 on Mac OS X\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 24.7 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/59803\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-56.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox-ESR/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(ffVer =~ \"^24\\.\" && version_in_range(version:ffVer,\n test_version:\"24.0\", test_version2:\"24.6\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-08-02T10:49:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1557"], "description": "Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail and news client: Multiple memory safety\nerrors and use-after-frees may lead to the execution of arbitrary code\nor denial of service.", "modified": "2017-07-18T00:00:00", "published": "2014-08-03T00:00:00", "id": "OPENVAS:702996", "href": "http://plugins.openvas.org/nasl.php?oid=702996", "type": "openvas", "title": "Debian Security Advisory DSA 2996-1 (icedove - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2996.nasl 6750 2017-07-18 09:56:47Z teissa $\n# Auto-generated from advisory DSA 2996-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"icedove on Debian Linux\";\ntag_insight = \"Icedove is an unbranded Thunderbird mail client suitable for free\ndistribution. It supports different mail accounts (POP, IMAP, Gmail), has an\nintegrated learning Spam filter, and offers easy organization of mails with\ntagging and virtual folders. Also, more features can be added by installing\nextensions.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 24.7.0-1~deb7u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your icedove packages.\";\ntag_summary = \"Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail and news client: Multiple memory safety\nerrors and use-after-frees may lead to the execution of arbitrary code\nor denial of service.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702996);\n script_version(\"$Revision: 6750 $\");\n script_cve_id(\"CVE-2014-1544\", \"CVE-2014-1547\", \"CVE-2014-1555\", \"CVE-2014-1556\", \"CVE-2014-1557\");\n script_name(\"Debian Security Advisory DSA 2996-1 (icedove - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-18 11:56:47 +0200 (Tue, 18 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-08-03 00:00:00 +0200 (Sun, 03 Aug 2014)\");\n script_tag(name: \"cvss_base\", value:\"10.0\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2996.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-timezones\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-timezones\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-timezones\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-timezones\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"24.7.0-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:48:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1557"], "description": "Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors and\nuse-after-frees may lead to the execution of arbitrary code or denial\nof service.", "modified": "2017-07-12T00:00:00", "published": "2014-07-23T00:00:00", "id": "OPENVAS:702986", "href": "http://plugins.openvas.org/nasl.php?oid=702986", "type": "openvas", "title": "Debian Security Advisory DSA 2986-1 (iceweasel - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2986.nasl 6692 2017-07-12 09:57:43Z teissa $\n# Auto-generated from advisory DSA 2986-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"iceweasel on Debian Linux\";\ntag_insight = \"Iceweasel is Firefox, rebranded. It is a powerful, extensible web browser\nwith support for modern web application technologies.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 24.7.0esr-1~deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 31.0-1.\n\nWe recommend that you upgrade your iceweasel packages.\";\ntag_summary = \"Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors and\nuse-after-frees may lead to the execution of arbitrary code or denial\nof service.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702986);\n script_version(\"$Revision: 6692 $\");\n script_cve_id(\"CVE-2014-1544\", \"CVE-2014-1547\", \"CVE-2014-1555\", \"CVE-2014-1556\", \"CVE-2014-1557\");\n script_name(\"Debian Security Advisory DSA 2986-1 (iceweasel - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-12 11:57:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-07-23 00:00:00 +0200 (Wed, 23 Jul 2014)\");\n script_tag(name: \"cvss_base\", value:\"10.0\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2986.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ak\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-csb\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ku\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nso\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta-lk\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zu\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs17d\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs17d-dbg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs24d\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs24d-dbg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-17.0\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-17.0-dbg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-24.0\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-24.0-dbg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ak\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-csb\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ku\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nso\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta-lk\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zu\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs17d\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs17d-dbg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs24d\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs24d-dbg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-17.0\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-17.0-dbg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-24.0\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-24.0-dbg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ak\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-csb\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ku\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nso\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta-lk\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zu\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs17d\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs17d-dbg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs24d\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs24d-dbg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-17.0\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-17.0-dbg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-24.0\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-24.0-dbg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ak\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-csb\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ku\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nso\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta-lk\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zu\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs17d\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs17d-dbg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs24d\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs24d-dbg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-17.0\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-17.0-dbg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-24.0\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-24.0-dbg\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"24.7.0esr-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-01-31T18:39:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1548", "CVE-2014-1492", "CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1557"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2014-08-05T00:00:00", "id": "OPENVAS:1361412562310850601", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850601", "type": "openvas", "title": "openSUSE: Security Advisory for Mozilla (openSUSE-SU-2014:0950-1)", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850601\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-08-05 16:50:27 +0530 (Tue, 05 Aug 2014)\");\n script_cve_id(\"CVE-2014-1492\", \"CVE-2014-1544\", \"CVE-2014-1547\", \"CVE-2014-1548\",\n \"CVE-2014-1555\", \"CVE-2014-1556\", \"CVE-2014-1557\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"openSUSE: Security Advisory for Mozilla (openSUSE-SU-2014:0950-1)\");\n\n script_tag(name:\"affected\", value:\"Mozilla on openSUSE 11.4\");\n\n script_tag(name:\"insight\", value:\"update to Firefox 24.7.0 and Thunderbird 24.7.0 including fixes for\n\n * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety\n hazards\n\n * MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free with\n FireOnStateChange event\n\n * MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable WebGL crash with\n Cesium JavaScript library\n\n * MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free while when\n manipulating certificates in the trusted cache (solved with NSS 3.16.2\n requirement)\n\n * MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia library when\n scaling high quality images\n\n - require NSS 3.16.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:0950-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Mozilla'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE11\\.4\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE11.4\") {\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~24.7.0~119.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~24.7.0~119.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~24.7.0~119.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~24.7.0~119.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~24.7.0~119.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~24.7.0~119.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~24.7.0~119.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~24.7.0~119.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~24.7.0~101.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-buildsymbols\", rpm:\"MozillaThunderbird-buildsymbols~24.7.0~101.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debuginfo\", rpm:\"MozillaThunderbird-debuginfo~24.7.0~101.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debugsource\", rpm:\"MozillaThunderbird-debugsource~24.7.0~101.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~24.7.0~101.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~24.7.0~101.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~24.7.0~101.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"enigmail\", rpm:\"enigmail~1.7~2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"enigmail-debuginfo\", rpm:\"enigmail-debuginfo~1.7~2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"enigmail-debugsource\", rpm:\"enigmail-debugsource~1.7~2.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo\", rpm:\"libfreebl3-debuginfo~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3\", rpm:\"libsoftokn3~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo\", rpm:\"libsoftokn3-debuginfo~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs\", rpm:\"mozilla-nss-certs~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo\", rpm:\"mozilla-nss-certs-debuginfo~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo\", rpm:\"mozilla-nss-debuginfo~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debugsource\", rpm:\"mozilla-nss-debugsource~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-devel\", rpm:\"mozilla-nss-devel~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit\", rpm:\"mozilla-nss-sysinit~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo\", rpm:\"mozilla-nss-sysinit-debuginfo~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools-debuginfo\", rpm:\"mozilla-nss-tools-debuginfo~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo-32bit\", rpm:\"libfreebl3-debuginfo-32bit~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-32bit\", rpm:\"libsoftokn3-32bit~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-32bit\", rpm:\"libsoftokn3-debuginfo-32bit~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-32bit\", rpm:\"mozilla-nss-certs-32bit~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-32bit\", rpm:\"mozilla-nss-certs-debuginfo-32bit~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-32bit\", rpm:\"mozilla-nss-debuginfo-32bit~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-32bit\", rpm:\"mozilla-nss-sysinit-32bit~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-32bit\", rpm:\"mozilla-nss-sysinit-debuginfo-32bit~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo-x86\", rpm:\"libfreebl3-debuginfo-x86~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-x86\", rpm:\"libfreebl3-x86~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-x86\", rpm:\"libsoftokn3-debuginfo-x86~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-x86\", rpm:\"libsoftokn3-x86~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-x86\", rpm:\"mozilla-nss-certs-debuginfo-x86~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-x86\", rpm:\"mozilla-nss-certs-x86~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-x86\", rpm:\"mozilla-nss-debuginfo-x86~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-x86\", rpm:\"mozilla-nss-sysinit-debuginfo-x86~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-x86\", rpm:\"mozilla-nss-sysinit-x86~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-x86\", rpm:\"mozilla-nss-x86~3.16.3~86.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:14:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1551", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1557"], "description": "This host is installed with Mozilla Firefox ESR and is prone to multiple\nvulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2014-08-07T00:00:00", "id": "OPENVAS:1361412562310804732", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804732", "type": "openvas", "title": "Mozilla Firefox ESR Multiple Vulnerabilities-01 August14 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_esr_mult_vuln01_aug14_win.nasl 39607 2014-08-07 09:58:30Z Aug$\n#\n# Mozilla Firefox ESR Multiple Vulnerabilities-01 August14 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804732\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2014-1547\", \"CVE-2014-1555\", \"CVE-2014-1557\",\n \"CVE-2014-1551\", \"CVE-2014-1544\", \"CVE-2014-1556\");\n script_bugtraq_id(68811, 68814, 68824, 68817, 68816, 68822);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-08-07 10:02:33 +0530 (Thu, 07 Aug 2014)\");\n script_name(\"Mozilla Firefox ESR Multiple Vulnerabilities-01 August14 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox ESR and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - A use-after-free error related to ordering of control messages for Web Audio.\n\n - A use-after-free error in DirectWrite when rendering MathML.\n\n - A use-after-free error when handling the FireOnStateChange event.\n\n - An unspecified error when using the Cesium JavaScript library to generate\n WebGL content.\nand Some unspecified errors.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to bypass certain security\nrestrictions and compromise a user's system.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version 24.x before 24.7 on Windows\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 24.7 or later.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/59803\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/security/announce/2014/mfsa2014-56.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(ffVer =~ \"^24\\.\" && version_in_range(version:ffVer,\n test_version:\"24.0\", test_version2:\"24.6\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1547", "CVE-2014-1557"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-07-28T00:00:00", "id": "OPENVAS:1361412562310871204", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871204", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2014:0918-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2014:0918-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871204\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-28 16:42:15 +0530 (Mon, 28 Jul 2014)\");\n script_cve_id(\"CVE-2014-1547\", \"CVE-2014-1555\", \"CVE-2014-1556\", \"CVE-2014-1557\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for thunderbird RHSA-2014:0918-01\");\n\n\n script_tag(name:\"affected\", value:\"thunderbird on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Christian Holler, David Keeler, Byron Campen, Jethro\nBeekman, Patrick Cozzi, and Mozilla community member John as the original\nreporters of these issues.\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 24.7.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 24.7.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0918-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-July/msg00044.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~24.7.0~1.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~24.7.0~1.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1547", "CVE-2014-1557"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-07-28T00:00:00", "id": "OPENVAS:1361412562310881976", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881976", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2014:0918 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2014:0918 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881976\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-28 16:36:42 +0530 (Mon, 28 Jul 2014)\");\n script_cve_id(\"CVE-2014-1547\", \"CVE-2014-1555\", \"CVE-2014-1556\", \"CVE-2014-1557\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for thunderbird CESA-2014:0918 centos6\");\n\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 6\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Christian Holler, David Keeler, Byron Campen, Jethro\nBeekman, Patrick Cozzi, and Mozilla community member John as the original\nreporters of these issues.\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 24.7.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 24.7.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0918\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-July/020439.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~24.7.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1547", "CVE-2014-1557"], "description": "Oracle Linux Local Security Checks ELSA-2014-0919", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123372", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123372", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0919", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0919.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123372\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:02:55 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0919\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0919 - firefox security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0919\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0919.html\");\n script_cve_id(\"CVE-2014-1547\", \"CVE-2014-1555\", \"CVE-2014-1556\", \"CVE-2014-1557\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~24.7.0~1.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~24.7.0~1.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~24.7.0~1.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~24.7.0~1.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~24.7.0~1.0.1.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:48:08", "bulletinFamily": "info", "cvelist": ["CVE-2014-1548", "CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1551", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1557"], "description": "### *Detect date*:\n07/22/2014\n\n### *Severity*:\nCritical\n\n### *Description*:\nAn unspecified vulnerability was found in Clam Anti-virus. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited locally at a point related to the OLE2 parser via a specially designed file. Below is a complete list of vulnerabilities\n\n### *Affected products*:\nMozilla Firefox ESR 24.6.0 and earlier \nMozilla Firefox 30.0 and earlier \nWaterfox Firefox 30.0 and earlier \nMozilla Thunderbird 30.0 and earlier \nCometBird all versions \n\n### *Solution*:\nUpdate to latest version \n[Thunderbird](<https://www.mozilla.org/en-US/thunderbird/>) \n[Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[MFSA](<https://www.mozilla.org/security/announce/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2014-1547](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1547>) \n[CVE-2014-1548](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1548>) \n[CVE-2014-1555](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1555>) \n[CVE-2014-1551](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1551>) \n[CVE-2014-1544](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544>) \n[CVE-2014-1556](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1556>) \n[CVE-2014-1557](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1557>)", "edition": 27, "modified": "2018-11-15T00:00:00", "published": "2014-07-22T00:00:00", "id": "KLA10119", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10119", "title": "\r KLA10119Multiple vulnerabilities in Mozilla ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2021-02-02T06:14:26", "description": "Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library.", "edition": 6, "cvss3": {}, "published": "2014-07-23T11:12:00", "title": "CVE-2014-1556", "type": "cve", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1556"], "modified": "2017-01-07T02:59:00", "cpe": ["cpe:/a:mozilla:thunderbird:24.3", "cpe:/a:mozilla:thunderbird:24.5", "cpe:/a:mozilla:thunderbird:24.1", "cpe:/a:mozilla:firefox_esr:24.2", "cpe:/a:mozilla:firefox_esr:24.1.0", "cpe:/a:mozilla:firefox:30.0", "cpe:/a:mozilla:thunderbird:24.1.1", "cpe:/a:mozilla:thunderbird:24.2", "cpe:/a:mozilla:firefox_esr:24.3", "cpe:/a:mozilla:thunderbird:24.0.1", "cpe:/a:mozilla:thunderbird:24.0", "cpe:/a:mozilla:firefox_esr:24.6", "cpe:/a:mozilla:firefox_esr:24.4", "cpe:/a:mozilla:firefox_esr:24.0", "cpe:/a:mozilla:thunderbird:24.6", "cpe:/a:mozilla:firefox_esr:24.5", "cpe:/a:mozilla:firefox_esr:24.0.2", "cpe:/a:mozilla:thunderbird:24.4", "cpe:/a:mozilla:firefox_esr:24.0.1", "cpe:/a:mozilla:firefox_esr:24.1.1"], "id": "CVE-2014-1556", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1556", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:thunderbird:24.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:26", "description": "Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event.\n<a href=\"http://cwe.mitre.org/data/definitions/416.html\" target=\"_blank\">CWE-416: Use After Free</a>", "edition": 6, "cvss3": {}, "published": "2014-07-23T11:12:00", "title": "CVE-2014-1555", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1555"], "modified": "2017-01-07T02:59:00", "cpe": ["cpe:/a:mozilla:thunderbird:24.3", "cpe:/a:mozilla:thunderbird:24.5", "cpe:/a:mozilla:thunderbird:24.1", "cpe:/a:mozilla:firefox_esr:24.2", "cpe:/a:mozilla:firefox_esr:24.1.0", "cpe:/a:mozilla:firefox:30.0", "cpe:/a:mozilla:thunderbird:24.1.1", "cpe:/a:mozilla:thunderbird:24.2", "cpe:/a:mozilla:firefox_esr:24.3", "cpe:/a:mozilla:thunderbird:24.0.1", "cpe:/a:mozilla:thunderbird:24.0", "cpe:/a:mozilla:firefox_esr:24.6", "cpe:/a:mozilla:firefox_esr:24.4", "cpe:/a:mozilla:firefox_esr:24.0", "cpe:/a:mozilla:thunderbird:24.6", "cpe:/a:mozilla:firefox_esr:24.5", "cpe:/a:mozilla:firefox_esr:24.0.2", "cpe:/a:mozilla:thunderbird:24.4", "cpe:/a:mozilla:firefox_esr:24.0.1", "cpe:/a:mozilla:firefox_esr:24.1.1"], "id": "CVE-2014-1555", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1555", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:thunderbird:24.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:26", "description": "The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image.", "edition": 6, "cvss3": {}, "published": "2014-07-23T11:12:00", "title": "CVE-2014-1557", "type": "cve", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1557"], "modified": "2017-01-07T02:59:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/a:mozilla:thunderbird:24.3", "cpe:/a:mozilla:thunderbird:24.5", "cpe:/a:mozilla:thunderbird:24.1", "cpe:/a:mozilla:firefox_esr:24.2", "cpe:/a:mozilla:firefox_esr:24.1.0", "cpe:/a:mozilla:firefox:30.0", "cpe:/a:mozilla:thunderbird:24.1.1", "cpe:/a:mozilla:thunderbird:24.2", "cpe:/a:mozilla:firefox_esr:24.3", "cpe:/a:mozilla:thunderbird:24.0.1", "cpe:/a:mozilla:thunderbird:24.0", "cpe:/a:mozilla:firefox_esr:24.6", "cpe:/a:mozilla:firefox_esr:24.4", "cpe:/a:mozilla:firefox_esr:24.0", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:mozilla:thunderbird:24.6", "cpe:/a:mozilla:firefox_esr:24.5", "cpe:/a:mozilla:firefox_esr:24.0.2", "cpe:/a:mozilla:thunderbird:24.4", "cpe:/o:oracle:solaris:11.3", "cpe:/a:mozilla:firefox_esr:24.0.1", "cpe:/a:mozilla:firefox_esr:24.1.1"], "id": "CVE-2014-1557", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1557", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:thunderbird:24.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.2:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:26", "description": "Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.\n<a href=\"http://cwe.mitre.org/data/definitions/416.html\" target=\"_blank\">CWE-416: Use After Free</a>", "edition": 6, "cvss3": {}, "published": "2014-07-23T11:12:00", "title": "CVE-2014-1544", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1544"], "modified": "2017-01-07T02:59:00", "cpe": ["cpe:/a:mozilla:network_security_services:3.15.3", "cpe:/a:mozilla:network_security_services:3.14.5", "cpe:/a:mozilla:network_security_services:3.4.2", "cpe:/a:mozilla:thunderbird:24.3", "cpe:/a:mozilla:network_security_services:3.14.3", "cpe:/a:mozilla:thunderbird:24.5", "cpe:/a:mozilla:thunderbird:24.1", "cpe:/a:mozilla:network_security_services:3.6.1", "cpe:/a:mozilla:network_security_services:3.7.7", "cpe:/a:mozilla:network_security_services:3.14.2", "cpe:/a:mozilla:network_security_services:3.12.4", "cpe:/a:mozilla:firefox_esr:24.2", "cpe:/a:mozilla:network_security_services:3.12.5", "cpe:/a:mozilla:network_security_services:3.3", "cpe:/a:mozilla:network_security_services:3.15.2", "cpe:/a:mozilla:firefox_esr:24.1.0", "cpe:/a:mozilla:network_security_services:3.12.2", "cpe:/a:mozilla:network_security_services:3.15.5", "cpe:/a:mozilla:network_security_services:3.7.3", "cpe:/a:mozilla:network_security_services:3.8", "cpe:/a:mozilla:network_security_services:3.12", "cpe:/a:mozilla:network_security_services:3.12.3.2", "cpe:/a:mozilla:network_security_services:3.12.9", "cpe:/a:mozilla:firefox:30.0", "cpe:/a:mozilla:network_security_services:3.2.1", "cpe:/a:mozilla:network_security_services:3.2", "cpe:/a:mozilla:network_security_services:3.7.5", "cpe:/a:mozilla:network_security_services:3.14.4", "cpe:/a:mozilla:thunderbird:24.1.1", "cpe:/a:mozilla:network_security_services:3.7.2", "cpe:/a:mozilla:network_security_services:3.15.1", "cpe:/a:mozilla:thunderbird:24.2", "cpe:/a:mozilla:network_security_services:3.11.2", "cpe:/a:mozilla:network_security_services:3.14.1", "cpe:/a:mozilla:network_security_services:3.11.3", "cpe:/a:mozilla:firefox_esr:24.3", "cpe:/a:mozilla:network_security_services:3.12.6", "cpe:/a:mozilla:network_security_services:3.12.3.1", "cpe:/a:mozilla:network_security_services:3.9", "cpe:/a:mozilla:thunderbird:24.0.1", "cpe:/a:mozilla:thunderbird:24.0", "cpe:/a:mozilla:firefox_esr:24.6", "cpe:/a:mozilla:network_security_services:3.14", "cpe:/a:mozilla:firefox_esr:24.4", "cpe:/a:mozilla:network_security_services:3.12.1", "cpe:/a:mozilla:network_security_services:3.15.4", "cpe:/a:mozilla:network_security_services:3.3.2", "cpe:/a:mozilla:network_security_services:3.12.3", "cpe:/a:mozilla:firefox_esr:24.0", "cpe:/a:mozilla:network_security_services:3.6", "cpe:/a:mozilla:network_security_services:3.12.11", "cpe:/a:mozilla:network_security_services:3.15.3.1", "cpe:/a:mozilla:network_security_services:3.7.1", "cpe:/a:mozilla:network_security_services:3.16", "cpe:/a:mozilla:network_security_services:3.4.1", "cpe:/a:mozilla:network_security_services:3.3.1", "cpe:/a:mozilla:network_security_services:3.12.7", "cpe:/a:mozilla:network_security_services:3.15", "cpe:/a:mozilla:thunderbird:24.6", "cpe:/a:mozilla:firefox_esr:24.5", "cpe:/a:mozilla:firefox_esr:24.0.2", "cpe:/a:mozilla:network_security_services:3.11.5", "cpe:/a:mozilla:network_security_services:3.4", "cpe:/a:mozilla:thunderbird:24.4", "cpe:/a:mozilla:network_security_services:3.11.4", "cpe:/a:mozilla:firefox_esr:24.0.1", "cpe:/a:mozilla:network_security_services:3.12.10", "cpe:/a:mozilla:firefox_esr:24.1.1", "cpe:/a:mozilla:network_security_services:3.12.8", "cpe:/a:mozilla:network_security_services:3.5", "cpe:/a:mozilla:network_security_services:3.7"], "id": "CVE-2014-1544", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1544", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:network_security_services:3.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.12.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.12.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.12.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.12.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.14.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.12.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.12.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.15.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.12.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.12.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.14.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.15.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.15.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.12.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.12.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.14.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:26", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "edition": 6, "cvss3": {}, "published": "2014-07-23T11:12:00", "title": "CVE-2014-1548", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1548"], "modified": "2017-01-07T02:59:00", "cpe": ["cpe:/a:mozilla:thunderbird:24.3", "cpe:/a:mozilla:thunderbird:24.5", "cpe:/a:mozilla:thunderbird:24.1", "cpe:/a:mozilla:firefox:30.0", "cpe:/a:mozilla:thunderbird:24.1.1", "cpe:/a:mozilla:thunderbird:24.2", "cpe:/a:mozilla:thunderbird:24.0.1", "cpe:/a:mozilla:thunderbird:24.0", "cpe:/a:mozilla:thunderbird:24.6", "cpe:/a:mozilla:thunderbird:24.7", "cpe:/a:mozilla:thunderbird:24.4"], "id": "CVE-2014-1548", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1548", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:thunderbird:24.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:26", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "edition": 6, "cvss3": {}, "published": "2014-07-23T11:12:00", "title": "CVE-2014-1547", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1547"], "modified": "2017-01-07T02:59:00", "cpe": ["cpe:/a:mozilla:thunderbird:24.3", "cpe:/a:mozilla:thunderbird:24.5", "cpe:/a:mozilla:thunderbird:24.1", "cpe:/a:mozilla:firefox_esr:24.2", "cpe:/a:mozilla:firefox_esr:24.1.0", "cpe:/a:mozilla:firefox:30.0", "cpe:/a:mozilla:thunderbird:24.1.1", "cpe:/a:mozilla:thunderbird:24.2", "cpe:/a:mozilla:firefox_esr:24.3", "cpe:/a:mozilla:thunderbird:24.0.1", "cpe:/a:mozilla:thunderbird:24.0", "cpe:/a:mozilla:firefox_esr:24.6", "cpe:/a:mozilla:firefox_esr:24.4", "cpe:/a:mozilla:firefox_esr:24.0", "cpe:/a:mozilla:thunderbird:24.6", "cpe:/a:mozilla:firefox_esr:24.5", "cpe:/a:mozilla:firefox_esr:24.0.2", "cpe:/a:mozilla:thunderbird:24.4", "cpe:/a:mozilla:firefox_esr:24.0.1", "cpe:/a:mozilla:firefox_esr:24.1.1"], "id": "CVE-2014-1547", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1547", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:thunderbird:24.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:24.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:24.0:*:*:*:*:*:*:*"]}], "centos": [{"lastseen": "2019-12-20T18:27:57", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1547", "CVE-2014-1557"], "description": "**CentOS Errata and Security Advisory** CESA-2014:0918\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Christian Holler, David Keeler, Byron Campen, Jethro\nBeekman, Patrick Cozzi, and Mozilla community member John as the original\nreporters of these issues.\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 24.7.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 24.7.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-July/032468.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-July/032477.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0918.html", "edition": 3, "modified": "2014-07-23T03:04:56", "published": "2014-07-23T01:35:12", "href": "http://lists.centos.org/pipermail/centos-announce/2014-July/032468.html", "id": "CESA-2014:0918", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:27:42", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1547", "CVE-2014-1557"], "description": "**CentOS Errata and Security Advisory** CESA-2014:0919\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Christian Holler, David Keeler, Byron Campen, Jethro\nBeekman, Patrick Cozzi, and Mozilla community member John as the original\nreporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 24.7.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 24.7.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-July/032467.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-July/032469.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-July/032476.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2014-0919.html", "edition": 3, "modified": "2014-07-23T03:02:27", "published": "2014-07-23T00:54:07", "href": "http://lists.centos.org/pipermail/centos-announce/2014-July/032467.html", "id": "CESA-2014:0919", "title": "firefox, xulrunner security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2020-10-22T17:07:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1547", "CVE-2014-1557"], "description": "[24.7.0-1.0.1.el6_5]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[24.7.0-1]\n- Update to 24.7.0\n ", "edition": 5, "modified": "2014-07-22T00:00:00", "published": "2014-07-22T00:00:00", "id": "ELSA-2014-0918", "href": "http://linux.oracle.com/errata/ELSA-2014-0918.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:14", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1547", "CVE-2014-1557"], "description": "[24.7.0-1.0.1.el6_5]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one\n[24.7.0-1]\n- Update to 24.7.0 ESR", "edition": 4, "modified": "2014-07-22T00:00:00", "published": "2014-07-22T00:00:00", "id": "ELSA-2014-0919", "href": "http://linux.oracle.com/errata/ELSA-2014-0919.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:44:59", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1547", "CVE-2014-1555", "CVE-2014-1556", "CVE-2014-1557"], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Christian Holler, David Keeler, Byron Campen, Jethro\nBeekman, Patrick Cozzi, and Mozilla community member John as the original\nreporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 24.7.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 24.7.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "modified": "2018-06-06T20:24:32", "published": "2014-07-22T04:00:00", "id": "RHSA-2014:0919", "href": "https://access.redhat.com/errata/RHSA-2014:0919", "type": "redhat", "title": "(RHSA-2014:0919) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:22", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1547", "CVE-2014-1555", "CVE-2014-1556", "CVE-2014-1557"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Christian Holler, David Keeler, Byron Campen, Jethro\nBeekman, Patrick Cozzi, and Mozilla community member John as the original\nreporters of these issues.\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 24.7.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 24.7.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n", "modified": "2018-06-06T20:24:07", "published": "2014-07-22T04:00:00", "id": "RHSA-2014:0918", "href": "https://access.redhat.com/errata/RHSA-2014:0918", "type": "redhat", "title": "(RHSA-2014:0918) Important: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:42", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1544"], "description": "Network Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Netscape Portable Runtime (NSPR) provides platform\nindependence for non-GUI operating system facilities.\n\nA race condition was found in the way NSS verified certain certificates.\nA remote attacker could use this flaw to crash an application using NSS or,\npossibly, execute arbitrary code with the privileges of the user running\nthat application. (CVE-2014-1544)\n\nRed Hat would like to thank the Mozilla project for reporting\nCVE-2014-1544. Upstream acknowledges Tyson Smith and Jesse Schwartzentruber\nas the original reporters.\n\nUsers of NSS and NSPR are advised to upgrade to these updated packages,\nwhich correct this issue. After installing this update, applications using\nNSS or NSPR must be restarted for this update to take effect.\n", "modified": "2018-04-12T03:32:55", "published": "2014-07-22T04:00:00", "id": "RHSA-2014:0916", "href": "https://access.redhat.com/errata/RHSA-2014:0916", "type": "redhat", "title": "(RHSA-2014:0916) Critical: nss and nspr security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:59", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1544"], "description": "Network Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Netscape Portable Runtime (NSPR) provides platform\nindependence for non-GUI operating system facilities.\n\nA race condition was found in the way NSS verified certain certificates.\nA remote attacker could use this flaw to crash an application using NSS or,\npossibly, execute arbitrary code with the privileges of the user running\nthat application. (CVE-2014-1544)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\nUpstream acknowledges Tyson Smith and Jesse Schwartzentruber as the\noriginal reporters.\n\nAll NSS users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, applications using NSS must be restarted for this update to take\neffect.\n", "modified": "2017-09-08T11:57:13", "published": "2014-09-08T04:00:00", "id": "RHSA-2014:1165", "href": "https://access.redhat.com/errata/RHSA-2014:1165", "type": "redhat", "title": "(RHSA-2014:1165) Critical: nss security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:37:07", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1559", "CVE-2014-1548", "CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1558", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1552", "CVE-2014-1549", "CVE-2014-1557", "CVE-2014-1550", "CVE-2014-1560", "CVE-2014-1561"], "description": "Christian Holler, David Keeler, Byron Campen, Gary Kwong, Jesse Ruderman, \nAndrew McCreight, Alon Zakai, Bobby Holley, Jonathan Watt, Shu-yu Guo, \nSteve Fink, Terrence Cole, Gijs Kruitbosch and C\u0103t\u0103lin Badea discovered \nmultiple memory safety issues in Firefox. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthese to cause a denial of service via application crash, or execute \narbitrary code with the privileges of the user invoking Firefox. \n(CVE-2014-1547, CVE-2014-1548)\n\nAtte Kettunen discovered a buffer overflow when interacting with WebAudio \nbuffers. An attacker could potentially exploit this to cause a denial of \nservice via application crash or execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2014-1549)\n\nAtte Kettunen discovered a use-after-free in WebAudio. An attacker could \npotentially exploit this to cause a denial of service via application \ncrash or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2014-1550)\n\nDavid Chan and Gijs Kruitbosch discovered that web content could spoof \nUI customization events in some circumstances, resulting in a limited \nability to move UI icons. (CVE-2014-1561)\n\nJethro Beekman discovered a use-after-free when the FireOnStateChange \nevent is triggered in some circumstances. An attacker could potentially \nexploit this to cause a denial of service via application crash or \nexecute arbitrary code with the priviliges of the user invoking Firefox. \n(CVE-2014-1555)\n\nPatrick Cozzi discovered a crash when using the Cesium JS library to \ngenerate WebGL content. An attacker could potentially exploit this to \nexecute arbitrary code with the privilges of the user invoking Firefox. \n(CVE-2014-1556)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in \nCERT_DestroyCertificate. An attacker could potentially exploit this to \ncause a denial of service via application crash or execute arbitrary \ncode with the privileges of the user invoking Firefox. (CVE-2014-1544)\n\nA crash was discovered in Skia when scaling an image, if the scaling \noperation takes too long. An attacker could potentially exploit this to \nexecute arbitrary code with the privileges of the user invoking Firefox. \n(CVE-2014-1557)\n\nChristian Holler discovered several issues when parsing certificates \nwith non-standard character encoding, resulting in the inability to \nuse valid SSL certificates in some circumstances. (CVE-2014-1558, \nCVE-2014-1559, CVE-2014-1560)\n\nBoris Zbarsky discovered that network redirects could cause an iframe \nto escape the confinements defined by its sandbox attribute in \nsome circumstances. An attacker could potentially exploit this to \nconduct cross-site scripting attacks. (CVE-2014-1552)", "edition": 68, "modified": "2014-07-22T00:00:00", "published": "2014-07-22T00:00:00", "id": "USN-2295-1", "href": "https://ubuntu.com/security/notices/USN-2295-1", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:39:40", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1559", "CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1558", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1552", "CVE-2014-1549", "CVE-2014-1557", "CVE-2014-1550", "CVE-2014-1560"], "description": "Christian Holler, David Keeler and Byron Campen discovered multiple memory \nsafety issues in Thunderbird. If a user were tricked in to opening a \nspecially crafted message with scripting enabled, an attacker could \npotentially exploit these to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nThunderbird. (CVE-2014-1547)\n\nAtte Kettunen discovered a buffer overflow when interacting with WebAudio \nbuffers. If a user had enabled scripting, an attacker could potentially \nexploit this to cause a denial of service via application crash or execute \narbitrary code with the privileges of the user invoking Thunderbird. \n(CVE-2014-1549)\n\nAtte Kettunen discovered a use-after-free in WebAudio. If a user had \nenabled scripting, an attacker could potentially exploit this to cause a \ndenial of service via application crash or execute arbitrary code with the \nprivileges of the user invoking Thunderbird. (CVE-2014-1550)\n\nJethro Beekman discovered a use-after-free when the FireOnStateChange \nevent is triggered in some circumstances. If a user had enabled scripting, \nan attacker could potentially exploit this to cause a denial of service \nvia application crash or execute arbitrary code with the priviliges of \nthe user invoking Thunderbird. (CVE-2014-1555)\n\nPatrick Cozzi discovered a crash when using the Cesium JS library to \ngenerate WebGL content. If a user had enabled scripting, an attacker could \npotentially exploit this to execute arbitrary code with the privilges of \nthe user invoking Thunderbird. (CVE-2014-1556)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in \nCERT_DestroyCertificate. If a user had enabled scripting, an attacker \ncould potentially exploit this to cause a denial of service via \napplication crash or execute arbitrary code with the privileges of the \nuser invoking Thunderbird. (CVE-2014-1544)\n\nA crash was discovered in Skia when scaling an image, if the scaling \noperation takes too long. If a user had enabled scripting, an attacker \ncould potentially exploit this to execute arbitrary code with the \nprivileges of the user invoking Thunderbird. (CVE-2014-1557)\n\nChristian Holler discovered several issues when parsing certificates \nwith non-standard character encoding, resulting in the inability to \nuse valid SSL certificates in some circumstances. (CVE-2014-1558, \nCVE-2014-1559, CVE-2014-1560)\n\nBoris Zbarsky discovered that network redirects could cause an iframe \nto escape the confinements defined by its sandbox attribute in some \ncircumstances. If a user had enabled scripting, an attacker could \npotentially exploit this to conduct cross-site scripting attacks. \n(CVE-2014-1552)", "edition": 5, "modified": "2014-07-22T00:00:00", "published": "2014-07-22T00:00:00", "id": "USN-2296-1", "href": "https://ubuntu.com/security/notices/USN-2296-1", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:26", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1559", "CVE-2014-1548", "CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1558", "CVE-2014-1551", "CVE-2014-1547", "CVE-2014-1544", "CVE-2014-1552", "CVE-2014-1549", "CVE-2014-1557", "CVE-2014-1550", "CVE-2014-1560", "CVE-2014-1561"], "description": "\nThe Mozilla Project reports:\n\nMFSA 2014-66 IFRAME sandbox same-origin access through\n\t redirect\nMFSA 2014-65 Certificate parsing broken by non-standard\n\t character encoding\nMFSA 2014-64 Crash in Skia library when scaling high\n\t quality images\nMFSA 2014-63 Use-after-free while when manipulating\n\t certificates in the trusted cache\nMFSA 2014-62 Exploitable WebGL crash with Cesium\n\t JavaScript library\nMFSA 2014-61 Use-after-free with FireOnStateChange\n\t event\nMFSA 2014-60 Toolbar dialog customization event\n\t spoofing\nMFSA 2014-59 Use-after-free in DirectWrite font\n\t handling\nMFSA 2014-58 Use-after-free in Web Audio due to\n\t incorrect control message ordering\nMFSA 2014-57 Buffer overflow during Web Audio\n\t buffering for playback\nMFSA 2014-56 Miscellaneous memory safety hazards\n\t (rv:31.0 / rv:24.7)\n\n", "edition": 4, "modified": "2014-07-22T00:00:00", "published": "2014-07-22T00:00:00", "id": "978B0F76-122D-11E4-AFE3-BC5FF4FB5E7B", "href": "https://vuxml.freebsd.org/freebsd/978b0f76-122d-11e4-afe3-bc5ff4fb5e7b.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mozilla": [{"lastseen": "2016-09-05T13:37:41", "bulletinFamily": "software", "cvelist": ["CVE-2014-1548", "CVE-2014-1547"], "edition": 1, "description": "Mozilla developers and community identified identified and fixed several\nmemory safety bugs in the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.\nIn general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.", "modified": "2014-07-22T00:00:00", "published": "2014-07-22T00:00:00", "id": "MFSA2014-56", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2014-56/", "type": "mozilla", "title": "Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-05T13:37:52", "bulletinFamily": "software", "cvelist": ["CVE-2014-1556"], "description": "Developer Patrick Cozzi reported a crash in some\ncircumstances when using the Cesium JavaScript library to generate WebGL\ncontent. Mozilla developers determined that this crash is potentially\nexploitable.\n\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "edition": 1, "modified": "2014-07-22T00:00:00", "published": "2014-07-22T00:00:00", "id": "MFSA2014-62", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2014-62/", "type": "mozilla", "title": "Exploitable WebGL crash with Cesium JavaScript library", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-05T13:37:50", "bulletinFamily": "software", "cvelist": ["CVE-2014-1555"], "description": "Security researcher Jethro Beekman of the University of\nCalifornia, Berkeley reported a crash when the FireOnStateChange\nevent is triggered in some circumstances. This leads to a use-after-free and a\npotentially exploitable crash when it occurs.\n\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "edition": 1, "modified": "2014-07-22T00:00:00", "published": "2014-07-22T00:00:00", "id": "MFSA2014-61", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2014-61/", "type": "mozilla", "title": "Use-after-free with FireOnStateChange event", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-05T13:37:41", "bulletinFamily": "software", "cvelist": ["CVE-2014-1544"], "edition": 1, "description": "Security researchers Tyson Smith and Jesse\nSchwartzentruber used the Address Sanitizer tool while fuzzing to\ndiscover a use-after-free error resulting in a crash. This is a result of a pair\nof NSSCertificate structures being added to a trust domain and then\none of them is removed while they are still in use by the trusted cache. This\ncrash is potentially exploitable.\n\nThis issue was addressed in the Network Security Services (NSS) library in version 3.16.2, \nshipping on affected platforms.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "modified": "2014-07-22T00:00:00", "published": "2014-07-22T00:00:00", "id": "MFSA2014-63", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2014-63/", "type": "mozilla", "title": "Use-after-free while when manipulating certificates in the trusted cache", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:56", "bulletinFamily": "software", "cvelist": ["CVE-2014-1559", "CVE-2014-1548", "CVE-2014-1556", "CVE-2014-1555", "CVE-2014-1558", "CVE-2014-1551", "CVE-2014-1547", "CVE-2014-1552", "CVE-2014-1549", "CVE-2014-1554", "CVE-2014-1557", "CVE-2014-1550", "CVE-2014-1560", "CVE-2014-1561"], "description": "Multiple memory corruptions and buffer overflows.", "edition": 1, "modified": "2014-07-28T00:00:00", "published": "2014-07-28T00:00:00", "id": "SECURITYVULNS:VULN:13890", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13890", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2020-11-10T12:35:45", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1544"], "description": "**Issue Overview:**\n\nUse-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.\n\n \n**Affected Packages:** \n\n\nnss\n\n \n**Issue Correction:** \nRun _yum update nss_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n nss-tools-3.16.0-1.36.amzn1.i686 \n nss-devel-3.16.0-1.36.amzn1.i686 \n nss-sysinit-3.16.0-1.36.amzn1.i686 \n nss-debuginfo-3.16.0-1.36.amzn1.i686 \n nss-3.16.0-1.36.amzn1.i686 \n nss-pkcs11-devel-3.16.0-1.36.amzn1.i686 \n \n src: \n nss-3.16.0-1.36.amzn1.src \n \n x86_64: \n nss-tools-3.16.0-1.36.amzn1.x86_64 \n nss-debuginfo-3.16.0-1.36.amzn1.x86_64 \n nss-sysinit-3.16.0-1.36.amzn1.x86_64 \n nss-pkcs11-devel-3.16.0-1.36.amzn1.x86_64 \n nss-3.16.0-1.36.amzn1.x86_64 \n nss-devel-3.16.0-1.36.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2014-07-23T14:08:00", "published": "2014-07-23T14:08:00", "id": "ALAS-2014-385", "href": "https://alas.aws.amazon.com/ALAS-2014-385.html", "title": "Critical: nss", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}