Fedora Update for thunderbird-enigmail FEDORA-2014-9954
2014-09-10T00:00:00
ID OPENVAS:1361412562310868176 Type openvas Reporter Copyright (C) 2014 Greenbone Networks GmbH Modified 2019-03-15T00:00:00
Description
The remote host is missing an update for the
###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for thunderbird-enigmail FEDORA-2014-9954
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.868176");
script_version("$Revision: 14223 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $");
script_tag(name:"creation_date", value:"2014-09-10 06:18:59 +0200 (Wed, 10 Sep 2014)");
script_cve_id("CVE-2014-5369");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_name("Fedora Update for thunderbird-enigmail FEDORA-2014-9954");
script_tag(name:"affected", value:"thunderbird-enigmail on Fedora 19");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"FEDORA", value:"2014-9954");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/137338.html");
script_tag(name:"summary", value:"The remote host is missing an update for the 'thunderbird-enigmail'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC19");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "FC19")
{
if ((res = isrpmvuln(pkg:"thunderbird-enigmail", rpm:"thunderbird-enigmail~1.7.2~1.fc19", rls:"FC19")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310868176", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for thunderbird-enigmail FEDORA-2014-9954", "description": "The remote host is missing an update for the ", "published": "2014-09-10T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868176", "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "references": ["2014-9954", "https://lists.fedoraproject.org/pipermail/package-announce/2014-September/137338.html"], "cvelist": ["CVE-2014-5369"], "lastseen": "2019-05-29T18:37:13", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-5369", "CVE-2014-9954"]}, {"type": "nessus", "idList": ["FEDORA_2014-9944.NASL", "FEDORA_2014-9919.NASL", "OPENSUSE-2014-529.NASL", "FEDORA_2014-9954.NASL", "GENTOO_GLSA-201504-01.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121368", "OPENVAS:1361412562310868174"]}, {"type": "gentoo", "idList": ["GLSA-201504-01"]}], "modified": "2019-05-29T18:37:13", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2019-05-29T18:37:13", "rev": 2}, "vulnersScore": 6.1}, "pluginID": "1361412562310868176", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for thunderbird-enigmail FEDORA-2014-9954\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868176\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-09-10 06:18:59 +0200 (Wed, 10 Sep 2014)\");\n script_cve_id(\"CVE-2014-5369\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for thunderbird-enigmail FEDORA-2014-9954\");\n script_tag(name:\"affected\", value:\"thunderbird-enigmail on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-9954\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/137338.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird-enigmail'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird-enigmail\", rpm:\"thunderbird-enigmail~1.7.2~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "naslFamily": "Fedora Local Security Checks"}
{"cve": [{"lastseen": "2020-10-03T12:01:19", "description": "Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network.", "edition": 3, "cvss3": {}, "published": "2014-09-08T14:55:00", "title": "CVE-2014-5369", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5369"], "modified": "2016-12-22T02:59:00", "cpe": ["cpe:/a:enigmail:enigmail:1.7", "cpe:/a:enigmail:enigmail:1.7.2"], "id": "CVE-2014-5369", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5369", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:enigmail:enigmail:1.7:*:*:*:*:*:*:*", "cpe:2.3:a:enigmail:enigmail:1.7.2:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:37:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5369"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-09-10T00:00:00", "id": "OPENVAS:1361412562310868174", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868174", "type": "openvas", "title": "Fedora Update for thunderbird-enigmail FEDORA-2014-9944", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for thunderbird-enigmail FEDORA-2014-9944\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868174\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-09-10 06:18:57 +0200 (Wed, 10 Sep 2014)\");\n script_cve_id(\"CVE-2014-5369\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for thunderbird-enigmail FEDORA-2014-9944\");\n script_tag(name:\"affected\", value:\"thunderbird-enigmail on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-9944\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/137406.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird-enigmail'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird-enigmail\", rpm:\"thunderbird-enigmail~1.7.2~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0824", "CVE-2014-1505", "CVE-2014-1536", "CVE-2014-1577", "CVE-2014-1513", "CVE-2013-5601", "CVE-2013-5612", "CVE-2015-0831", "CVE-2013-5595", "CVE-2014-1530", "CVE-2014-1590", "CVE-2014-1586", "CVE-2014-1583", "CVE-2015-0832", "CVE-2013-5616", "CVE-2013-5607", "CVE-2014-1510", "CVE-2014-1566", "CVE-2013-5598", "CVE-2013-5613", "CVE-2014-1522", "CVE-2014-1587", "CVE-2014-1567", "CVE-2014-1481", "CVE-2014-1539", "CVE-2014-1487", "CVE-2015-0825", "CVE-2014-1594", "CVE-2014-1538", "CVE-2013-5609", "CVE-2015-0821", "CVE-2014-1525", "CVE-2013-5619", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1559", "CVE-2014-1537", "CVE-2014-1582", "CVE-2014-1523", "CVE-2014-1576", "CVE-2014-8631", "CVE-2013-5615", "CVE-2014-1529", "CVE-2015-0828", "CVE-2013-5597", "CVE-2014-1543", "CVE-2014-1486", "CVE-2013-5590", "CVE-2013-5605", "CVE-2013-5610", "CVE-2014-1532", "CVE-2013-6671", "CVE-2014-1548", "CVE-2014-1584", "CVE-2014-1588", "CVE-2015-0826", "CVE-2014-1531", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1542", "CVE-2014-1477", "CVE-2014-1578", "CVE-2013-1741", "CVE-2014-1540", "CVE-2014-1534", "CVE-2014-8642", "CVE-2014-1482", "CVE-2014-8637", "CVE-2014-1479", "CVE-2014-1504", "CVE-2014-8636", "CVE-2014-1580", "CVE-2014-1511", "CVE-2015-0819", "CVE-2014-1520", "CVE-2015-0834", "CVE-2014-1545", "CVE-2013-5592", "CVE-2014-1492", "CVE-2014-1556", "CVE-2013-5606", "CVE-2015-0818", "CVE-2014-1563", "CVE-2014-1524", "CVE-2014-8632", "CVE-2014-1512", "CVE-2014-1581", "CVE-2013-5604", "CVE-2014-1514", "CVE-2014-1592", "CVE-2014-8641", "CVE-2014-1490", "CVE-2015-0835", "CVE-2014-1498", "CVE-2014-1589", "CVE-2014-1565", "CVE-2014-1568", "CVE-2014-1555", "CVE-2014-1564", "CVE-2014-1574", "CVE-2014-1558", "CVE-2014-1551", "CVE-2014-1519", "CVE-2014-1547", "CVE-2014-1480", "CVE-2014-5369", "CVE-2014-1500", "CVE-2014-1497", "CVE-2013-5596", "CVE-2014-1478", "CVE-2014-1485", "CVE-2015-0817", "CVE-2014-1493", "CVE-2014-1544", "CVE-2014-8634", "CVE-2013-2566", "CVE-2015-0823", "CVE-2013-5603", "CVE-2013-6673", "CVE-2014-1562", "CVE-2015-0836", "CVE-2014-1541", "CVE-2014-1488", "CVE-2014-1552", "CVE-2013-5599", "CVE-2014-1553", "CVE-2014-8639", "CVE-2015-0829", "CVE-2014-1549", "CVE-2013-5591", "CVE-2013-5602", "CVE-2015-0822", "CVE-2014-1496", "CVE-2014-1554", "CVE-2015-0830", "CVE-2015-0827", "CVE-2014-8640", "CVE-2014-1557", "CVE-2014-1526", "CVE-2013-5593", "CVE-2014-1550", "CVE-2014-1533", "CVE-2014-1491", "CVE-2013-6672", "CVE-2013-5614", "CVE-2014-1575", "CVE-2014-8635", "CVE-2014-8638", "CVE-2014-1560", "CVE-2014-1585", "CVE-2014-1483", "CVE-2014-1489", "CVE-2014-1591", "CVE-2014-1593", "CVE-2015-0820", "CVE-2013-5600", "CVE-2014-1499", "CVE-2014-1518", "CVE-2014-1561", "CVE-2015-0833", "CVE-2013-5618"], "description": "Gentoo Linux Local Security Checks GLSA 201504-01", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121368", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121368", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201504-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201504-01.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121368\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:42 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201504-01\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201504-01\");\n script_cve_id(\"CVE-2013-1741\", \"CVE-2013-2566\", \"CVE-2013-5590\", \"CVE-2013-5591\", \"CVE-2013-5592\", \"CVE-2013-5593\", \"CVE-2013-5595\", \"CVE-2013-5596\", \"CVE-2013-5597\", \"CVE-2013-5598\", \"CVE-2013-5599\", \"CVE-2013-5600\", \"CVE-2013-5601\", \"CVE-2013-5602\", \"CVE-2013-5603\", \"CVE-2013-5604\", \"CVE-2013-5605\", \"CVE-2013-5606\", \"CVE-2013-5607\", \"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\", \"CVE-2014-1477\", \"CVE-2014-1478\", \"CVE-2014-1479\", \"CVE-2014-1480\", \"CVE-2014-1481\", \"CVE-2014-1482\", \"CVE-2014-1483\", \"CVE-2014-1485\", \"CVE-2014-1486\", \"CVE-2014-1487\", \"CVE-2014-1488\", \"CVE-2014-1489\", \"CVE-2014-1490\", \"CVE-2014-1491\", \"CVE-2014-1492\", \"CVE-2014-1493\", \"CVE-2014-1494\", \"CVE-2014-1496\", \"CVE-2014-1497\", \"CVE-2014-1498\", \"CVE-2014-1499\", \"CVE-2014-1500\", \"CVE-2014-1502\", \"CVE-2014-1504\", \"CVE-2014-1505\", \"CVE-2014-1508\", \"CVE-2014-1509\", \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\", \"CVE-2014-1513\", \"CVE-2014-1514\", \"CVE-2014-1518\", \"CVE-2014-1519\", \"CVE-2014-1520\", \"CVE-2014-1522\", \"CVE-2014-1523\", \"CVE-2014-1524\", \"CVE-2014-1525\", \"CVE-2014-1526\", \"CVE-2014-1529\", \"CVE-2014-1530\", \"CVE-2014-1531\", \"CVE-2014-1532\", \"CVE-2014-1533\", \"CVE-2014-1534\", \"CVE-2014-1536\", \"CVE-2014-1537\", \"CVE-2014-1538\", \"CVE-2014-1539\", \"CVE-2014-1540\", \"CVE-2014-1541\", \"CVE-2014-1542\", \"CVE-2014-1543\", \"CVE-2014-1544\", \"CVE-2014-1545\", \"CVE-2014-1547\", \"CVE-2014-1548\", \"CVE-2014-1549\", \"CVE-2014-1550\", \"CVE-2014-1551\", \"CVE-2014-1552\", \"CVE-2014-1553\", \"CVE-2014-1554\", \"CVE-2014-1555\", \"CVE-2014-1556\", \"CVE-2014-1557\", \"CVE-2014-1558\", \"CVE-2014-1559\", \"CVE-2014-1560\", \"CVE-2014-1561\", \"CVE-2014-1562\", \"CVE-2014-1563\", \"CVE-2014-1564\", \"CVE-2014-1565\", \"CVE-2014-1566\", \"CVE-2014-1567\", \"CVE-2014-1568\", \"CVE-2014-1574\", \"CVE-2014-1575\", \"CVE-2014-1576\", \"CVE-2014-1577\", \"CVE-2014-1578\", \"CVE-2014-1580\", \"CVE-2014-1581\", \"CVE-2014-1582\", \"CVE-2014-1583\", \"CVE-2014-1584\", \"CVE-2014-1585\", \"CVE-2014-1586\", \"CVE-2014-1587\", \"CVE-2014-1588\", \"CVE-2014-1589\", \"CVE-2014-1590\", \"CVE-2014-1591\", \"CVE-2014-1592\", \"CVE-2014-1593\", \"CVE-2014-1594\", \"CVE-2014-5369\", \"CVE-2014-8631\", \"CVE-2014-8632\", \"CVE-2014-8634\", \"CVE-2014-8635\", \"CVE-2014-8636\", \"CVE-2014-8637\", \"CVE-2014-8638\", \"CVE-2014-8639\", \"CVE-2014-8640\", \"CVE-2014-8641\", \"CVE-2014-8642\", \"CVE-2015-0817\", \"CVE-2015-0818\", \"CVE-2015-0819\", \"CVE-2015-0820\", \"CVE-2015-0821\", \"CVE-2015-0822\", \"CVE-2015-0823\", \"CVE-2015-0824\", \"CVE-2015-0825\", \"CVE-2015-0826\", \"CVE-2015-0827\", \"CVE-2015-0828\", \"CVE-2015-0829\", \"CVE-2015-0830\", \"CVE-2015-0831\", \"CVE-2015-0832\", \"CVE-2015-0833\", \"CVE-2015-0834\", \"CVE-2015-0835\", \"CVE-2015-0836\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201504-01\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-client/firefox\", unaffected: make_list(\"ge 31.5.3\"), vulnerable: make_list(\"lt 31.5.3\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-client/firefox-bin\", unaffected: make_list(\"ge 31.5.3\"), vulnerable: make_list(\"lt 31.5.3\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"mail-client/thunderbird\", unaffected: make_list(\"ge 31.5.0\"), vulnerable: make_list(\"lt 31.5.0\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"mail-client/thunderbird-bin\", unaffected: make_list(\"ge 31.5.0\"), vulnerable: make_list(\"lt 31.5.0\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-client/seamonkey\", unaffected: make_list(\"ge 2.33.1\"), vulnerable: make_list(\"lt 2.33.1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-client/seamonkey-bin\", unaffected: make_list(\"ge 2.33.1\"), vulnerable: make_list(\"lt 2.33.1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/nspr\", unaffected: make_list(\"ge 4.10.6\"), vulnerable: make_list(\"lt 4.10.6\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5369"], "description": "Enigmail is an extension to the mail client Mozilla Thunderbird which allows users to access the authentication and encryption features provided by GnuPG ", "modified": "2014-09-09T22:21:30", "published": "2014-09-09T22:21:30", "id": "FEDORA:B51AA22FE5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: thunderbird-enigmail-1.7.2-1.fc20", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5369"], "description": "Enigmail is an extension to the mail client Mozilla Thunderbird which allows users to access the authentication and encryption features provided by GnuPG ", "modified": "2014-09-09T22:12:46", "published": "2014-09-09T22:12:46", "id": "FEDORA:0CD2E22029", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: thunderbird-enigmail-1.7.2-1.fc19", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5369"], "description": "Enigmail is an extension to the mail client Mozilla Thunderbird which allows users to access the authentication and encryption features provided by GnuPG ", "modified": "2014-09-23T04:28:59", "published": "2014-09-23T04:28:59", "id": "FEDORA:8C0C02216A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: thunderbird-enigmail-1.7.2-1.fc21", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-12T10:13:09", "description": "Upstream annoncement :\n\n - This is a bugfix release, fixing several major issues\n found in v1.7.\n\n - A security bug (CVE-2014-5369) has been fixed.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2014-09-23T00:00:00", "title": "Fedora 21 : thunderbird-enigmail-1.7.2-1.fc21 (2014-9919)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5369"], "modified": "2014-09-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:thunderbird-enigmail", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2014-9919.NASL", "href": "https://www.tenable.com/plugins/nessus/77800", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-9919.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77800);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-5369\");\n script_bugtraq_id(69349);\n script_xref(name:\"FEDORA\", value:\"2014-9919\");\n\n script_name(english:\"Fedora 21 : thunderbird-enigmail-1.7.2-1.fc21 (2014-9919)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream annoncement :\n\n - This is a bugfix release, fixing several major issues\n found in v1.7.\n\n - A security bug (CVE-2014-5369) has been fixed.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1133373\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138001.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3873ccfe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird-enigmail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:thunderbird-enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"thunderbird-enigmail-1.7.2-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird-enigmail\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:13:09", "description": "Upstream annoncement :\n\n - This is a bugfix release, fixing several major issues\n found in v1.7.\n\n - A security bug (CVE-2014-5369) has been fixed.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2014-09-10T00:00:00", "title": "Fedora 19 : thunderbird-enigmail-1.7.2-1.fc19 (2014-9954)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5369"], "modified": "2014-09-10T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:thunderbird-enigmail", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-9954.NASL", "href": "https://www.tenable.com/plugins/nessus/77595", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-9954.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77595);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-5369\");\n script_bugtraq_id(69349);\n script_xref(name:\"FEDORA\", value:\"2014-9954\");\n\n script_name(english:\"Fedora 19 : thunderbird-enigmail-1.7.2-1.fc19 (2014-9954)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream annoncement :\n\n - This is a bugfix release, fixing several major issues\n found in v1.7.\n\n - A security bug (CVE-2014-5369) has been fixed.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1133373\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-September/137338.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?08186f02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird-enigmail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:thunderbird-enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"thunderbird-enigmail-1.7.2-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird-enigmail\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:13:09", "description": "Upstream annoncement :\n\n - This is a bugfix release, fixing several major issues\n found in v1.7.\n\n - A security bug (CVE-2014-5369) has been fixed.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2014-09-10T00:00:00", "title": "Fedora 20 : thunderbird-enigmail-1.7.2-1.fc20 (2014-9944)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5369"], "modified": "2014-09-10T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:thunderbird-enigmail", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-9944.NASL", "href": "https://www.tenable.com/plugins/nessus/77594", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-9944.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77594);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-5369\");\n script_bugtraq_id(69349);\n script_xref(name:\"FEDORA\", value:\"2014-9944\");\n\n script_name(english:\"Fedora 20 : thunderbird-enigmail-1.7.2-1.fc20 (2014-9944)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream annoncement :\n\n - This is a bugfix release, fixing several major issues\n found in v1.7.\n\n - A security bug (CVE-2014-5369) has been fixed.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1133373\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-September/137406.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f5fab1f3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird-enigmail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:thunderbird-enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"thunderbird-enigmail-1.7.2-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird-enigmail\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-20T12:27:53", "description": "enigmail was updated to version 1.7.2 (bnc#893330)\n\n - bugfix release which contains several bugfixes including\n mail with only Bcc recipients sent in plain text\n (CVE-2014-5369)", "edition": 18, "published": "2014-09-09T00:00:00", "title": "openSUSE Security Update : enigmail (openSUSE-SU-2014:1096-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5369"], "modified": "2014-09-09T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:enigmail-debugsource", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:enigmail", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:enigmail-debuginfo"], "id": "OPENSUSE-2014-529.NASL", "href": "https://www.tenable.com/plugins/nessus/77565", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-529.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77565);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-5369\");\n\n script_name(english:\"openSUSE Security Update : enigmail (openSUSE-SU-2014:1096-1)\");\n script_summary(english:\"Check for the openSUSE-2014-529 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"enigmail was updated to version 1.7.2 (bnc#893330)\n\n - bugfix release which contains several bugfixes including\n mail with only Bcc recipients sent in plain text\n (CVE-2014-5369)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=893330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-09/msg00008.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected enigmail packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"enigmail-1.7.2-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"enigmail-debuginfo-1.7.2-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"enigmail-debugsource-1.7.2-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"enigmail-1.7.2-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"enigmail-debuginfo-1.7.2-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"enigmail-debugsource-1.7.2-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"enigmail\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T11:04:35", "description": "The remote host is affected by the vulnerability described in GLSA-201504-01\n(Mozilla Products: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Firefox, Thunderbird,\n and SeaMonkey. Please review the CVE identifiers referenced below for\n details.\n \nImpact :\n\n A remote attacker could entice a user to view a specially crafted web\n page or email, possibly resulting in execution of arbitrary code or a\n Denial of Service condition. Furthermore, a remote attacker may be able\n to perform Man-in-the-Middle attacks, obtain sensitive information, spoof\n the address bar, conduct clickjacking attacks, bypass security\n restrictions and protection mechanisms, or have other unspecified\n impact.\n \nWorkaround :\n\n There are no known workarounds at this time.", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-04-08T00:00:00", "title": "GLSA-201504-01 : Mozilla Products: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0824", "CVE-2014-1505", "CVE-2014-1536", "CVE-2014-1577", "CVE-2014-1513", "CVE-2013-5601", "CVE-2013-5612", "CVE-2015-0831", "CVE-2013-5595", "CVE-2014-1530", "CVE-2014-1590", "CVE-2014-1586", "CVE-2014-1583", "CVE-2015-0832", "CVE-2013-5616", "CVE-2013-5607", "CVE-2014-1510", "CVE-2014-1566", "CVE-2013-5598", "CVE-2013-5613", "CVE-2014-1522", "CVE-2014-1587", "CVE-2014-1567", "CVE-2014-1481", "CVE-2014-1539", "CVE-2014-1487", "CVE-2015-0825", "CVE-2014-1594", "CVE-2014-1538", "CVE-2013-5609", "CVE-2015-0821", "CVE-2014-1525", "CVE-2013-5619", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1559", "CVE-2014-1537", "CVE-2014-1582", "CVE-2014-1523", "CVE-2014-1576", "CVE-2014-8631", "CVE-2013-5615", "CVE-2014-1529", "CVE-2015-0828", "CVE-2013-5597", "CVE-2014-1543", "CVE-2014-1486", "CVE-2013-5590", "CVE-2013-5605", "CVE-2013-5610", "CVE-2014-1532", "CVE-2013-6671", "CVE-2014-1548", "CVE-2014-1584", "CVE-2014-1588", "CVE-2015-0826", "CVE-2014-1531", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1542", "CVE-2014-1477", "CVE-2014-1578", "CVE-2013-1741", "CVE-2014-1540", "CVE-2014-1534", "CVE-2014-8642", "CVE-2014-1482", "CVE-2014-8637", "CVE-2014-1479", "CVE-2014-1504", "CVE-2014-8636", "CVE-2014-1580", "CVE-2014-1511", "CVE-2015-0819", "CVE-2014-1520", "CVE-2015-0834", "CVE-2014-1545", "CVE-2013-5592", "CVE-2014-1492", "CVE-2014-1556", "CVE-2013-5606", "CVE-2015-0818", "CVE-2014-1563", "CVE-2014-1524", "CVE-2014-8632", "CVE-2014-1512", "CVE-2014-1581", "CVE-2013-5604", "CVE-2014-1514", "CVE-2014-1592", "CVE-2014-8641", "CVE-2014-1490", "CVE-2015-0835", "CVE-2014-1498", "CVE-2014-1589", "CVE-2014-1565", "CVE-2014-1568", "CVE-2014-1555", "CVE-2014-1564", "CVE-2014-1574", "CVE-2014-1558", "CVE-2014-1551", "CVE-2014-1519", "CVE-2014-1547", "CVE-2014-1480", "CVE-2014-5369", "CVE-2014-1500", "CVE-2014-1497", "CVE-2013-5596", "CVE-2014-1478", "CVE-2014-1485", "CVE-2015-0817", "CVE-2014-1493", "CVE-2014-1544", "CVE-2014-8634", "CVE-2013-2566", "CVE-2015-0823", "CVE-2013-5603", "CVE-2013-6673", "CVE-2014-1562", "CVE-2015-0836", "CVE-2014-1541", "CVE-2014-1488", "CVE-2014-1552", "CVE-2013-5599", "CVE-2014-1553", "CVE-2014-8639", "CVE-2015-0829", "CVE-2014-1549", "CVE-2013-5591", "CVE-2013-5602", "CVE-2015-0822", "CVE-2014-1496", "CVE-2014-1554", "CVE-2015-0830", "CVE-2015-0827", "CVE-2014-8640", "CVE-2014-1557", "CVE-2014-1526", "CVE-2013-5593", "CVE-2014-1550", "CVE-2014-1533", "CVE-2014-1491", "CVE-2013-6672", "CVE-2013-5614", "CVE-2014-1575", "CVE-2014-8635", "CVE-2014-8638", "CVE-2014-1560", "CVE-2014-1585", "CVE-2014-1483", "CVE-2014-1489", "CVE-2014-1591", "CVE-2014-1593", "CVE-2015-0820", "CVE-2013-5600", "CVE-2014-1499", "CVE-2014-1518", "CVE-2014-1561", "CVE-2015-0833", "CVE-2013-5618"], "modified": "2015-04-08T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:seamonkey-bin", "p-cpe:/a:gentoo:linux:firefox", "p-cpe:/a:gentoo:linux:nspr", "p-cpe:/a:gentoo:linux:thunderbird", "cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:seamonkey", "p-cpe:/a:gentoo:linux:thunderbird-bin", "p-cpe:/a:gentoo:linux:firefox-bin"], "id": "GENTOO_GLSA-201504-01.NASL", "href": "https://www.tenable.com/plugins/nessus/82632", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201504-01.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82632);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-1741\", \"CVE-2013-2566\", \"CVE-2013-5590\", \"CVE-2013-5591\", \"CVE-2013-5592\", \"CVE-2013-5593\", \"CVE-2013-5595\", \"CVE-2013-5596\", \"CVE-2013-5597\", \"CVE-2013-5598\", \"CVE-2013-5599\", \"CVE-2013-5600\", \"CVE-2013-5601\", \"CVE-2013-5602\", \"CVE-2013-5603\", \"CVE-2013-5604\", \"CVE-2013-5605\", \"CVE-2013-5606\", \"CVE-2013-5607\", \"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\", \"CVE-2014-1477\", \"CVE-2014-1478\", \"CVE-2014-1479\", \"CVE-2014-1480\", \"CVE-2014-1481\", \"CVE-2014-1482\", \"CVE-2014-1483\", \"CVE-2014-1485\", \"CVE-2014-1486\", \"CVE-2014-1487\", \"CVE-2014-1488\", \"CVE-2014-1489\", \"CVE-2014-1490\", \"CVE-2014-1491\", \"CVE-2014-1492\", \"CVE-2014-1493\", \"CVE-2014-1494\", \"CVE-2014-1496\", \"CVE-2014-1497\", \"CVE-2014-1498\", \"CVE-2014-1499\", \"CVE-2014-1500\", \"CVE-2014-1502\", \"CVE-2014-1504\", \"CVE-2014-1505\", \"CVE-2014-1508\", \"CVE-2014-1509\", \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\", \"CVE-2014-1513\", \"CVE-2014-1514\", \"CVE-2014-1518\", \"CVE-2014-1519\", \"CVE-2014-1520\", \"CVE-2014-1522\", \"CVE-2014-1523\", \"CVE-2014-1524\", \"CVE-2014-1525\", \"CVE-2014-1526\", \"CVE-2014-1529\", \"CVE-2014-1530\", \"CVE-2014-1531\", \"CVE-2014-1532\", \"CVE-2014-1533\", \"CVE-2014-1534\", \"CVE-2014-1536\", \"CVE-2014-1537\", \"CVE-2014-1538\", \"CVE-2014-1539\", \"CVE-2014-1540\", \"CVE-2014-1541\", \"CVE-2014-1542\", \"CVE-2014-1543\", \"CVE-2014-1544\", \"CVE-2014-1545\", \"CVE-2014-1547\", \"CVE-2014-1548\", \"CVE-2014-1549\", \"CVE-2014-1550\", \"CVE-2014-1551\", \"CVE-2014-1552\", \"CVE-2014-1553\", \"CVE-2014-1554\", \"CVE-2014-1555\", \"CVE-2014-1556\", \"CVE-2014-1557\", \"CVE-2014-1558\", \"CVE-2014-1559\", \"CVE-2014-1560\", \"CVE-2014-1561\", \"CVE-2014-1562\", \"CVE-2014-1563\", \"CVE-2014-1564\", \"CVE-2014-1565\", \"CVE-2014-1566\", \"CVE-2014-1567\", \"CVE-2014-1568\", \"CVE-2014-1574\", \"CVE-2014-1575\", \"CVE-2014-1576\", \"CVE-2014-1577\", \"CVE-2014-1578\", \"CVE-2014-1580\", \"CVE-2014-1581\", \"CVE-2014-1582\", \"CVE-2014-1583\", \"CVE-2014-1584\", \"CVE-2014-1585\", \"CVE-2014-1586\", \"CVE-2014-1587\", \"CVE-2014-1588\", \"CVE-2014-1589\", \"CVE-2014-1590\", \"CVE-2014-1591\", \"CVE-2014-1592\", \"CVE-2014-1593\", \"CVE-2014-1594\", \"CVE-2014-5369\", \"CVE-2014-8631\", \"CVE-2014-8632\", \"CVE-2014-8634\", \"CVE-2014-8635\", \"CVE-2014-8636\", \"CVE-2014-8637\", \"CVE-2014-8638\", \"CVE-2014-8639\", \"CVE-2014-8640\", \"CVE-2014-8641\", \"CVE-2014-8642\", \"CVE-2015-0817\", \"CVE-2015-0818\", \"CVE-2015-0819\", \"CVE-2015-0820\", \"CVE-2015-0821\", \"CVE-2015-0822\", \"CVE-2015-0823\", \"CVE-2015-0824\", \"CVE-2015-0825\", \"CVE-2015-0826\", \"CVE-2015-0827\", \"CVE-2015-0828\", \"CVE-2015-0829\", \"CVE-2015-0830\", \"CVE-2015-0831\", \"CVE-2015-0832\", \"CVE-2015-0833\", \"CVE-2015-0834\", \"CVE-2015-0835\", \"CVE-2015-0836\");\n script_xref(name:\"GLSA\", value:\"201504-01\");\n\n script_name(english:\"GLSA-201504-01 : Mozilla Products: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201504-01\n(Mozilla Products: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Firefox, Thunderbird,\n and SeaMonkey. Please review the CVE identifiers referenced below for\n details.\n \nImpact :\n\n A remote attacker could entice a user to view a specially crafted web\n page or email, possibly resulting in execution of arbitrary code or a\n Denial of Service condition. Furthermore, a remote attacker may be able\n to perform Man-in-the-Middle attacks, obtain sensitive information, spoof\n the address bar, conduct clickjacking attacks, bypass security\n restrictions and protection mechanisms, or have other unspecified\n impact.\n \nWorkaround :\n\n There are no known workarounds at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201504-01\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All firefox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-31.5.3'\n All firefox-bin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-31.5.3'\n All thunderbird users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-31.5.0'\n All thunderbird-bin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=mail-client/thunderbird-bin-31.5.0'\n All seamonkey users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/seamonkey-2.33.1'\n All seamonkey-bin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-2.33.1'\n All nspr users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/nspr-4.10.6'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox Proxy Prototype Privileged Javascript Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:seamonkey-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/nspr\", unaffected:make_list(\"ge 4.10.6\"), vulnerable:make_list(\"lt 4.10.6\"))) flag++;\nif (qpkg_check(package:\"mail-client/thunderbird\", unaffected:make_list(\"ge 31.5.0\"), vulnerable:make_list(\"lt 31.5.0\"))) flag++;\nif (qpkg_check(package:\"mail-client/thunderbird-bin\", unaffected:make_list(\"ge 31.5.0\"), vulnerable:make_list(\"lt 31.5.0\"))) flag++;\nif (qpkg_check(package:\"www-client/firefox\", unaffected:make_list(\"ge 31.5.3\"), vulnerable:make_list(\"lt 31.5.3\"))) flag++;\nif (qpkg_check(package:\"www-client/firefox-bin\", unaffected:make_list(\"ge 31.5.3\"), vulnerable:make_list(\"lt 31.5.3\"))) flag++;\nif (qpkg_check(package:\"www-client/seamonkey\", unaffected:make_list(\"ge 2.33.1\"), vulnerable:make_list(\"lt 2.33.1\"))) flag++;\nif (qpkg_check(package:\"www-client/seamonkey-bin\", unaffected:make_list(\"ge 2.33.1\"), vulnerable:make_list(\"lt 2.33.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla Products\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:40", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0824", "CVE-2014-1505", "CVE-2014-1536", "CVE-2014-1577", "CVE-2014-1513", "CVE-2013-5601", "CVE-2013-5612", "CVE-2015-0831", "CVE-2013-5595", "CVE-2014-1530", "CVE-2014-1590", "CVE-2014-1586", "CVE-2014-1583", "CVE-2015-0832", "CVE-2013-5616", "CVE-2013-5607", "CVE-2014-1510", "CVE-2014-1566", "CVE-2013-5598", "CVE-2013-5613", "CVE-2014-1522", "CVE-2014-1587", "CVE-2014-1567", "CVE-2014-1481", "CVE-2014-1539", "CVE-2014-1487", "CVE-2015-0825", "CVE-2014-1594", "CVE-2014-1538", "CVE-2013-5609", "CVE-2015-0821", "CVE-2014-1525", "CVE-2013-5619", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1559", "CVE-2014-1537", "CVE-2014-1582", "CVE-2014-1523", "CVE-2014-1576", "CVE-2014-8631", "CVE-2013-5615", "CVE-2014-1529", "CVE-2015-0828", "CVE-2013-5597", "CVE-2014-1543", "CVE-2014-1486", "CVE-2013-5590", "CVE-2013-5605", "CVE-2013-5610", "CVE-2014-1532", "CVE-2013-6671", "CVE-2014-1548", "CVE-2014-1584", "CVE-2014-1588", "CVE-2015-0826", "CVE-2014-1531", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1542", "CVE-2014-1477", "CVE-2014-1578", "CVE-2013-1741", "CVE-2014-1540", "CVE-2014-1534", "CVE-2014-8642", "CVE-2014-1482", "CVE-2014-8637", "CVE-2014-1479", "CVE-2014-1504", "CVE-2014-8636", "CVE-2014-1580", "CVE-2014-1511", "CVE-2015-0819", "CVE-2014-1520", "CVE-2015-0834", "CVE-2014-1545", "CVE-2013-5592", "CVE-2014-1492", "CVE-2014-1556", "CVE-2013-5606", "CVE-2015-0818", "CVE-2014-1563", "CVE-2014-1524", "CVE-2014-8632", "CVE-2014-1512", "CVE-2014-1581", "CVE-2013-5604", "CVE-2014-1514", "CVE-2014-1592", "CVE-2014-8641", "CVE-2014-1490", "CVE-2015-0835", "CVE-2014-1498", "CVE-2014-1589", "CVE-2014-1565", "CVE-2014-1568", "CVE-2014-1555", "CVE-2014-1564", "CVE-2014-1574", "CVE-2014-1558", "CVE-2014-1551", "CVE-2014-1519", "CVE-2014-1547", "CVE-2014-1480", "CVE-2014-5369", "CVE-2014-1500", "CVE-2014-1497", "CVE-2013-5596", "CVE-2014-1478", "CVE-2014-1485", "CVE-2015-0817", "CVE-2014-1493", "CVE-2014-1544", "CVE-2014-8634", "CVE-2013-2566", "CVE-2015-0823", "CVE-2013-5603", "CVE-2013-6673", "CVE-2014-1562", "CVE-2015-0836", "CVE-2014-1541", "CVE-2014-1488", "CVE-2014-1552", "CVE-2013-5599", "CVE-2014-1553", "CVE-2014-8639", "CVE-2015-0829", "CVE-2014-1549", "CVE-2013-5591", "CVE-2013-5602", "CVE-2015-0822", "CVE-2014-1496", "CVE-2014-1554", "CVE-2015-0830", "CVE-2015-0827", "CVE-2014-8640", "CVE-2014-1557", "CVE-2014-1526", "CVE-2013-5593", "CVE-2014-1550", "CVE-2014-1533", "CVE-2014-1491", "CVE-2013-6672", "CVE-2013-5614", "CVE-2014-1575", "CVE-2014-8635", "CVE-2014-8638", "CVE-2014-1560", "CVE-2014-1585", "CVE-2014-1483", "CVE-2014-1489", "CVE-2014-1591", "CVE-2014-1593", "CVE-2015-0820", "CVE-2013-5600", "CVE-2014-1499", "CVE-2014-1518", "CVE-2014-1561", "CVE-2015-0833", "CVE-2013-5618"], "edition": 1, "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-31.5.3\"\n \n\nAll firefox-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-31.5.3\"\n \n\nAll thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-31.5.0\"\n \n\nAll thunderbird-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-31.5.0\"\n \n\nAll seamonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.33.1\"\n \n\nAll seamonkey-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.33.1\"\n \n\nAll nspr users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nspr-4.10.6\"", "modified": "2015-04-08T00:00:00", "published": "2015-04-07T00:00:00", "id": "GLSA-201504-01", "href": "https://security.gentoo.org/glsa/201504-01", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
