ID OPENVAS:1361412562310871341 Type openvas Reporter Copyright (C) 2015 Greenbone Networks GmbH Modified 2017-07-12T00:00:00
Description
Check the version of firefox
###############################################################################
# OpenVAS Vulnerability Test
#
# RedHat Update for firefox RHSA-2015:0718-01
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.871341");
script_version("$Revision: 6689 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-12 11:50:06 +0200 (Wed, 12 Jul 2017) $");
script_tag(name:"creation_date", value:"2015-03-25 06:31:49 +0100 (Wed, 25 Mar 2015)");
script_cve_id("CVE-2015-0817", "CVE-2015-0818");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"qod_type", value:"package");
script_name("RedHat Update for firefox RHSA-2015:0718-01");
script_tag(name: "summary", value: "Check the version of firefox");
script_tag(name: "vuldetect", value: "Get the installed version with the help of detect NVT and check if the version is vulnerable or not.");
script_tag(name: "insight", value: "Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
Two flaws were found in the processing of malformed web content. A web page
containing malicious content could cause Firefox to crash or, potentially,
execute arbitrary code with the privileges of the user running Firefox.
(CVE-2015-0817, CVE-2015-0818)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges ilxu1a and Mariusz Mlynski as the original reporters
of these issues.
All Firefox users should upgrade to these updated packages, which contain
Firefox version 31.5.3 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.
");
script_tag(name: "affected", value: "firefox on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Server (v. 7),
Red Hat Enterprise Linux Workstation (v. 6)");
script_tag(name: "solution", value: "Please Install the Updated Packages.");
script_xref(name: "RHSA", value: "2015:0718-01");
script_xref(name: "URL" , value: "https://www.redhat.com/archives/rhsa-announce/2015-March/msg00047.html");
script_tag(name:"solution_type", value:"VendorFix");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2015 Greenbone Networks GmbH");
script_family("Red Hat Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "RHENT_7")
{
if ((res = isrpmvuln(pkg:"firefox", rpm:"firefox~31.5.3~3.el7_1", rls:"RHENT_7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"firefox-debuginfo", rpm:"firefox-debuginfo~31.5.3~3.el7_1", rls:"RHENT_7")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "RHENT_6")
{
if ((res = isrpmvuln(pkg:"firefox", rpm:"firefox~31.5.3~1.el6_6", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"firefox-debuginfo", rpm:"firefox-debuginfo~31.5.3~1.el6_6", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "RHENT_5")
{
if ((res = isrpmvuln(pkg:"firefox", rpm:"firefox~31.5.3~1.el5_11", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"firefox-debuginfo", rpm:"firefox-debuginfo~31.5.3~1.el5_11", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871341", "history": [{"lastseen": "2017-07-03T10:54:32", "differentElements": ["modified", "sourceData"], "edition": 2, "bulletin": {"href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871341", "history": [], "naslFamily": "Red Hat Local Security Checks", "id": "OPENVAS:1361412562310871341", "title": "RedHat Update for firefox RHSA-2015:0718-01", "description": "Check the version of firefox", "published": "2015-03-25T00:00:00", "type": "openvas", "bulletinFamily": "scanner", "hashmap": [{"key": "pluginID", "hash": "96925d55518c3dad115a8f3bdb08ea1e"}, {"key": "cvelist", "hash": "0ed3708ae6e6fd21964b11319b8b26d1"}, {"key": "modified", "hash": "6d74d0dcf54910fae9bc80739b71f915"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "sourceData", "hash": "982be1a089cd0f74a0cdc6c4d2a9eb17"}, {"key": "published", "hash": "31b1f7b94ab9717a26f961ccc69d0519"}, {"key": "description", "hash": "a207fec9f7e55ca0c71a5bc91a8c0287"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "references", "hash": "75c5f3029058767b5bc6521f4b1595c3"}, {"key": "href", "hash": "c61c0ce3f6c48f49e9fc11c45632183d"}, {"key": "reporter", "hash": "1e898993712db5cf9f9a110102684025"}, {"key": "naslFamily", "hash": "b46559ea68ec9a13474c3a7776817cfd"}, {"key": "title", "hash": "c4971189d526ce1191488aec874cb8ae"}], "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2015:0718-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871341\");\n script_version(\"$Revision: 6357 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-16 12:00:29 +0200 (Fri, 16 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-25 06:31:49 +0100 (Wed, 25 Mar 2015)\");\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for firefox RHSA-2015:0718-01\");\n script_tag(name: \"summary\", value: \"Check the version of firefox\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nTwo flaws were found in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2015-0817, CVE-2015-0818)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges ilxu1a and Mariusz Mlynski as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 31.5.3 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\");\n script_tag(name: \"affected\", value: \"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"RHSA\", value: \"2015:0718-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2015-March/msg00047.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:redhat:enterprise_linux\", \"login/SSH/success\", \"ssh/login/release\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.3~3.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~31.5.3~3.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.3~1.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~31.5.3~1.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.3~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~31.5.3~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "pluginID": "1361412562310871341", "hash": "abba1d1c292aa3f6eb8834fcecb450118fc77642ea666fb1f7be0d53e6c6609e", "modified": "2017-06-16T00:00:00", "edition": 2, "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2017-07-03T10:54:32", "viewCount": 0, "enchantments": {}, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "objectVersion": "1.3", "references": ["2015:0718-01", "https://www.redhat.com/archives/rhsa-announce/2015-March/msg00047.html"]}}, {"lastseen": "2017-07-02T21:12:16", "differentElements": ["modified", "sourceData"], "edition": 1, "bulletin": {"href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871341", "history": [], "naslFamily": "Red Hat Local Security Checks", "id": "OPENVAS:1361412562310871341", "title": "RedHat Update for firefox RHSA-2015:0718-01", "description": "Check the version of firefox", "published": "2015-03-25T00:00:00", "type": "openvas", "bulletinFamily": "scanner", "hashmap": [{"key": "pluginID", "hash": "96925d55518c3dad115a8f3bdb08ea1e"}, {"key": "cvelist", "hash": "0ed3708ae6e6fd21964b11319b8b26d1"}, {"key": "modified", "hash": "c40b903ef912c1c773edb1cd7cf44e35"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "published", "hash": "31b1f7b94ab9717a26f961ccc69d0519"}, {"key": "description", "hash": "a207fec9f7e55ca0c71a5bc91a8c0287"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "sourceData", "hash": "815ad5686964c1b795496f57b02cfec4"}, {"key": "references", "hash": "75c5f3029058767b5bc6521f4b1595c3"}, {"key": "href", "hash": "c61c0ce3f6c48f49e9fc11c45632183d"}, {"key": "reporter", "hash": "1e898993712db5cf9f9a110102684025"}, {"key": "naslFamily", "hash": "b46559ea68ec9a13474c3a7776817cfd"}, {"key": "title", "hash": "c4971189d526ce1191488aec874cb8ae"}], "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2015:0718-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871341\");\n script_version(\"$Revision: 3338 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-05-18 09:25:35 +0200 (Wed, 18 May 2016) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-25 06:31:49 +0100 (Wed, 25 Mar 2015)\");\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for firefox RHSA-2015:0718-01\");\n script_tag(name: \"summary\", value: \"Check the version of firefox\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nTwo flaws were found in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2015-0817, CVE-2015-0818)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges ilxu1a and Mariusz Mlynski as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 31.5.3 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\");\n script_tag(name: \"affected\", value: \"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"RHSA\", value: \"2015:0718-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2015-March/msg00047.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:redhat:enterprise_linux\", \"login/SSH/success\", \"ssh/login/release\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.3~3.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~31.5.3~3.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.3~1.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~31.5.3~1.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.3~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~31.5.3~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "pluginID": "1361412562310871341", "hash": "6548d2c1ed4113ba18abcfa51f6a69fd89aa86b5455d4243f2f56669e1aeaa72", "modified": "2016-05-18T00:00:00", "edition": 1, "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2017-07-02T21:12:16", "viewCount": 0, "enchantments": {}, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "objectVersion": "1.3", "references": ["2015:0718-01", "https://www.redhat.com/archives/rhsa-announce/2015-March/msg00047.html"]}}], "naslFamily": "Red Hat Local Security Checks", "id": "OPENVAS:1361412562310871341", "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-03-25T00:00:00", "description": "Check the version of firefox", "title": "RedHat Update for firefox RHSA-2015:0718-01", "bulletinFamily": "scanner", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2015:0718-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871341\");\n script_version(\"$Revision: 6689 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:50:06 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-25 06:31:49 +0100 (Wed, 25 Mar 2015)\");\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for firefox RHSA-2015:0718-01\");\n script_tag(name: \"summary\", value: \"Check the version of firefox\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nTwo flaws were found in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2015-0817, CVE-2015-0818)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges ilxu1a and Mariusz Mlynski as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 31.5.3 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\");\n script_tag(name: \"affected\", value: \"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"RHSA\", value: \"2015:0718-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2015-March/msg00047.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.3~3.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~31.5.3~3.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.3~1.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~31.5.3~1.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.3~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~31.5.3~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "pluginID": "1361412562310871341", "hash": "85ad0ef5023fd6d46c3af59d8ad188116c9b5fceecf01fa6831616747d208056", "references": ["2015:0718-01", "https://www.redhat.com/archives/rhsa-announce/2015-March/msg00047.html"], "edition": 3, "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2017-07-27T10:53:13", "viewCount": 0, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}, "vulnersScore": 9.3}, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "0ed3708ae6e6fd21964b11319b8b26d1"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "a207fec9f7e55ca0c71a5bc91a8c0287"}, {"key": "href", "hash": "c61c0ce3f6c48f49e9fc11c45632183d"}, {"key": "modified", "hash": "602bced6320cec4ab33d131e0b746b65"}, {"key": "naslFamily", "hash": "b46559ea68ec9a13474c3a7776817cfd"}, {"key": "pluginID", "hash": "96925d55518c3dad115a8f3bdb08ea1e"}, {"key": "published", "hash": "31b1f7b94ab9717a26f961ccc69d0519"}, {"key": "references", "hash": "75c5f3029058767b5bc6521f4b1595c3"}, {"key": "reporter", "hash": "1e898993712db5cf9f9a110102684025"}, {"key": "sourceData", "hash": "1d4fcda7963dedbe41a7c83559f0a633"}, {"key": "title", "hash": "c4971189d526ce1191488aec874cb8ae"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "objectVersion": "1.3", "modified": "2017-07-12T00:00:00"}
{"result": {"cve": [{"lastseen": "2017-04-18T15:55:59", "references": ["http://www.ubuntu.com/usn/USN-2538-1", "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00029.html", "http://www.mozilla.org/security/announce/2015/mfsa2015-28.html", "http://www.securitytracker.com/id/1031959", "http://rhn.redhat.com/errata/RHSA-2015-0718.html", "http://lists.opensuse.org/opensuse-updates/2015-03/msg00096.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=1144988", "http://www.debian.org/security/2015/dsa-3201", "http://www.securityfocus.com/bid/73265", "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "https://security.gentoo.org/glsa/201504-01", "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00035.html", "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html"], "edition": 2, "description": "Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.", "reporter": "NVD", "published": "2015-03-23T20:59:07", "title": "CVE-2015-0818", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-0818"], "scanner": [], "modified": "2016-12-21T21:59:27", "cpe": ["cpe:/a:mozilla:firefox_esr:31.3.0", "cpe:/a:mozilla:firefox_esr:31.1", "cpe:/a:mozilla:firefox_esr:31.5", "cpe:/a:mozilla:seamonkey:2.33.0", "cpe:/a:mozilla:firefox_esr:31.5.2", "cpe:/a:mozilla:firefox_esr:31.1.1", "cpe:/a:mozilla:firefox_esr:31.3", "cpe:/a:mozilla:firefox_esr:31.4", "cpe:/a:mozilla:firefox:36.0.3", "cpe:/a:mozilla:firefox_esr:31.0", "cpe:/a:mozilla:firefox_esr:31.2", "cpe:/a:mozilla:firefox_esr:31.5.1", "cpe:/a:mozilla:firefox_esr:31.1.0"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0818", "id": "CVE-2015-0818", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-18T15:55:59", "references": ["http://www.ubuntu.com/usn/USN-2538-1", "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00029.html", "http://rhn.redhat.com/errata/RHSA-2015-0718.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=1145255", "http://lists.opensuse.org/opensuse-updates/2015-03/msg00096.html", "http://www.securityfocus.com/bid/73263", "http://www.debian.org/security/2015/dsa-3201", "http://www.securitytracker.com/id/1031958", "http://www.mozilla.org/security/announce/2015/mfsa2015-29.html", "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "https://security.gentoo.org/glsa/201504-01", "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00035.html", "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html"], "edition": 2, "description": "The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.", "reporter": "NVD", "published": "2015-03-23T20:59:05", "title": "CVE-2015-0817", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-0817"], "scanner": [], "modified": "2017-01-02T21:59:43", "cpe": ["cpe:/a:mozilla:firefox_esr:31.3.0", "cpe:/a:mozilla:firefox_esr:31.1", "cpe:/a:mozilla:firefox_esr:31.5", "cpe:/a:mozilla:seamonkey:2.33.0", "cpe:/a:mozilla:firefox_esr:31.1.1", "cpe:/a:mozilla:firefox_esr:31.3", "cpe:/a:mozilla:firefox_esr:31.4", "cpe:/a:mozilla:firefox_esr:31.0", "cpe:/a:mozilla:firefox_esr:31.2", "cpe:/a:mozilla:firefox_esr:31.5.1", "cpe:/a:mozilla:firefox:36.0.1", "cpe:/a:mozilla:firefox_esr:31.1.0"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0817", "id": "CVE-2015-0817", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:53:44", "references": ["http://www.securitytracker.com/id/1031959", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-28"], "pluginID": "1361412562310805515", "description": "This host is installed with Mozilla Firefox\n and is prone to privilege escalation vulnerability.", "edition": 2, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-03-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Mozilla Firefox SVG Navigation Privilege Escalation Vulnerability Mar15 (Mac OS X)", "type": "openvas", "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805515", "id": "OPENVAS:1361412562310805515", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_priv_esc_vuln_mar15_macosx.nasl 6600 2017-07-07 09:58:31Z teissa $\n#\n# Mozilla Firefox SVG Navigation Privilege Escalation Vulnerability Mar15 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805515\");\n script_version(\"$Revision: 6600 $\");\n script_cve_id(\"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:58:31 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-27 14:36:15 +0530 (Fri, 27 Mar 2015)\");\n script_name(\"Mozilla Firefox SVG Navigation Privilege Escalation Vulnerability Mar15 (Mac OS X)\");\n\n script_tag(name: \"summary\" , value:\"This host is installed with Mozilla Firefox\n and is prone to privilege escalation vulnerability.\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the installed version with the help of\n detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value:\"The flaw exists due to an error in\n docshell/base/nsDocShell.cpp within the SVG format content navigation\n functionality.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote\n attackers to gain elevated privileges and execute arbitrary scripts with the\n elevated privileges.\n\n Impact Level: System/Application\");\n\n script_tag(name: \"affected\" , value:\"Mozilla Firefox before version 36.0.4 on\n Mac OS X\");\n\n script_tag(name: \"solution\" , value:\"Upgrade to Mozilla Firefox version 36.0.4\n or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1031959\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-28\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nffVer = \"\";\n\n## Get version\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\n# Check for vulnerable version\nif(version_is_less(version:ffVer, test_version:\"36.0.4\"))\n{\n report = 'Installed version: ' + ffVer + '\\n' +\n 'Fixed version: 36.0.4\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-05-23T14:40:32", "references": ["http://www.securitytracker.com/id/1031959", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-28"], "pluginID": "1361412562310805516", "description": "This host is installed with Mozilla Firefox\n ESR and is prone to privilege escalation vulnerability.", "edition": 2, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-03-27T00:00:00", "title": "Mozilla Firefox ESR SVG Privilege Escalation Vulnerability Mar15 (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818"], "modified": "2018-05-18T00:00:00", "id": "OPENVAS:1361412562310805516", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805516", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_esr_priv_esc_vuln_mar15_win.nasl 9910 2018-05-18 13:37:53Z cfischer $\n#\n# Mozilla Firefox ESR SVG Privilege Escalation Vulnerability Mar15 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805516\");\n script_version(\"$Revision: 9910 $\");\n script_cve_id(\"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-05-18 15:37:53 +0200 (Fri, 18 May 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-27 13:32:25 +0530 (Fri, 27 Mar 2015)\");\n script_name(\"Mozilla Firefox ESR SVG Privilege Escalation Vulnerability Mar15 (Windows)\");\n\n script_tag(name: \"summary\" , value:\"This host is installed with Mozilla Firefox\n ESR and is prone to privilege escalation vulnerability.\");\n\n script_tag(name: \"vuldetect\" , value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name: \"insight\" , value:\"The flaw exists due to an error in\n docshell/base/nsDocShell.cpp within the SVG format content navigation\n functionality.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote\n attackers to gain elevated privileges and execute arbitrary scripts with the\n elevated privileges.\n\n Impact Level: System/Application\");\n\n script_tag(name: \"affected\" , value:\"Mozilla Firefox ESR 31.x before 31.5.3 on\n Windows\");\n\n script_tag(name: \"solution\" , value:\"Upgrade to Mozilla Firefox ESR version\n 31.5.3 or later, For updates refer to\n https://www.mozilla.org/en-US/firefox/organizations\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1031959\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-28\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(ffVer =~ \"^(31)\\.\")\n{\n if((version_in_range(version:ffVer, test_version:\"31.0\", test_version2:\"31.5.2\")))\n {\n report = 'Installed version: ' + ffVer + '\\n' +\n 'Fixed version: ' + \"31.5.3\" + '\\n';\n security_message(data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-05-23T14:39:16", "references": ["http://www.securitytracker.com/id/1031959", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-28"], "pluginID": "1361412562310805514", "description": "This host is installed with Mozilla Firefox\n and is prone to privilege escalation vulnerability.", "edition": 2, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-03-27T00:00:00", "title": "Mozilla Firefox SVG Navigation Privilege Escalation Vulnerability Mar15 (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818"], "modified": "2018-05-18T00:00:00", "id": "OPENVAS:1361412562310805514", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805514", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_priv_esc_vuln_mar15_win.nasl 9910 2018-05-18 13:37:53Z cfischer $\n#\n# Mozilla Firefox SVG Navigation Privilege Escalation Vulnerability Mar15 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805514\");\n script_version(\"$Revision: 9910 $\");\n script_cve_id(\"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-05-18 15:37:53 +0200 (Fri, 18 May 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-27 13:32:25 +0530 (Fri, 27 Mar 2015)\");\n script_name(\"Mozilla Firefox SVG Navigation Privilege Escalation Vulnerability Mar15 (Windows)\");\n\n script_tag(name: \"summary\" , value:\"This host is installed with Mozilla Firefox\n and is prone to privilege escalation vulnerability.\");\n\n script_tag(name: \"vuldetect\" , value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name: \"insight\" , value:\"The flaw exists due to an error in\n docshell/base/nsDocShell.cpp within the SVG format content navigation\n functionality.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote\n attackers to gain elevated privileges and execute arbitrary scripts with the\n elevated privileges.\n\n Impact Level: System/Application\");\n\n script_tag(name: \"affected\" , value:\"Mozilla Firefox before version 36.0.4 on\n Windows\");\n\n script_tag(name: \"solution\" , value:\"Upgrade to Mozilla Firefox version 36.0.4\n or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1031959\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-28\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"36.0.4\"))\n{\n report = 'Installed version: ' + ffVer + '\\n' +\n 'Fixed version: 36.0.4\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-11T10:52:08", "references": ["http://www.securitytracker.com/id/1031959", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-28"], "pluginID": "1361412562310805517", "description": "This host is installed with Mozilla Firefox\n ESR and is prone to privilege escalation vulnerability.", "edition": 2, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-03-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Mozilla Firefox ESR SVG Privilege Escalation Vulnerability Mar15 (Mac OS X)", "type": "openvas", "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818"], "modified": "2017-06-26T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805517", "id": "OPENVAS:1361412562310805517", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_esr_priv_esc_vuln_mar15_macosx.nasl 6431 2017-06-26 09:59:24Z teissa $\n#\n# Mozilla Firefox ESR SVG Privilege Escalation Vulnerability Mar15 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805517\");\n script_version(\"$Revision: 6431 $\");\n script_cve_id(\"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-26 11:59:24 +0200 (Mon, 26 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-27 14:45:08 +0530 (Fri, 27 Mar 2015)\");\n script_name(\"Mozilla Firefox ESR SVG Privilege Escalation Vulnerability Mar15 (Mac OS X)\");\n\n script_tag(name: \"summary\" , value:\"This host is installed with Mozilla Firefox\n ESR and is prone to privilege escalation vulnerability.\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the installed version with the help of\n detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value:\"The flaw exists due to an error in\n docshell/base/nsDocShell.cpp within the SVG format content navigation\n functionality.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote\n attackers to gain elevated privileges and execute arbitrary scripts with the\n elevated privileges.\n\n Impact Level: System/Application\");\n\n script_tag(name: \"affected\" , value:\"Mozilla Firefox ESR 31.x before 31.5.3 on\n Mac OS X\");\n\n script_tag(name: \"solution\" , value:\"Upgrade to Mozilla Firefox ESR version\n 31.5.3 or later, For updates refer to\n https://www.mozilla.org/en-US/firefox/organizations\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1031959\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-28\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox-ESR/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nffVer = \"\";\n\n## Get version\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\n# Check for vulnerable version\nif(ffVer =~ \"^(31)\\.\")\n{\n if((version_in_range(version:ffVer, test_version:\"31.0\", test_version2:\"31.5.2\")))\n {\n report = 'Installed version: ' + ffVer + '\\n' +\n 'Fixed version: ' + \"31.5.3\" + '\\n';\n security_message(data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-12T11:17:08", "references": ["2015:0636_1"], "pluginID": "1361412562310850646", "description": "Check the version of seamonkey", "edition": 3, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-04-01T00:00:00", "title": "SuSE Update for seamonkey openSUSE-SU-2015:0636-1 (seamonkey)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2017-12-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850646", "id": "OPENVAS:1361412562310850646", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_0636_1.nasl 8046 2017-12-08 08:48:56Z santu $\n#\n# SuSE Update for seamonkey openSUSE-SU-2015:0636-1 (seamonkey)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850646\");\n script_version(\"$Revision: 8046 $\");\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:48:56 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-01 07:19:02 +0200 (Wed, 01 Apr 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for seamonkey openSUSE-SU-2015:0636-1 (seamonkey)\");\n script_tag(name: \"summary\", value: \"Check the version of seamonkey\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the\n help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n SeaMonkey was updated to 2.33.1 to fix several vulnerabilities.\n\n The following vulnerabilities were fixed:\n\n * Privilege escalation through SVG navigation (CVE-2015-0818)\n * Code execution through incorrect JavaScript bounds checking elimination\n (CVE-2015-0817)\");\n script_tag(name: \"affected\", value: \"seamonkey on openSUSE 13.1\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"openSUSE-SU\", value: \"2015:0636_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~2.33.1~53.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~2.33.1~53.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debugsource\", rpm:\"seamonkey-debugsource~2.33.1~53.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~2.33.1~53.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-irc\", rpm:\"seamonkey-irc~2.33.1~53.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-translations-common\", rpm:\"seamonkey-translations-common~2.33.1~53.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-translations-other\", rpm:\"seamonkey-translations-other~2.33.1~53.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:12:21", "references": ["http://www.securitytracker.com/id/1031958", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-29", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-28"], "pluginID": "1361412562310805512", "description": "This host is installed with SeaMonkey and\n is prone to multiple vulnerabilities.", "edition": 1, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-03-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "SeaMonkey Multiple Vulnerabilities -01 Mar15 (Windows)", "type": "openvas", "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2017-05-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805512", "id": "OPENVAS:1361412562310805512", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sea_monkey_mult_vuln01_mar15_win.nasl 6141 2017-05-17 09:03:37Z teissa $\n#\n# SeaMonkey Multiple Vulnerabilities -01 Mar15 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:seamonkey\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805512\");\n script_version(\"$Revision: 6141 $\");\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-17 11:03:37 +0200 (Wed, 17 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-27 11:46:34 +0530 (Fri, 27 Mar 2015)\");\n script_name(\"SeaMonkey Multiple Vulnerabilities -01 Mar15 (Windows)\");\n\n script_tag(name: \"summary\" , value:\"This host is installed with SeaMonkey and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the installed version with the help of\n detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value:\"Multiple flaws are due to,\n - An out-of-bounds access error in asmjs/AsmJSValidate.cpp within the JavaScript\n Just-in-time Compilation (JIT).\n - An error in docshell/base/nsDocShell.cpp within the SVG format content navigation\n functionality.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote\n attackers to gain elevated privileges and conduct arbitrary code execution.\n\n Impact Level: System/Application\");\n\n script_tag(name: \"affected\" , value:\"SeaMonkey version before 2.33.1 on Windows.\");\n\n script_tag(name: \"solution\" , value:\"Upgrade to SeaMonkey version 2.33.1 or later,\n For updates refer to http://www.mozilla.com/en-US/seamonkey\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1031958\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-29\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-28\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_seamonkey_detect_win.nasl\");\n script_mandatory_keys(\"Seamonkey/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nsmVer = \"\";\n\n## Get version\nif(!smVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\n# Check for vulnerable version\nif(version_is_less(version:smVer, test_version:\"2.33.1\"))\n{\n report = 'Installed version: ' + smVer + '\\n' +\n 'Fixed version: ' + \"2.33.1\" + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:53:11", "references": ["http://linux.oracle.com/errata/ELSA-2015-0718.html"], "pluginID": "1361412562310123152", "description": "Oracle Linux Local Security Checks ELSA-2015-0718", "edition": 2, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "Oracle Linux Local Check: ELSA-2015-0718", "type": "openvas", "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2017-07-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123152", "id": "OPENVAS:1361412562310123152", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Oracle Linux Local Check \n# $Id: ELSA-2015-0718.nasl 6560 2017-07-06 11:58:38Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.123152\");\nscript_version(\"$Revision: 6560 $\");\nscript_tag(name:\"creation_date\", value:\"2015-10-06 14:00:00 +0300 (Tue, 06 Oct 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 13:58:38 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Oracle Linux Local Check: ELSA-2015-0718\");\nscript_tag(name: \"insight\", value: \"ELSA-2015-0718 - firefox security update - [31.5.3-1.0.1.el5_11]- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files[31.5.3-1]- Update to 31.5.3 ESR[31.5.2-1]- Update to 31.5.2 ESR[31.5.1-1]- Update to 31.5.1 ESR\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_tag(name : \"summary\", value : \"Oracle Linux Local Security Checks ELSA-2015-0718\");\nscript_xref(name : \"URL\" , value : \"http://linux.oracle.com/errata/ELSA-2015-0718.html\");\nscript_cve_id(\"CVE-2015-0817\",\"CVE-2015-0818\");\nscript_tag(name:\"cvss_base\", value:\"7.5\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Oracle Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.3~3.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n\n}\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.3~1.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.3~1.0.1.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:52:15", "references": ["2015:0718", "http://lists.centos.org/pipermail/centos-announce/2015-March/020994.html"], "pluginID": "1361412562310882133", "description": "Check the version of firefox", "edition": 3, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-03-26T00:00:00", "title": "CentOS Update for firefox CESA-2015:0718 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882133", "id": "OPENVAS:1361412562310882133", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2015:0718 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882133\");\n script_version(\"$Revision: 6657 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-26 05:47:22 +0100 (Thu, 26 Mar 2015)\");\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2015:0718 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of firefox\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nTwo flaws were found in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2015-0817, CVE-2015-0818)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges ilxu1a and Mariusz Mlynski as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 31.5.3 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\");\n script_tag(name: \"affected\", value: \"firefox on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:0718\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-March/020994.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~31.5.3~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:11:38", "references": ["http://www.securitytracker.com/id/1031958", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-29", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-28"], "pluginID": "1361412562310805513", "description": "This host is installed with SeaMonkey and\n is prone to multiple vulnerabilities.", "edition": 1, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-03-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)", "type": "openvas", "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2017-06-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805513", "id": "OPENVAS:1361412562310805513", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sea_monkey_mult_vuln01_mar15_macosx.nasl 6329 2017-06-13 15:39:42Z teissa $\n#\n# SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:seamonkey\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805513\");\n script_version(\"$Revision: 6329 $\");\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-13 17:39:42 +0200 (Tue, 13 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-27 14:54:29 +0530 (Fri, 27 Mar 2015)\");\n script_name(\"SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)\");\n\n script_tag(name: \"summary\" , value:\"This host is installed with SeaMonkey and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the installed version with the help of\n detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value:\"Multiple flaws are due to,\n - An out-of-bounds access error in asmjs/AsmJSValidate.cpp within the JavaScript\n Just-in-time Compilation (JIT).\n - An error in docshell/base/nsDocShell.cpp within the SVG format content navigation\n functionality.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote\n attackers to gain elevated privileges and conduct arbitrary code execution.\n\n Impact Level: System/Application\");\n\n script_tag(name: \"affected\" , value:\"SeaMonkey version before 2.33.1 on Mac OS X.\");\n\n script_tag(name: \"solution\" , value:\"Upgrade to SeaMonkey version 2.33.1 or later,\n For updates refer to http://www.mozilla.com/en-US/seamonkey\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1031958\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-29\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-28\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"SeaMonkey/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nsmVer = \"\";\n\n## Get version\nif(!smVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\n# Check for vulnerable version\nif(version_is_less(version:smVer, test_version:\"2.33.1\"))\n{\n report = 'Installed version: ' + smVer + '\\n' +\n 'Fixed version: ' + \"2.33.1\" + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-12T11:16:15", "references": ["2015:0593_2"], "pluginID": "1361412562310850971", "description": "Check the version of MozillaFirefox", "edition": 3, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-10-16T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "SuSE Update for MozillaFirefox SUSE-SU-2015:0593-2 (MozillaFirefox)", "type": "openvas", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2017-12-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850971", "id": "OPENVAS:1361412562310850971", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_0593_2.nasl 8046 2017-12-08 08:48:56Z santu $\n#\n# SuSE Update for MozillaFirefox SUSE-SU-2015:0593-2 (MozillaFirefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850971\");\n script_version(\"$Revision: 8046 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:48:56 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 15:17:54 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for MozillaFirefox SUSE-SU-2015:0593-2 (MozillaFirefox)\");\n script_tag(name: \"summary\", value: \"Check the version of MozillaFirefox\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n MozillaFirefox was updated to the 31.5.3ESR release to fix two security\n vulnerabilities:\n\n *\n\n MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported,\n through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's\n implementation of typed array bounds checking in JavaScript just-in-time\n compilation (JIT) and its management of bounds checking for heap access.\n This flaw can be leveraged into the reading and writing of memory allowing\n for arbitrary code execution on the local system.\n\n *\n\n MFSA 2015-28 / CVE-2015-0818: Security researcher Mariusz Mlynski\n reported, through HP Zero Day Initiative's Pwn2Own contest, a method to\n run arbitrary scripts in a privileged context. This bypassed the\n same-origin policy protections by using a flaw in the processing of SVG\n format content navigation.\n\n Security Issues:\n\n * CVE-2015-0817\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 \n * CVE-2015-0818\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818\");\n script_tag(name: \"affected\", value: \"MozillaFirefox on SUSE Linux Enterprise Server 11 SP2 LTSS, SUSE Linux Enterprise Server 11 SP1 LTSS\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"SUSE-SU\", value: \"2015:0593_2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"SLES11.0SP2\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~31.5.3esr~0.3.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~31.5.3esr~0.3.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLES11.0SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~31.5.3esr~0.3.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~31.5.3esr~0.3.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "zdi": [{"lastseen": "2016-11-09T00:18:14", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=1144988"], "edition": 2, "description": "This vulnerability allows remote attackers to bypass the same-origin policy on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of SVG format content navigation. By using a DOMAttrModified mutation event listener, an attacker can inject an arbitrary URL into the history, and cause Firefox to break the same-origin isolation policy.", "reporter": "Mariusz Mlynski", "published": "2015-04-03T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "title": "(Pwn2Own) Mozilla Firefox SVG DOMAttrModified Same-Origin Policy Bypass Vulnerability", "type": "zdi", "bulletinFamily": "info", "cvelist": ["CVE-2015-0818"], "modified": "2015-11-09T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-15-108", "id": "ZDI-15-108", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-11-09T00:18:08", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=1145255"], "edition": 2, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of heap access bounds checking. A specially crafted typed array can eliminate bounds checks for heap accesses. An attacker can leverage this vulnerability to execute code under the context of the current process.", "reporter": "i1xu1a", "published": "2015-04-03T00:00:00", "title": " (Pwn2Own) Mozilla Firefox Bounds Check Elimination Remote Code Execution Vulnerability", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "zdi", "bulletinFamily": "info", "cvelist": ["CVE-2015-0817"], "modified": "2015-11-09T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-15-109", "id": "ZDI-15-109", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-07-18T13:30:20", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/"], "pluginID": "82039", "description": "The version of Mozilla Firefox ESR 31.x installed on the remote Windows host is prior to 31.5.3. It is, therefore, affected by a privilege escalation vulnerability due to a flaw within 'docshell/base/nsDocShell.cpp', which relates to SVG format content navigation. A remote attacker can exploit this to bypass same-origin policy protections, allowing a possible execution of arbitrary scripts in a privileged context.", "edition": 3, "reporter": "Tenable", "published": "2015-03-24T00:00:00", "title": "Firefox ESR 31.x < 31.5.3 SVG Bypass Privilege Escalation", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MOZILLA_FIREFOX_31_5_3_ESR.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82039", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82039);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\"CVE-2015-0818\");\n script_bugtraq_id(73265);\n\n script_name(english:\"Firefox ESR 31.x < 31.5.3 SVG Bypass Privilege Escalation\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by a\nprivilege escalation vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox ESR 31.x installed on the remote\nWindows host is prior to 31.5.3. It is, therefore, affected by a\nprivilege escalation vulnerability due to a flaw within\n'docshell/base/nsDocShell.cpp', which relates to SVG format content\nnavigation. A remote attacker can exploit this to bypass same-origin\npolicy protections, allowing a possible execution of arbitrary scripts\nin a privileged context.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox ESR 31.5.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'31.5.3', min:'31.0', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-07-18T14:16:52", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/"], "pluginID": "82041", "description": "The version of Mozilla Firefox installed on the remote Windows host is prior to 36.0.4. It is, therefore, affected by a privilege escalation vulnerability due to a flaw within 'docshell/base/nsDocShell.cpp', which relates to SVG format content navigation. A remote attacker can exploit this to bypass same-origin policy protections, allowing a possible execution of arbitrary scripts in a privileged context.", "edition": 3, "reporter": "Tenable", "published": "2015-03-24T00:00:00", "title": "Firefox < 36.0.4 SVG Bypass Privilege Escalation", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_36_0_4.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82041", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82041);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\"CVE-2015-0818\");\n script_bugtraq_id(73265);\n\n script_name(english:\"Firefox < 36.0.4 SVG Bypass Privilege Escalation\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by a\nprivilege escalation vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox installed on the remote Windows host is\nprior to 36.0.4. It is, therefore, affected by a privilege escalation\nvulnerability due to a flaw within 'docshell/base/nsDocShell.cpp',\nwhich relates to SVG format content navigation. A remote attacker can\nexploit this to bypass same-origin policy protections, allowing a\npossible execution of arbitrary scripts in a privileged context.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 36.0.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'36.0.4', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-07-15T04:20:35", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/"], "pluginID": "82035", "description": "The version of Mozilla Firefox ESR 31.x installed on the remote Mac OS X host is prior to 31.5.3. It is, therefore, affected by a privilege escalation vulnerability due to a flaw within 'docshell/base/nsDocShell.cpp', which relates to SVG format content navigation. A remote attacker can exploit this to bypass same-origin policy protections, allowing a possible execution of arbitrary scripts in a privileged context.", "edition": 3, "reporter": "Tenable", "published": "2015-03-24T00:00:00", "title": "Firefox ESR 31.x < 31.5.3 SVG Bypass Privilege Escalation (Mac OS X)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MACOSX_FIREFOX_31_5_3_ESR.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82035", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82035);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\"CVE-2015-0818\");\n script_bugtraq_id(73265);\n\n script_name(english:\"Firefox ESR 31.x < 31.5.3 SVG Bypass Privilege Escalation (Mac OS X)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by a\nprivilege escalation vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox ESR 31.x installed on the remote Mac OS\nX host is prior to 31.5.3. It is, therefore, affected by a privilege\nescalation vulnerability due to a flaw within\n'docshell/base/nsDocShell.cpp', which relates to SVG format content\nnavigation. A remote attacker can exploit this to bypass same-origin\npolicy protections, allowing a possible execution of arbitrary scripts\nin a privileged context.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox ESR 31.5.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nis_esr = get_kb_item(kb_base+\"/is_esr\");\nif (isnull(is_esr)) audit(AUDIT_NOT_INST, \"Mozilla Firefox ESR\");\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:TRUE, fix:'31.5.3', min:'31.0', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-07-15T04:09:56", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/"], "pluginID": "82037", "description": "The version of Mozilla Firefox installed on the remote Mac OS X host is prior to 36.0.4. It is, therefore, affected by a privilege escalation vulnerability due to a flaw within 'docshell/base/nsDocShell.cpp', which relates to SVG format content navigation. A remote attacker can exploit this to bypass same-origin policy protections, allowing a possible execution of arbitrary scripts in a privileged context.", "edition": 3, "reporter": "Tenable", "published": "2015-03-24T00:00:00", "title": "Firefox < 36.0.4 SVG Bypass Privilege Escalation (Mac OS X)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MACOSX_FIREFOX_36_0_4.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82037", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82037);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\"CVE-2015-0818\");\n script_bugtraq_id(73265);\n\n script_name(english:\"Firefox < 36.0.4 SVG Bypass Privilege Escalation (Mac OS X)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by a\nprivilege escalation vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox installed on the remote Mac OS X host\nis prior to 36.0.4. It is, therefore, affected by a privilege\nescalation vulnerability due to a flaw within\n'docshell/base/nsDocShell.cpp', which relates to SVG format content\nnavigation. A remote attacker can exploit this to bypass same-origin\npolicy protections, allowing a possible execution of arbitrary scripts\nin a privileged context.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 36.0.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'36.0.4', severity:SECURITY_HOLE, xss:FALSE, xsrf:TRUE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:35:01", "references": ["https://www.redhat.com/security/data/cve/CVE-2015-0817.html", "http://rhn.redhat.com/errata/RHSA-2015-0718.html", "https://www.redhat.com/security/data/cve/CVE-2015-0818.html", "http://www.nessus.org/u?8b5eaff4"], "pluginID": "82067", "description": "Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.\n\nTwo flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0817, CVE-2015-0818)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges ilxu1a and Mariusz Mlynski as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain Firefox version 31.5.3 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.", "edition": 3, "reporter": "Tenable", "published": "2015-03-25T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "nessus", "title": "RHEL 5 / 6 / 7 : firefox (RHSA-2015:0718)", "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "cpe": ["cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:7.1", "cpe:/o:redhat:enterprise_linux:6.6", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "modified": "2017-01-06T00:00:00", "id": "REDHAT-RHSA-2015-0718.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82067", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0718. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82067);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2017/01/06 15:51:01 $\");\n\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_xref(name:\"RHSA\", value:\"2015:0718\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : firefox (RHSA-2015:0718)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nTwo flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-0817, CVE-2015-0818)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges ilxu1a and Mariusz Mlynski as the\noriginal reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 31.5.3 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-0817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-0818.html\"\n );\n # https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b5eaff4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2015-0718.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0718\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-31.5.3-1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-debuginfo-31.5.3-1.el5_11\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-31.5.3-1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-debuginfo-31.5.3-1.el6_6\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-31.5.3-3.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-debuginfo-31.5.3-3.el7_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-07-30T13:44:39", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/"], "pluginID": "82042", "description": "The version of Mozilla SeaMonkey installed on the remote host is prior to 2.33.1. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists due to an out-of-bounds error in typed array bounds checking within 'asmjs/AsmJSValidate.cpp', which relates to just-in-time compilation for JavaScript. A remote attacker, using a specially crafted web page, can exploit this to execute arbitrary code by reading and writing to memory. (CVE-2015-0817)\n\n - A privilege escalation vulnerability exists due to a flaw within 'docshell/base/nsDocShell.cpp', which relates to SVG format content navigation. A remote attacker can exploit this to bypass same-origin policy protections, allowing a possible execution of arbitrary scripts in a privileged context. (CVE-2015-0818)", "edition": 3, "reporter": "Tenable", "published": "2015-03-24T00:00:00", "title": "SeaMonkey < 2.33.1 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2018-07-27T00:00:00", "cpe": ["cpe:/a:mozilla:seamonkey"], "id": "SEAMONKEY_2_33_1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82042", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82042);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_bugtraq_id(73263, 73265);\n\n script_name(english:\"SeaMonkey < 2.33.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of SeaMonkey.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla SeaMonkey installed on the remote host is prior\nto 2.33.1. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists due to an\n out-of-bounds error in typed array bounds checking\n within 'asmjs/AsmJSValidate.cpp', which relates to\n just-in-time compilation for JavaScript. A remote\n attacker, using a specially crafted web page, can\n exploit this to execute arbitrary code by reading and\n writing to memory. (CVE-2015-0817)\n\n - A privilege escalation vulnerability exists due to a\n flaw within 'docshell/base/nsDocShell.cpp', which\n relates to SVG format content navigation. A remote\n attacker can exploit this to bypass same-origin policy\n protections, allowing a possible execution of arbitrary\n scripts in a privileged context. (CVE-2015-0818)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to SeaMonkey 2.33.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:seamonkey\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"SeaMonkey/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/SeaMonkey/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"SeaMonkey\");\n\nmozilla_check_version(installs:installs, product:'seamonkey', fix:'2.33.1', severity:SECURITY_HOLE, xss:FALSE, xsrf:TRUE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:38:43", "references": ["https://oss.oracle.com/pipermail/el-errata/2015-March/004929.html", "https://oss.oracle.com/pipermail/el-errata/2015-March/004932.html", "https://oss.oracle.com/pipermail/el-errata/2015-March/004930.html"], "pluginID": "82065", "edition": 2, "description": "From Red Hat Security Advisory 2015:0718 :\n\nUpdated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.\n\nTwo flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0817, CVE-2015-0818)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges ilxu1a and Mariusz Mlynski as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain Firefox version 31.5.3 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.", "reporter": "Tenable", "published": "2015-03-25T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "nessus", "title": "Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-0718)", "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:7"], "modified": "2015-12-04T00:00:00", "id": "ORACLELINUX_ELSA-2015-0718.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82065", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0718 and \n# Oracle Linux Security Advisory ELSA-2015-0718 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82065);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2015/12/04 14:37:59 $\");\n\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_xref(name:\"RHSA\", value:\"2015:0718\");\n\n script_name(english:\"Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-0718)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0718 :\n\nUpdated firefox packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nTwo flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-0817, CVE-2015-0818)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges ilxu1a and Mariusz Mlynski as the\noriginal reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 31.5.3 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-March/004929.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-March/004930.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-March/004932.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"firefox-31.5.3-1.0.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"firefox-31.5.3-1.0.1.el6_6\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"firefox-31.5.3-3.0.1.el7_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:42:00", "references": ["http://www.nessus.org/u?522d76ad"], "pluginID": "82264", "description": "Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0817, CVE-2015-0818)\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", "edition": 2, "reporter": "Tenable", "published": "2015-03-26T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "nessus", "title": "Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64", "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "modified": "2015-04-05T00:00:00", "id": "SL_20150324_FIREFOX_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82264", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82264);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/04/05 04:38:20 $\");\n\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2015-0817, CVE-2015-0818)\n\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1503&L=scientific-linux-errata&T=0&P=1780\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?522d76ad\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"firefox-31.5.3-1.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"firefox-debuginfo-31.5.3-1.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"firefox-31.5.3-1.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"firefox-debuginfo-31.5.3-1.el6_6\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-31.5.3-3.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-debuginfo-31.5.3-3.el7_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:36:48", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=923534", "http://www.mozilla.org/security/announce/2015/mfsa2015-28.html", "http://support.novell.com/security/cve/CVE-2015-0818.html", "http://support.novell.com/security/cve/CVE-2015-0817.html", "http://www.mozilla.org/security/announce/2015/mfsa2015-29.html"], "pluginID": "82068", "description": "Mozilla Firefox was updated to the 31.5.3ESR release to fix two security vulnerabilities :\n\n - Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation (JIT) and its management of bounds checking for heap access. This flaw can be leveraged into the reading and writing of memory allowing for arbitary code execution on the local system. (MFSA 2015-29 / CVE-2015-0817)\n\n - Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation. (MFSA 2015-28 / CVE-2015-0818)", "edition": 2, "reporter": "Tenable", "published": "2015-03-25T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "nessus", "title": "SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 10524)", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox"], "modified": "2015-04-05T00:00:00", "id": "SUSE_11_FIREFOX-20150323-150324.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82068", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82068);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/04/05 04:38:20 $\");\n\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n\n script_name(english:\"SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 10524)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was updated to the 31.5.3ESR release to fix two\nsecurity vulnerabilities :\n\n - Security researcher ilxu1a reported, through HP Zero Day\n Initiative's Pwn2Own contest, a flaw in Mozilla's\n implementation of typed array bounds checking in\n JavaScript just-in-time compilation (JIT) and its\n management of bounds checking for heap access. This flaw\n can be leveraged into the reading and writing of memory\n allowing for arbitary code execution on the local\n system. (MFSA 2015-29 / CVE-2015-0817)\n\n - Security researcher Mariusz Mlynski reported, through HP\n Zero Day Initiative's Pwn2Own contest, a method to run\n arbitrary scripts in a privileged context. This bypassed\n the same-origin policy protections by using a flaw in\n the processing of SVG format content navigation. (MFSA\n 2015-28 / CVE-2015-0818)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2015/mfsa2015-28.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2015/mfsa2015-29.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=923534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0818.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10524.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-31.5.3esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-translations-31.5.3esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-31.5.3esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-31.5.3esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"MozillaFirefox-31.5.3esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"MozillaFirefox-translations-31.5.3esr-0.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:33:10", "references": [], "pluginID": "82022", "description": "A flaw was discovered in the implementation of typed array bounds checking in the JavaScript just-in-time compilation. If a user were tricked in to opening a specially crafted website, an attacked could exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0817)\n\nMariusz Mlynski discovered a flaw in the processing of SVG format content navigation. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to run arbitrary script in a privileged context. (CVE-2015-0818).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "reporter": "Tenable", "published": "2015-03-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : firefox vulnerabilities (USN-2538-1)", "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "modified": "2016-05-24T00:00:00", "id": "UBUNTU_USN-2538-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82022", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2538-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82022);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2016/05/24 17:37:08 $\");\n\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_bugtraq_id(73263, 73265);\n script_xref(name:\"USN\", value:\"2538-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : firefox vulnerabilities (USN-2538-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was discovered in the implementation of typed array bounds\nchecking in the JavaScript just-in-time compilation. If a user were\ntricked in to opening a specially crafted website, an attacked could\nexploit this to execute arbitrary code with the privileges of the user\ninvoking Firefox. (CVE-2015-0817)\n\nMariusz Mlynski discovered a flaw in the processing of SVG format\ncontent navigation. If a user were tricked in to opening a specially\ncrafted website, an attacker could exploit this to run arbitrary\nscript in a privileged context. (CVE-2015-0818).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2016 Canonical, Inc. / NASL script (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"36.0.4+build1-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"firefox\", pkgver:\"36.0.4+build1-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"firefox\", pkgver:\"36.0.4+build1-0ubuntu0.14.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "mozilla": [{"lastseen": "2016-09-05T13:37:48", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=1144988"], "edition": 1, "description": "Security researcher Mariusz Mlynski reported, through HP\nZero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a\nprivileged context. This bypassed the same-origin policy protections by using a\nflaw in the processing of SVG format content navigation.\n\nAn incomplete version of this fix was shipped in Firefox 36.0.3\nand Firefox ESR 31.5.2.", "reporter": "Mozilla Foundation", "published": "2015-03-20T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "mozilla", "title": "Privilege escalation through SVG navigation", "bulletinFamily": "software", "affectedSoftware": [{"name": "SeaMonkey", "version": "2.33.1", "operator": "lt"}, {"name": "Firefox ESR", "version": "31.5.3", "operator": "lt"}, {"name": "Firefox", "version": "36.0.4", "operator": "lt"}], "cvelist": ["CVE-2015-0818"], "modified": "2015-03-20T00:00:00", "id": "MFSA2015-28", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2015-28/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-05T13:37:51", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=1145255"], "description": "Security researcher ilxu1a reported, through HP Zero Day\nInitiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array\nbounds checking in JavaScript just-in-time compilation (JIT) and its management\nof bounds checking for heap access. This flaw can be leveraged into the reading\nand writing of memory allowing for arbitary code execution on the local system.", "edition": 1, "reporter": "Mozilla Foundation", "published": "2015-03-20T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "mozilla", "title": "Code execution through incorrect JavaScript bounds checking elimination", "bulletinFamily": "software", "affectedSoftware": [{"name": "SeaMonkey", "version": "2.33.1", "operator": "lt"}, {"name": "Firefox ESR", "version": "31.5.2", "operator": "lt"}, {"name": "Firefox", "version": "36.0.3", "operator": "lt"}], "cvelist": ["CVE-2015-0817"], "modified": "2015-03-20T00:00:00", "id": "MFSA2015-29", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2015-29/", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2018-04-10T05:09:01", "references": ["https://rhn.redhat.com/errata/RHSA-2015-0718.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "7", "packageVersion": "31.5.3-3.el7.centos", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-31.5.3-3.el7.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "31.5.3-3.el7.centos", "arch": "i686", "packageName": "firefox", "packageFilename": "firefox-31.5.3-3.el7.centos.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "31.5.3-3.el7.centos", "arch": "any", "packageName": "firefox", "packageFilename": "firefox-31.5.3-3.el7.centos.src.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2015:0718\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nTwo flaws were found in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2015-0817, CVE-2015-0818)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges ilxu1a and Mariusz Mlynski as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 31.5.3 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/021044.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0718.html", "edition": 5, "reporter": "CentOS Project", "published": "2015-04-01T04:07:06", "title": "firefox security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-04-01T04:07:06", "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/021044.html", "id": "CESA-2015:0718", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-07-10T14:43:33", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "i386", "packageName": "firefox", "packageFilename": "firefox-31.5.3-1.el5_11.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "ia64", "packageName": "firefox", "packageFilename": "firefox-31.5.3-1.el5_11.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "ppc", "packageName": "firefox", "packageFilename": "firefox-31.5.3-1.el5_11.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "s390", "packageName": "firefox", "packageFilename": "firefox-31.5.3-1.el5_11.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "s390x", "packageName": "firefox", "packageFilename": "firefox-31.5.3-1.el5_11.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "src", "packageName": "firefox", "packageFilename": "firefox-31.5.3-1.el5_11.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-31.5.3-1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "31.5.3-3.ael7b_1", "arch": "ppc64le", "packageName": "firefox", "packageFilename": "firefox-31.5.3-3.ael7b_1.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "31.5.3-3.ael7b_1", "arch": "src", "packageName": "firefox", "packageFilename": "firefox-31.5.3-3.ael7b_1.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "i686", "packageName": "firefox", "packageFilename": "firefox-31.5.3-3.el7_1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "ppc", "packageName": "firefox", "packageFilename": "firefox-31.5.3-3.el7_1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "ppc64", "packageName": "firefox", "packageFilename": "firefox-31.5.3-3.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "s390", "packageName": "firefox", "packageFilename": "firefox-31.5.3-3.el7_1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "s390x", "packageName": "firefox", "packageFilename": "firefox-31.5.3-3.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "src", "packageName": "firefox", "packageFilename": "firefox-31.5.3-3.el7_1.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-31.5.3-3.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "i386", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-1.el5_11.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "ia64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-1.el5_11.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "ppc", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-1.el5_11.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "s390", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-1.el5_11.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "s390x", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-1.el5_11.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "31.5.3-1.el5_11", "arch": "x86_64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "31.5.3-3.ael7b_1", "arch": "ppc64le", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-3.ael7b_1.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "i686", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-3.el7_1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "ppc", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-3.el7_1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "ppc64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-3.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "s390", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-3.el7_1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "s390x", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-3.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "31.5.3-3.el7_1", "arch": "x86_64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-31.5.3-3.el7_1.x86_64.rpm", "operator": "lt"}], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nTwo flaws were found in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2015-0817, CVE-2015-0818)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges ilxu1a and Mariusz Mlynski as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 31.5.3 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.", "reporter": "RedHat", "published": "2015-03-24T13:55:07", "type": "redhat", "title": "(RHSA-2015:0718) Critical: firefox security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0817", "CVE-2015-0818"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-07-10T18:11:17", "id": "RHSA-2015:0718", "href": "https://access.redhat.com/errata/RHSA-2015:0718", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2016-09-02T18:19:43", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-all", "arch": "all", "packageFilename": "iceweasel-l10n-all_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-is", "arch": "all", "packageFilename": "iceweasel-l10n-is_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-en-gb", "arch": "all", "packageFilename": "iceweasel-l10n-en-gb_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-eo", "arch": "all", "packageFilename": "iceweasel-l10n-eo_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "xulrunner-17.0", "arch": "all", "packageFilename": "xulrunner-17.0_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-uk", "arch": "all", "packageFilename": "iceweasel-l10n-uk_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-af", "arch": "all", "packageFilename": "iceweasel-l10n-af_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "libmozjs-dev", "arch": "all", "packageFilename": "libmozjs-dev_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-id", "arch": "all", "packageFilename": "iceweasel-l10n-id_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-ta-lk", "arch": "all", "packageFilename": "iceweasel-l10n-ta-lk_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-nl", "arch": "all", "packageFilename": "iceweasel-l10n-nl_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-sv-se", "arch": "all", "packageFilename": "iceweasel-l10n-sv-se_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "xulrunner-dev", "arch": "all", "packageFilename": "xulrunner-dev_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-zh-tw", "arch": "all", "packageFilename": "iceweasel-l10n-zh-tw_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-az", "arch": "all", "packageFilename": "iceweasel-l10n-az_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-ja", "arch": "all", "packageFilename": "iceweasel-l10n-ja_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-hu", "arch": "all", "packageFilename": "iceweasel-l10n-hu_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-as", "arch": "all", "packageFilename": "iceweasel-l10n-as_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-mr", "arch": "all", "packageFilename": "iceweasel-l10n-mr_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-te", "arch": "all", "packageFilename": "iceweasel-l10n-te_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-ca", "arch": "all", "packageFilename": "iceweasel-l10n-ca_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-ms", "arch": "all", "packageFilename": "iceweasel-l10n-ms_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-pt-pt", "arch": "all", "packageFilename": "iceweasel-l10n-pt-pt_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-rm", "arch": "all", "packageFilename": "iceweasel-l10n-rm_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-eu", "arch": "all", "packageFilename": "iceweasel-l10n-eu_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-el", "arch": "all", "packageFilename": "iceweasel-l10n-el_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-dev", "arch": "all", "packageFilename": "iceweasel-dev_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-lv", "arch": "all", "packageFilename": "iceweasel-l10n-lv_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-pt-br", "arch": "all", "packageFilename": "iceweasel-l10n-pt-br_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-hi-in", "arch": "all", "packageFilename": "iceweasel-l10n-hi-in_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-bs", "arch": "all", "packageFilename": "iceweasel-l10n-bs_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-pa-in", "arch": "all", "packageFilename": "iceweasel-l10n-pa-in_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-fa", "arch": "all", "packageFilename": "iceweasel-l10n-fa_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-kk", "arch": "all", "packageFilename": "iceweasel-l10n-kk_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-mk", "arch": "all", "packageFilename": "iceweasel-l10n-mk_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-zh-cn", "arch": "all", "packageFilename": "iceweasel-l10n-zh-cn_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-csb", "arch": "all", "packageFilename": "iceweasel-l10n-csb_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-lij", "arch": "all", "packageFilename": "iceweasel-l10n-lij_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-ar", "arch": "all", "packageFilename": "iceweasel-l10n-ar_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-gl", "arch": "all", "packageFilename": "iceweasel-l10n-gl_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-xh", "arch": "all", "packageFilename": "iceweasel-l10n-xh_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-uz", "arch": "all", "packageFilename": "iceweasel-l10n-uz_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-ga-ie", "arch": "all", "packageFilename": "iceweasel-l10n-ga-ie_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-ast", "arch": "all", "packageFilename": "iceweasel-l10n-ast_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-dsb", "arch": "all", "packageFilename": "iceweasel-l10n-dsb_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-lt", "arch": "all", "packageFilename": "iceweasel-l10n-lt_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-sr", "arch": "all", "packageFilename": "iceweasel-l10n-sr_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-gd", "arch": "all", "packageFilename": "iceweasel-l10n-gd_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-bg", "arch": "all", "packageFilename": "iceweasel-l10n-bg_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-ro", "arch": "all", "packageFilename": "iceweasel-l10n-ro_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-fr", "arch": "all", "packageFilename": "iceweasel-l10n-fr_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-sk", "arch": "all", "packageFilename": "iceweasel-l10n-sk_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-or", "arch": "all", "packageFilename": "iceweasel-l10n-or_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-ff", "arch": "all", "packageFilename": "iceweasel-l10n-ff_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "xulrunner-17.0-dbg", "arch": "all", "packageFilename": "xulrunner-17.0-dbg_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-th", "arch": "all", "packageFilename": "iceweasel-l10n-th_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-hsb", "arch": "all", "packageFilename": "iceweasel-l10n-hsb_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-ko", "arch": "all", "packageFilename": "iceweasel-l10n-ko_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-km", "arch": "all", "packageFilename": "iceweasel-l10n-km_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-cs", "arch": "all", "packageFilename": "iceweasel-l10n-cs_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-es-cl", "arch": "all", "packageFilename": "iceweasel-l10n-es-cl_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-mai", "arch": "all", "packageFilename": "iceweasel-l10n-mai_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-de", "arch": "all", "packageFilename": "iceweasel-l10n-de_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-sl", "arch": "all", "packageFilename": "iceweasel-l10n-sl_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-gu-in", "arch": "all", "packageFilename": "iceweasel-l10n-gu-in_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-br", "arch": "all", "packageFilename": "iceweasel-l10n-br_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-cy", "arch": "all", "packageFilename": "iceweasel-l10n-cy_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-es-ar", "arch": "all", "packageFilename": "iceweasel-l10n-es-ar_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-es-mx", "arch": "all", "packageFilename": "iceweasel-l10n-es-mx_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-ru", "arch": "all", "packageFilename": "iceweasel-l10n-ru_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel", "arch": "all", "packageFilename": "iceweasel_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-ku", "arch": "all", "packageFilename": "iceweasel-l10n-ku_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-es-es", "arch": "all", "packageFilename": "iceweasel-l10n-es-es_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-nb-no", "arch": "all", "packageFilename": "iceweasel-l10n-nb-no_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-ml", "arch": "all", "packageFilename": "iceweasel-l10n-ml_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-an", "arch": "all", "packageFilename": "iceweasel-l10n-an_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-he", "arch": "all", "packageFilename": "iceweasel-l10n-he_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-vi", "arch": "all", "packageFilename": "iceweasel-l10n-vi_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "libmozjs17d", "arch": "all", "packageFilename": "libmozjs17d_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-dbg", "arch": "all", "packageFilename": "iceweasel-dbg_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-en-za", "arch": "all", "packageFilename": "iceweasel-l10n-en-za_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-son", "arch": "all", "packageFilename": "iceweasel-l10n-son_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-pl", "arch": "all", "packageFilename": "iceweasel-l10n-pl_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-bn-in", "arch": "all", "packageFilename": "iceweasel-l10n-bn-in_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "spidermonkey-bin", "arch": "all", "packageFilename": "spidermonkey-bin_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-nso", "arch": "all", "packageFilename": "iceweasel-l10n-nso_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-kn", "arch": "all", "packageFilename": "iceweasel-l10n-kn_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-et", "arch": "all", "packageFilename": "iceweasel-l10n-et_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-bn-bd", "arch": "all", "packageFilename": "iceweasel-l10n-bn-bd_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-da", "arch": "all", "packageFilename": "iceweasel-l10n-da_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-si", "arch": "all", "packageFilename": "iceweasel-l10n-si_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-ak", "arch": "all", "packageFilename": "iceweasel-l10n-ak_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-lg", "arch": "all", "packageFilename": "iceweasel-l10n-lg_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-fi", "arch": "all", "packageFilename": "iceweasel-l10n-fi_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-zu", "arch": "all", "packageFilename": "iceweasel-l10n-zu_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-be", "arch": "all", "packageFilename": "iceweasel-l10n-be_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-ach", "arch": "all", "packageFilename": "iceweasel-l10n-ach_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "libmozjs17d-dbg", "arch": "all", "packageFilename": "libmozjs17d-dbg_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-ta", "arch": "all", "packageFilename": "iceweasel-l10n-ta_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-nn-no", "arch": "all", "packageFilename": "iceweasel-l10n-nn-no_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-tr", "arch": "all", "packageFilename": "iceweasel-l10n-tr_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-hy-am", "arch": "all", "packageFilename": "iceweasel-l10n-hy-am_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-it", "arch": "all", "packageFilename": "iceweasel-l10n-it_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-sq", "arch": "all", "packageFilename": "iceweasel-l10n-sq_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-hr", "arch": "all", "packageFilename": "iceweasel-l10n-hr_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "31.5.3esr-1~deb7u1", "packageName": "iceweasel-l10n-fy-nl", "arch": "all", "packageFilename": "iceweasel-l10n-fy-nl_31.5.3esr-1~deb7u1_all.deb", "operator": "lt"}], "edition": 1, "description": "Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2015-0817](<https://security-tracker.debian.org/tracker/CVE-2015-0817>)\n\nilxu1a reported a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation (JIT) and its management of bounds checking for heap access. This flaw can be leveraged into the reading and writing of memory allowing for arbitary code execution on the local system.\n\n * [CVE-2015-0818](<https://security-tracker.debian.org/tracker/CVE-2015-0818>)\n\nMariusz Mlynski discovered a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation.\n\nFor the stable distribution (wheezy), these problems have been fixed in version 31.5.3esr-1~deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in version 31.5.3esr-1.\n\nWe recommend that you upgrade your iceweasel packages.", "reporter": "Debian", "published": "2015-03-22T00:00:00", "title": "iceweasel -- security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-03-22T00:00:00", "href": "http://www.debian.org/security/dsa-3201", "id": "DSA-3201", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:18:43", "references": ["https://bugzilla.suse.com/923534"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-31.5.3esr-27.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-31.5.3esr-27.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-31.5.3esr-27.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-31.5.3esr-27.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-31.5.3esr-27.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-devel", "packageFilename": "MozillaFirefox-devel-31.5.3esr-27.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-31.5.3esr-27.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-31.5.3esr-27.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-31.5.3esr-27.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-31.5.3esr-27.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-devel", "packageFilename": "MozillaFirefox-devel-31.5.3esr-27.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-31.5.3esr-27.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-31.5.3esr-27.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-31.5.3esr-27.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-31.5.3esr-27.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-31.5.3esr-27.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-31.5.3esr-27.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-31.5.3esr-27.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-31.5.3esr-27.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-31.5.3esr-27.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-devel", "packageFilename": "MozillaFirefox-devel-31.5.3esr-27.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-31.5.3esr-27.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-31.5.3esr-27.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-31.5.3esr-27.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "31.5.3esr-27.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-31.5.3esr-27.1.s390x.rpm", "arch": "s390x", "operator": "lt"}], "description": "MozillaFirefox was updated to the 31.5.3ESR release to fix two security\n vulnerabilities:\n\n MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported, through\n HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's\n implementation of typed array bounds checking in JavaScript just-in-time\n compilation (JIT) and its management of bounds checking for heap access.\n This flaw can be leveraged into the reading and writing of memory allowing\n for arbitary code execution on the local system.\n\n MFSA 2015-28 / CVE-2015-0818: Security researcher Mariusz Mlynski\n reported, through HP Zero Day Initiative's Pwn2Own contest, a method to\n run arbitrary scripts in a privileged context. This bypassed the\n same-origin policy protections by using a flaw in the processing of SVG\n format content navigation.\n\n", "edition": 1, "reporter": "Suse", "published": "2015-03-30T19:04:59", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "suse", "title": "Security update for MozillaFirefox (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-03-30T19:04:59", "id": "SUSE-SU-2015:0630-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00035.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:57:33", "references": ["https://download.suse.com/patch/finder/?keywords=b6ab105b8070b709479f15ffdade4cf5", "https://download.suse.com/patch/finder/?keywords=d22145407e04e2836b7712bde079dc1b", "https://bugzilla.suse.com/923534", "https://download.suse.com/patch/finder/?keywords=46e1d668433ddb6f934feef219ec5983"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "31.5.3esr-0.5.2", "arch": "i586", "packageFilename": "MozillaFirefox-31.5.3esr-0.5.2.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "31.5.3esr-0.3.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.3.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "31.5.3esr-0.3.1", "arch": "i586", "packageFilename": "MozillaFirefox-31.5.3esr-0.3.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "31.5.3esr-0.3.1", "arch": "s390x", "packageFilename": "MozillaFirefox-31.5.3esr-0.3.1.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "31.5.3esr-0.3.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.3.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "31.5.3esr-0.3.1", "arch": "s390x", "packageFilename": "MozillaFirefox-31.5.3esr-0.3.1.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "31.5.3esr-0.5.2", "arch": "i586", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.5.2.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "31.5.3esr-0.3.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-31.5.3esr-0.3.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "31.5.3esr-0.3.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.3.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "31.5.3esr-0.5.2", "arch": "s390x", "packageFilename": "MozillaFirefox-31.5.3esr-0.5.2.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "31.5.3esr-0.3.1", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.3.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "31.5.3esr-0.3.1", "arch": "i586", "packageFilename": "MozillaFirefox-31.5.3esr-0.3.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "31.5.3esr-0.5.2", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.5.2.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "31.5.3esr-0.3.1", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.3.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "31.5.3esr-0.3.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-31.5.3esr-0.3.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "31.5.3esr-0.3.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.3.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}], "description": "MozillaFirefox was updated to the 31.5.3ESR release to fix two security\n vulnerabilities:\n\n *\n\n MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported,\n through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's\n implementation of typed array bounds checking in JavaScript just-in-time\n compilation (JIT) and its management of bounds checking for heap access.\n This flaw can be leveraged into the reading and writing of memory allowing\n for arbitrary code execution on the local system.\n\n *\n\n MFSA 2015-28 / CVE-2015-0818: Security researcher Mariusz Mlynski\n reported, through HP Zero Day Initiative's Pwn2Own contest, a method to\n run arbitrary scripts in a privileged context. This bypassed the\n same-origin policy protections by using a flaw in the processing of SVG\n format content navigation.\n\n Security Issues:\n\n * CVE-2015-0817\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817</a>>\n * CVE-2015-0818\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818</a>>\n\n", "edition": 1, "reporter": "Suse", "published": "2015-03-28T01:05:57", "title": "Security update for MozillaFirefox (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-03-28T01:05:57", "id": "SUSE-SU-2015:0593-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00034.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:40:21", "references": ["http://download.suse.com/patch/finder/?keywords=c769ca2ba75baf304d03ef988f02dabf", "https://bugzilla.suse.com/923534"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox-translations", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-31.5.3esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-31.5.3esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-31.5.3esr-0.8.1.ia64.rpm", "packageName": "MozillaFirefox", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.8.1.ia64.rpm", "packageName": "MozillaFirefox-translations", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-31.5.3esr-0.8.1.ppc64.rpm", "packageName": "MozillaFirefox", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.8.1.ppc64.rpm", "packageName": "MozillaFirefox-translations", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-31.5.3esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-devel-31.5.3esr-0.8.1.s390x.rpm", "packageName": "MozillaFirefox-devel", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.8.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-devel-31.5.3esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-31.5.3esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox-translations", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-devel-31.5.3esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-31.5.3esr-0.8.1.s390x.rpm", "packageName": "MozillaFirefox", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-devel-31.5.3esr-0.8.1.ia64.rpm", "packageName": "MozillaFirefox-devel", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-31.5.3esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-31.5.3esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox-translations", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-translations-31.5.3esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "31.5.3esr-0.8.1", "packageFilename": "MozillaFirefox-devel-31.5.3esr-0.8.1.ppc64.rpm", "packageName": "MozillaFirefox-devel", "arch": "ppc64", "operator": "lt"}], "description": "MozillaFirefox was updated to the 31.5.3ESR release to fix two security\n vulnerabilities:\n\n *\n\n MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported,\n through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's\n implementation of typed array bounds checking in JavaScript just-in-time\n compilation (JIT) and its management of bounds checking for heap access.\n This flaw can be leveraged into the reading and writing of memory allowing\n for arbitary code execution on the local system.\n\n *\n\n MFSA 2015-28 / CVE-2015-0818: Security researcher Mariusz Mlynski\n reported, through HP Zero Day Initiative's Pwn2Own contest, a method to\n run arbitrary scripts in a privileged context. This bypassed the\n same-origin policy protections by using a flaw in the processing of SVG\n format content navigation.\n\n Security Issues:\n\n * CVE-2015-0817\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817</a>>\n * CVE-2015-0818\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818</a>>\n\n", "edition": 1, "reporter": "Suse", "published": "2015-03-25T04:04:55", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "suse", "title": "Security update for Mozilla Firefox (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-03-25T04:04:55", "id": "SUSE-SU-2015:0593-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00029.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:27:16", "references": ["https://bugzilla.suse.com/923534"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "x86_64", "packageFilename": "seamonkey-2.33.1-53.1.x86_64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "x86_64", "packageFilename": "seamonkey-2.33.1-17.1.x86_64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "x86_64", "packageFilename": "seamonkey-debugsource-2.33.1-17.1.x86_64.rpm", "packageName": "seamonkey-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "x86_64", "packageFilename": "seamonkey-translations-other-2.33.1-53.1.x86_64.rpm", "packageName": "seamonkey-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "i586", "packageFilename": "seamonkey-2.33.1-53.1.i586.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "i586", "packageFilename": "seamonkey-translations-common-2.33.1-53.1.i586.rpm", "packageName": "seamonkey-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "x86_64", "packageFilename": "seamonkey-debuginfo-2.33.1-17.1.x86_64.rpm", "packageName": "seamonkey-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "x86_64", "packageFilename": "seamonkey-dom-inspector-2.33.1-53.1.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "i586", "packageFilename": "seamonkey-debugsource-2.33.1-53.1.i586.rpm", "packageName": "seamonkey-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "x86_64", "packageFilename": "seamonkey-translations-common-2.33.1-53.1.x86_64.rpm", "packageName": "seamonkey-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "x86_64", "packageFilename": "seamonkey-debugsource-2.33.1-53.1.x86_64.rpm", "packageName": "seamonkey-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "i586", "packageFilename": "seamonkey-translations-other-2.33.1-17.1.i586.rpm", "packageName": "seamonkey-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "i586", "packageFilename": "seamonkey-translations-common-2.33.1-17.1.i586.rpm", "packageName": "seamonkey-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "i586", "packageFilename": "seamonkey-debugsource-2.33.1-17.1.i586.rpm", "packageName": "seamonkey-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "x86_64", "packageFilename": "seamonkey-irc-2.33.1-53.1.x86_64.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "i586", "packageFilename": "seamonkey-irc-2.33.1-17.1.i586.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "x86_64", "packageFilename": "seamonkey-translations-other-2.33.1-17.1.x86_64.rpm", "packageName": "seamonkey-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "i586", "packageFilename": "seamonkey-dom-inspector-2.33.1-53.1.i586.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "x86_64", "packageFilename": "seamonkey-dom-inspector-2.33.1-17.1.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "i586", "packageFilename": "seamonkey-debuginfo-2.33.1-53.1.i586.rpm", "packageName": "seamonkey-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "i586", "packageFilename": "seamonkey-irc-2.33.1-53.1.i586.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "i586", "packageFilename": "seamonkey-translations-other-2.33.1-53.1.i586.rpm", "packageName": "seamonkey-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "x86_64", "packageFilename": "seamonkey-irc-2.33.1-17.1.x86_64.rpm", "packageName": "seamonkey-irc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "i586", "packageFilename": "seamonkey-2.33.1-17.1.i586.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "x86_64", "packageFilename": "seamonkey-translations-common-2.33.1-17.1.x86_64.rpm", "packageName": "seamonkey-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "i586", "packageFilename": "seamonkey-debuginfo-2.33.1-17.1.i586.rpm", "packageName": "seamonkey-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "2.33.1-17.1", "arch": "i586", "packageFilename": "seamonkey-dom-inspector-2.33.1-17.1.i586.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.33.1-53.1", "arch": "x86_64", "packageFilename": "seamonkey-debuginfo-2.33.1-53.1.x86_64.rpm", "packageName": "seamonkey-debuginfo", "operator": "lt"}], "description": "SeaMonkey was updated to 2.33.1 to fix several vulnerabilities.\n\n The following vulnerabilities were fixed:\n\n * Privilege escalation through SVG navigation (CVE-2015-0818)\n * Code execution through incorrect JavaScript bounds checking elimination\n (CVE-2015-0817)\n\n", "edition": 1, "reporter": "Suse", "published": "2015-03-30T23:04:47", "title": "Security update for seamonkey (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-03-30T23:04:47", "id": "OPENSUSE-SU-2015:0636-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00036.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:18:23", "references": ["https://bugzilla.suse.com/923534"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-36.0.4-63.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-devel", "packageFilename": "MozillaFirefox-devel-36.0.4-63.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-branding-upstream", "packageFilename": "MozillaFirefox-branding-upstream-36.0.4-63.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-36.0.4-63.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-buildsymbols", "packageFilename": "MozillaFirefox-buildsymbols-36.0.4-63.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-36.0.4-18.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-translations-other", "packageFilename": "MozillaFirefox-translations-other-36.0.4-18.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-branding-upstream", "packageFilename": "MozillaFirefox-branding-upstream-36.0.4-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-buildsymbols", "packageFilename": "MozillaFirefox-buildsymbols-36.0.4-18.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-buildsymbols", "packageFilename": "MozillaFirefox-buildsymbols-36.0.4-63.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-devel", "packageFilename": "MozillaFirefox-devel-36.0.4-63.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-translations-common", "packageFilename": "MozillaFirefox-translations-common-36.0.4-63.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-translations-other", "packageFilename": "MozillaFirefox-translations-other-36.0.4-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-36.0.4-63.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-36.0.4-18.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-36.0.4-63.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-buildsymbols", "packageFilename": "MozillaFirefox-buildsymbols-36.0.4-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-36.0.4-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-devel", "packageFilename": "MozillaFirefox-devel-36.0.4-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-36.0.4-63.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-36.0.4-18.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-translations-other", "packageFilename": "MozillaFirefox-translations-other-36.0.4-63.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-36.0.4-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-translations-common", "packageFilename": "MozillaFirefox-translations-common-36.0.4-63.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-translations-common", "packageFilename": "MozillaFirefox-translations-common-36.0.4-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-devel", "packageFilename": "MozillaFirefox-devel-36.0.4-18.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-translations-common", "packageFilename": "MozillaFirefox-translations-common-36.0.4-18.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-branding-upstream", "packageFilename": "MozillaFirefox-branding-upstream-36.0.4-63.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-36.0.4-18.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "36.0.4-18.1", "packageName": "MozillaFirefox-branding-upstream", "packageFilename": "MozillaFirefox-branding-upstream-36.0.4-18.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-36.0.4-63.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "36.0.4-63.1", "packageName": "MozillaFirefox-translations-other", "packageFilename": "MozillaFirefox-translations-other-36.0.4-63.1.i586.rpm", "arch": "i586", "operator": "lt"}], "description": "MozillaFirefox was updated to Firefox 36.0.4 to fix two critical security\n issues found during Pwn2Own:\n\n * MFSA 2015-28/CVE-2015-0818 (bmo#1144988) Privilege escalation through\n SVG navigation\n\n * MFSA 2015-29/CVE-2015-0817 (bmo#1145255) Code execution through\n incorrect JavaScript bounds checking elimination\n\n Als fixed were the following bugs:\n - Copy the icons to /usr/share/icons instead of symlinking them: in\n preparation for containerized apps (e.g. xdg-app) as well as AppStream\n metadata extraction, there are a couple locations that need to be real\n files for system integration (.desktop files, icons, mime-type info).\n\n - update to Firefox 36.0.1 Bugfixes:\n * Disable the usage of the ANY DNS query type (bmo#1093983)\n * Hello may become inactive until restart (bmo#1137469)\n * Print preferences may not be preserved (bmo#1136855)\n * Hello contact tabs may not be visible (bmo#1137141)\n * Accept hostnames that include an underscore character ("_")\n (bmo#1136616)\n * WebGL may use significant memory with Canvas2d (bmo#1137251)\n * Option -remote has been restored (bmo#1080319)\n\n", "edition": 1, "reporter": "Suse", "published": "2015-03-26T08:04:49", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for MozillaFirefox (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-03-26T08:04:49", "id": "OPENSUSE-SU-2015:0607-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00030.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:28:41", "references": ["https://bugzilla.suse.com/917597", "https://bugzilla.suse.com/923534"], "affectedPackage": [{"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "i586", "packageFilename": "MozillaFirefox-debuginfo-31.5.3-137.1.i586.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-31.5.3-137.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-devel-31.5.3-137.1.x86_64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-other-31.5.3-137.1.i586.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-buildsymbols-31.5.3-137.1.x86_64.rpm", "packageName": "MozillaFirefox-buildsymbols", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "i586", "packageFilename": "MozillaFirefox-debugsource-31.5.3-137.1.i586.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-other-31.5.3-137.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-common-31.5.3-137.1.i586.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-upstream-31.5.3-137.1.x86_64.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "i586", "packageFilename": "MozillaFirefox-devel-31.5.3-137.1.i586.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-31.5.3-137.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-common-31.5.3-137.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-31.5.3-137.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "i586", "packageFilename": "MozillaFirefox-31.5.3-137.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "i586", "packageFilename": "MozillaFirefox-branding-upstream-31.5.3-137.1.i586.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "31.5.3-137.1", "arch": "i586", "packageFilename": "MozillaFirefox-buildsymbols-31.5.3-137.1.i586.rpm", "packageName": "MozillaFirefox-buildsymbols", "operator": "lt"}], "description": "Update to Firefox 31.5.3 (bnc#923534)\n * MFSA 2015-28/CVE-2015-0818 (bmo#1144988) Privilege escalation through\n SVG navigation\n * MFSA 2015-29/CVE-2015-0817 (bmo#1145255) Code execution through\n incorrect JavaScript bounds checking elimination\n\n - update to Firefox 31.5.0esr (bnc#917597)\n * MFSA 2015-11/CVE-2015-0836 Miscellaneous memory safety hazards\n * MFSA 2015-12/CVE-2015-0833 (bmo#945192) Invoking Mozilla updater will\n load locally stored DLL files (Windows only)\n * MFSA 2015-16/CVE-2015-0831 (bmo#1130514) Use-after-free in IndexedDB\n * MFSA 2015-19/CVE-2015-0827 (bmo#1117304) Out-of-bounds read and write\n while rendering SVG content\n * MFSA 2015-24/CVE-2015-0822 (bmo#1110557) Reading of local files\n through manipulation of form autocomplete\n\n", "edition": 1, "reporter": "Suse", "published": "2015-03-22T21:04:42", "title": "update to Firefox 31.5.3 (important)", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0831", "CVE-2015-0818", "CVE-2015-0817", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827", "CVE-2015-0833"], "modified": "2015-03-22T21:04:42", "id": "OPENSUSE-SU-2015:0567-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2016-09-26T17:24:20", "references": ["https://www.mozilla.org/security/advisories/mfsa2015-29/", "https://www.mozilla.org/security/advisories/mfsa2015-28/", "https://www.mozilla.org/security/advisories/"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "31.5.3", "packageName": "libxul", "arch": "noarch", "packageFilename": "UNKNOWN", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "31.5.3,1", "packageName": "firefox-esr", "arch": "noarch", "packageFilename": "UNKNOWN", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "36.0.4,1", "packageName": "linux-firefox", "arch": "noarch", "packageFilename": "UNKNOWN", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "36.0.4,1", "packageName": "firefox", "arch": "noarch", "packageFilename": "UNKNOWN", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.33.1", "packageName": "linux-seamonkey", "arch": "noarch", "packageFilename": "UNKNOWN", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.33.1", "packageName": "seamonkey", "arch": "noarch", "packageFilename": "UNKNOWN", "operator": "lt"}], "edition": 1, "description": "\nThe Mozilla Project reports:\n\nMFSA-2015-28 Privilege escalation through SVG navigation\nMFSA-2015-29 Code execution through incorrect JavaScript\n\t bounds checking elimination\n\n", "reporter": "FreeBSD", "published": "2015-03-20T00:00:00", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-03-20T00:00:00", "href": "https://vuxml.freebsd.org/freebsd/76ff65f4-17ca-4d3f-864a-a3d6026194fb.html", "id": "76FF65F4-17CA-4D3F-864A-A3D6026194FB", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2016-09-04T11:16:41", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "31.5.3-1.0.1.el5_11", "arch": "x86_64", "packageFilename": "firefox-31.5.3-1.0.1.el5_11.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "31.5.3-3.0.1.el7_1", "arch": "i686", "packageFilename": "firefox-31.5.3-3.0.1.el7_1.i686.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "31.5.3-1.0.1.el6_6", "arch": "src", "packageFilename": "firefox-31.5.3-1.0.1.el6_6.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "31.5.3-1.0.1.el6_6", "arch": "src", "packageFilename": "firefox-31.5.3-1.0.1.el6_6.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "31.5.3-3.0.1.el7_1", "arch": "src", "packageFilename": "firefox-31.5.3-3.0.1.el7_1.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "31.5.3-1.0.1.el5_11", "arch": "src", "packageFilename": "firefox-31.5.3-1.0.1.el5_11.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "31.5.3-1.0.1.el5_11", "arch": "src", "packageFilename": "firefox-31.5.3-1.0.1.el5_11.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "31.5.3-1.0.1.el6_6", "arch": "x86_64", "packageFilename": "firefox-31.5.3-1.0.1.el6_6.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "31.5.3-1.0.1.el5_11", "arch": "i386", "packageFilename": "firefox-31.5.3-1.0.1.el5_11.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "31.5.3-1.0.1.el5_11", "arch": "i386", "packageFilename": "firefox-31.5.3-1.0.1.el5_11.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "31.5.3-1.0.1.el6_6", "arch": "i686", "packageFilename": "firefox-31.5.3-1.0.1.el6_6.i686.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "31.5.3-1.0.1.el6_6", "arch": "i686", "packageFilename": "firefox-31.5.3-1.0.1.el6_6.i686.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "31.5.3-3.0.1.el7_1", "arch": "x86_64", "packageFilename": "firefox-31.5.3-3.0.1.el7_1.x86_64.rpm", "packageName": "firefox", "operator": "lt"}], "description": "[31.5.3-1.0.1.el5_11]\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding Red Hat files\n[31.5.3-1]\n- Update to 31.5.3 ESR\n[31.5.2-1]\n- Update to 31.5.2 ESR\n[31.5.1-1]\n- Update to 31.5.1 ESR", "edition": 1, "reporter": "Oracle", "published": "2015-03-24T00:00:00", "title": "firefox security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "oraclelinux", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-03-24T00:00:00", "href": "http://linux.oracle.com/errata/ELSA-2015-0718.html", "id": "ELSA-2015-0718", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "kaspersky": [{"lastseen": "2018-07-06T07:33:07", "references": [], "description": "### *CVSS*:\n7.5\n\n### *Detect date*:\n03/20/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nAn unspecified vulnerability was found in Mozilla products. By exploiting this vulnerability malicious users execute arbitrary code or gain privileges. This vulnerability can be exploited remotely via a SVG navigation or vectors related to Java-Script JIT.\n\n### *Affected products*:\nFirefox versions earlier than 36.0.4 \nFirefox ESR versions earlier than 31.5.3 \nSeaMonkey versions earlier than 2.33.1\n\n### *Solution*:\nUpdate to latest version \n[Download Mozilla Firefox ESR](<https://www.mozilla.org/en-US/firefox/organizations/all/>) \n[Download Mozilla Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[MFSA](<https://www.mozilla.org/en-US/security/advisories/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla SeaMonkey](<https://threats.kaspersky.com/en/product/Mozilla-SeaMonkey/>)\n\n### *CVE-IDS*:\n[CVE-2015-0817](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817>) \n[CVE-2015-0818](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818>)", "edition": 9, "reporter": "Kaspersky Lab", "published": "2015-03-20T00:00:00", "title": "\r KLA10477Multiple vulnerabilities in Mozilla Firefox and Firefox ESR ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "info", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2018-07-05T00:00:00", "id": "KLA10477", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10477", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:47", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/"], "affectedPackage": [{"OS": "any", "OSVersion": "any", "packageVersion": "36.0.3-1", "packageName": "firefox", "arch": "any", "packageFilename": "UNKNOWN", "operator": "lt"}], "edition": 1, "description": "- CVE-2015-0817 (arbitrary remote code execution):\n\nSecurity researcher ilxu1a reported, through HP Zero Day Initiative's\nPwn2Own contest, a flaw in Mozilla's implementation of typed array\nbounds checking in JavaScript just-in-time compilation (JIT) and its\nmanagement of bounds checking for heap access. This flaw can be\nleveraged into the reading and writing of memory allowing for arbitary\ncode execution on the local system.\n\n- CVE-2015-0818 (same-origin policy bypass):\n\nSecurity researcher Mariusz Mlynski reported, through HP Zero Day\nInitiative's Pwn2Own contest, a method to run arbitrary scripts in a\nprivileged context. This bypassed the same-origin policy protections by\nusing a flaw in the processing of SVG format content navigation.", "reporter": "Arch Linux", "published": "2015-03-21T00:00:00", "title": "firefox: multiple issues", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "archlinux", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-03-21T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html", "id": "ASA-201503-21", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-03-29T18:19:39", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2015-0818", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-0817"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "36.0.4+build1-0ubuntu0.14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "36.0.4+build1-0ubuntu0.12.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "36.0.4+build1-0ubuntu0.14.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}], "description": "A flaw was discovered in the implementation of typed array bounds checking in the Javascript just-in-time compilation. If a user were tricked in to opening a specially crafted website, an attacked could exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0817)\n\nMariusz Mlynski discovered a flaw in the processing of SVG format content navigation. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to run arbitrary script in a privileged context. (CVE-2015-0818)", "edition": 1, "reporter": "Ubuntu", "published": "2015-03-22T00:00:00", "type": "ubuntu", "title": "Firefox vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "modified": "2015-03-22T00:00:00", "href": "https://usn.ubuntu.com/2538-1/", "id": "USN-2538-1", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:40", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5603", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5599", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5606", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1480", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5369", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1556", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0821", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1494", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0819", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1499", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0817", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1567", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1540", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1536", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0824", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0827", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1548", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5596", "https://bugs.gentoo.org/show_bug.cgi?id=541316", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1488", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5591", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5590", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0834", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1526", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1491", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1498", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8637", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1508", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1514", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8642", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5592", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1564", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1576", "https://bugs.gentoo.org/show_bug.cgi?id=512896", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1544", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1594", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5616", "https://bugs.gentoo.org/show_bug.cgi?id=489796", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5593", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1568", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1557", "https://bugs.gentoo.org/show_bug.cgi?id=509050", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1493", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1574", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8640", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1497", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5604", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1531", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1565", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1577", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6672", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0822", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1550", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0836", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1551", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1584", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1534", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5612", "https://bugs.gentoo.org/show_bug.cgi?id=491234", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0825", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5614", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1542", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1487", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6673", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1541", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1524", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1485", "https://bugs.gentoo.org/show_bug.cgi?id=525474", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1560", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1562", "https://bugs.gentoo.org/show_bug.cgi?id=523652", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5609", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1580", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1478", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1585", "https://bugs.gentoo.org/show_bug.cgi?id=531408", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1586", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1533", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1561", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1543", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1587", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5618", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1525", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5613", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1589", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5619", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1529", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1537", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5602", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0833", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1513", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1547", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5601", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1481", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1523", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8639", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1575", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1477", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0826", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8638", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5597", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0823", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1502", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1578", "https://bugs.gentoo.org/show_bug.cgi?id=500320", "https://bugs.gentoo.org/show_bug.cgi?id=505072", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0828", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1532", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1500", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6671", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8634", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5598", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1512", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1518", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0818", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1496", "https://bugs.gentoo.org/show_bug.cgi?id=544056", "https://bugs.gentoo.org/show_bug.cgi?id=536564", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1566", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5600", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1555", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1591", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8635", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5615", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5605", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1483", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1479", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8632", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1545", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1510", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1563", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8641", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1581", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1590", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1504", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5607", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1592", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1582", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1520", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5595", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1505", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1552", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1539", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1554", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8631", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1490", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5610", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1489", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1553", "https://bugs.gentoo.org/show_bug.cgi?id=493850", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1511", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1522", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1519", "https://bugs.gentoo.org/show_bug.cgi?id=522020", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1482", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1530", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1538", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1558", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1593", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1741", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1549", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0832", "https://bugs.gentoo.org/show_bug.cgi?id=517876", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1509", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1559", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0830", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8636", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1486", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2566", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1583", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1588", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0820", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0835", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0831", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0829", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1492"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "31.5.3", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-client/firefox-bin", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "31.5.0", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "mail-client/thunderbird", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.10.6", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-libs/nspr", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "31.5.0", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "mail-client/thunderbird-bin", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.33.1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-client/seamonkey", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "31.5.3", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-client/firefox", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.33.1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-client/seamonkey-bin", "operator": "lt"}], "edition": 1, "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-31.5.3\"\n \n\nAll firefox-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-31.5.3\"\n \n\nAll thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-31.5.0\"\n \n\nAll thunderbird-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-31.5.0\"\n \n\nAll seamonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.33.1\"\n \n\nAll seamonkey-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.33.1\"\n \n\nAll nspr users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nspr-4.10.6\"", "reporter": "Gentoo Foundation", "published": "2015-04-07T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0824", "CVE-2014-1505", "CVE-2014-1536", "CVE-2014-1577", "CVE-2014-1513", "CVE-2013-5601", "CVE-2013-5612", "CVE-2015-0831", "CVE-2013-5595", "CVE-2014-1530", "CVE-2014-1590", "CVE-2014-1586", "CVE-2014-1583", "CVE-2015-0832", "CVE-2013-5616", "CVE-2013-5607", "CVE-2014-1510", "CVE-2014-1566", "CVE-2013-5598", "CVE-2013-5613", "CVE-2014-1522", "CVE-2014-1587", "CVE-2014-1567", "CVE-2014-1481", "CVE-2014-1539", "CVE-2014-1487", "CVE-2015-0825", "CVE-2014-1594", "CVE-2014-1538", "CVE-2013-5609", "CVE-2015-0821", "CVE-2014-1525", "CVE-2013-5619", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1559", "CVE-2014-1537", "CVE-2014-1582", "CVE-2014-1523", "CVE-2014-1576", "CVE-2014-8631", "CVE-2013-5615", "CVE-2014-1529", "CVE-2015-0828", "CVE-2013-5597", "CVE-2014-1543", "CVE-2014-1486", "CVE-2013-5590", "CVE-2013-5605", "CVE-2013-5610", "CVE-2014-1532", "CVE-2013-6671", "CVE-2014-1548", "CVE-2014-1584", "CVE-2014-1588", "CVE-2015-0826", "CVE-2014-1531", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1542", "CVE-2014-1477", "CVE-2014-1578", "CVE-2013-1741", "CVE-2014-1540", "CVE-2014-1534", "CVE-2014-8642", "CVE-2014-1482", "CVE-2014-8637", "CVE-2014-1479", "CVE-2014-1504", "CVE-2014-8636", "CVE-2014-1580", "CVE-2014-1511", "CVE-2015-0819", "CVE-2014-1520", "CVE-2015-0834", "CVE-2014-1545", "CVE-2013-5592", "CVE-2014-1492", "CVE-2014-1556", "CVE-2013-5606", "CVE-2015-0818", "CVE-2014-1563", "CVE-2014-1524", "CVE-2014-8632", "CVE-2014-1512", "CVE-2014-1581", "CVE-2013-5604", "CVE-2014-1514", "CVE-2014-1592", "CVE-2014-8641", "CVE-2014-1490", "CVE-2015-0835", "CVE-2014-1498", "CVE-2014-1589", "CVE-2014-1565", "CVE-2014-1568", "CVE-2014-1555", "CVE-2014-1564", "CVE-2014-1574", "CVE-2014-1558", "CVE-2014-1551", "CVE-2014-1519", "CVE-2014-1547", "CVE-2014-1480", "CVE-2014-5369", "CVE-2014-1500", "CVE-2014-1497", "CVE-2013-5596", "CVE-2014-1478", "CVE-2014-1485", "CVE-2015-0817", "CVE-2014-1493", "CVE-2014-1544", "CVE-2014-8634", "CVE-2013-2566", "CVE-2015-0823", "CVE-2013-5603", "CVE-2013-6673", "CVE-2014-1562", "CVE-2015-0836", "CVE-2014-1541", "CVE-2014-1488", "CVE-2014-1552", "CVE-2013-5599", "CVE-2014-1553", "CVE-2014-8639", "CVE-2015-0829", "CVE-2014-1549", "CVE-2013-5591", "CVE-2013-5602", "CVE-2015-0822", "CVE-2014-1496", "CVE-2014-1554", "CVE-2015-0830", "CVE-2015-0827", "CVE-2014-8640", "CVE-2014-1557", "CVE-2014-1526", "CVE-2013-5593", "CVE-2014-1550", "CVE-2014-1533", "CVE-2014-1491", "CVE-2013-6672", "CVE-2013-5614", "CVE-2014-1575", "CVE-2014-8635", "CVE-2014-8638", "CVE-2014-1560", "CVE-2014-1585", "CVE-2014-1483", "CVE-2014-1489", "CVE-2014-1591", "CVE-2014-1593", "CVE-2015-0820", "CVE-2013-5600", "CVE-2014-1499", "CVE-2014-1518", "CVE-2014-1561", "CVE-2015-0833", "CVE-2013-5618"], "modified": "2015-04-08T00:00:00", "id": "GLSA-201504-01", "href": "https://security.gentoo.org/glsa/201504-01", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}}
