CentOS Update for seamonkey CESA-2008:0547 centos4 x86_64
2009-02-27T00:00:00
ID OPENVAS:1361412562310880052 Type openvas Reporter Copyright (C) 2009 Greenbone Networks GmbH Modified 2018-04-06T00:00:00
Description
Check for the Version of seamonkey
###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for seamonkey CESA-2008:0547 centos4 x86_64
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "SeaMonkey is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.
Multiple flaws were found in the processing of malformed JavaScript
content. A web page containing such malicious content could cause SeaMonkey
to crash or, potentially, execute arbitrary code as the user running
SeaMonkey. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause SeaMonkey to crash or,
potentially, execute arbitrary code as the user running SeaMonkey.
(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)
Several flaws were found in the way malformed web content was displayed. A
web page containing specially-crafted content could potentially trick a
SeaMonkey user into surrendering sensitive information. (CVE-2008-2800)
Two local file disclosure flaws were found in SeaMonkey. A web page
containing malicious content could cause SeaMonkey to reveal the contents
of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)
A flaw was found in the way a malformed .properties file was processed by
SeaMonkey. A malicious extension could read uninitialized memory, possibly
leaking sensitive data to the extension. (CVE-2008-2807)
A flaw was found in the way SeaMonkey escaped a listing of local file
names. If a user could be tricked into listing a local directory containing
malicious file names, arbitrary JavaScript could be run with the
permissions of the user running SeaMonkey. (CVE-2008-2808)
A flaw was found in the way SeaMonkey displayed information about
self-signed certificates. It was possible for a self-signed certificate to
contain multiple alternate name entries, which were not all displayed to
the user, allowing them to mistakenly extend trust to an unknown site.
(CVE-2008-2809)
All SeaMonkey users should upgrade to these updated packages, which contain
backported patches to resolve these issues.";
tag_affected = "seamonkey on CentOS 4";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://lists.centos.org/pipermail/centos-announce/2008-July/015061.html");
script_oid("1.3.6.1.4.1.25623.1.0.880052");
script_version("$Revision: 9370 $");
script_tag(name:"last_modification", value:"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $");
script_tag(name:"creation_date", value:"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_xref(name: "CESA", value: "2008:0547");
script_cve_id("CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811");
script_name( "CentOS Update for seamonkey CESA-2008:0547 centos4 x86_64");
script_tag(name:"summary", value:"Check for the Version of seamonkey");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "CentOS4")
{
if ((res = isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~1.0.9~16.3.el4.centos", rls:"CentOS4")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"seamonkey-chat", rpm:"seamonkey-chat~1.0.9~16.3.el4.centos", rls:"CentOS4")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"seamonkey-devel", rpm:"seamonkey-devel~1.0.9~16.3.el4.centos", rls:"CentOS4")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"seamonkey-dom-inspector", rpm:"seamonkey-dom-inspector~1.0.9~16.3.el4.centos", rls:"CentOS4")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"seamonkey-js-debugger", rpm:"seamonkey-js-debugger~1.0.9~16.3.el4.centos", rls:"CentOS4")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"seamonkey-mail", rpm:"seamonkey-mail~1.0.9~16.3.el4.centos", rls:"CentOS4")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"seamonkey-nspr", rpm:"seamonkey-nspr~1.0.9~16.3.el4.centos", rls:"CentOS4")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"seamonkey-nspr-devel", rpm:"seamonkey-nspr-devel~1.0.9~16.3.el4.centos", rls:"CentOS4")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"seamonkey-nss", rpm:"seamonkey-nss~1.0.9~16.3.el4.centos", rls:"CentOS4")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"seamonkey-nss-devel", rpm:"seamonkey-nss-devel~1.0.9~16.3.el4.centos", rls:"CentOS4")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:1361412562310880052", "type": "openvas", "bulletinFamily": "scanner", "title": "CentOS Update for seamonkey CESA-2008:0547 centos4 x86_64", "description": "Check for the Version of seamonkey", "published": "2009-02-27T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880052", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["http://lists.centos.org/pipermail/centos-announce/2008-July/015061.html", "2008:0547"], "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "lastseen": "2018-04-09T11:39:16", "viewCount": 0, "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2018-04-09T11:39:16", "rev": 2}, "dependencies": {"references": [{"type": "centos", "idList": ["CESA-2008:0549", "CESA-2008:0547-01", "CESA-2008:0547", "CESA-2008:0569"]}, {"type": "redhat", "idList": ["RHSA-2008:0569", "RHSA-2008:0547", "RHSA-2008:0549"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0569", "ELSA-2008-0547", "ELSA-2008-0549"]}, {"type": "openvas", "idList": ["OPENVAS:880261", "OPENVAS:860086", "OPENVAS:1361412562310870117", "OPENVAS:860439", "OPENVAS:1361412562310880194", "OPENVAS:880052", "OPENVAS:860834", "OPENVAS:1361412562310880094", "OPENVAS:1361412562310880039", "OPENVAS:860125"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2008-0547.NASL", "CENTOS_RHSA-2008-0569.NASL", "SL_20080702_SEAMONKEY_ON_SL3_X.NASL", "CENTOS_RHSA-2008-0547.NASL", "ORACLELINUX_ELSA-2008-0569.NASL", "ORACLELINUX_ELSA-2008-0549.NASL", "SL_20080702_FIREFOX_ON_SL4_X.NASL", "FEDORA_2008-6127.NASL", "REDHAT-RHSA-2008-0569.NASL", "CENTOS_RHSA-2008-0549.NASL"]}, {"type": "fedora", "idList": ["FEDORA:M666EBQ2017025", "FEDORA:M666EDWG017042", "FEDORA:M666EBQ3017025", "FEDORA:M666EDWD017042", "FEDORA:M666EDWA017042", "FEDORA:M666EBPX017025", "FEDORA:503791AD4F2", "FEDORA:M666EDWY017042", "FEDORA:M666EFS5017063", "FEDORA:M666EBQ1017025"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1607-1:B84D2"]}, {"type": "cve", "idList": ["CVE-2008-0547"]}], "modified": "2018-04-09T11:39:16", "rev": 2}, "vulnersScore": 6.1}, "pluginID": "1361412562310880052", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0547 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Multiple flaws were found in the processing of malformed JavaScript\n content. A web page containing such malicious content could cause SeaMonkey\n to crash or, potentially, execute arbitrary code as the user running\n SeaMonkey. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n \n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n \n Several flaws were found in the way malformed web content was displayed. A\n web page containing specially-crafted content could potentially trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-2800)\n \n Two local file disclosure flaws were found in SeaMonkey. A web page\n containing malicious content could cause SeaMonkey to reveal the contents\n of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)\n \n A flaw was found in the way a malformed .properties file was processed by\n SeaMonkey. A malicious extension could read uninitialized memory, possibly\n leaking sensitive data to the extension. (CVE-2008-2807)\n \n A flaw was found in the way SeaMonkey escaped a listing of local file\n names. If a user could be tricked into listing a local directory containing\n malicious file names, arbitrary JavaScript could be run with the\n permissions of the user running SeaMonkey. (CVE-2008-2808)\n \n A flaw was found in the way SeaMonkey displayed information about\n self-signed certificates. It was possible for a self-signed certificate to\n contain multiple alternate name entries, which were not all displayed to\n the user, allowing them to mistakenly extend trust to an unknown site.\n (CVE-2008-2809)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-July/015061.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880052\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0547\");\n script_cve_id(\"CVE-2008-2798\", \"CVE-2008-2799\", \"CVE-2008-2800\", \"CVE-2008-2801\", \"CVE-2008-2802\", \"CVE-2008-2803\", \"CVE-2008-2805\", \"CVE-2008-2807\", \"CVE-2008-2808\", \"CVE-2008-2809\", \"CVE-2008-2810\", \"CVE-2008-2811\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0547 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~16.3.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~16.3.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~16.3.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~16.3.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~16.3.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~16.3.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~16.3.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~16.3.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~16.3.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~16.3.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "CentOS Local Security Checks", "immutableFields": []}
{"centos": [{"lastseen": "2019-12-20T18:25:53", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0569\n\n\nMozilla Firefox is an open source Web browser.\n\nMultiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code as the user running\nFirefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was displayed. A\nweb page containing specially-crafted content could potentially trick a\nFirefox user into surrendering sensitive information. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in Firefox. A web page\ncontaining malicious content could cause Firefox to reveal the contents of\na local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed by\nFirefox. A malicious extension could read uninitialized memory, possibly\nleaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way Firefox escaped a listing of local file names.\nIf a user could be tricked into listing a local directory containing\nmalicious file names, arbitrary JavaScript could be run with the\npermissions of the user running Firefox. (CVE-2008-2808)\n\nA flaw was found in the way Firefox displayed information about self-signed\ncertificates. It was possible for a self-signed certificate to contain\nmultiple alternate name entries, which were not all displayed to the user,\nallowing them to mistakenly extend trust to an unknown site.\n(CVE-2008-2809)\n\nAll Mozilla Firefox users should upgrade to these updated packages, which\ncontain backported patches that correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/027112.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/027113.html\n\n**Affected packages:**\ndevhelp\ndevhelp-devel\nfirefox\nxulrunner\nxulrunner-devel\nxulrunner-devel-unstable\nyelp\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0569.html", "edition": 3, "modified": "2008-07-06T14:53:42", "published": "2008-07-06T14:53:42", "href": "http://lists.centos.org/pipermail/centos-announce/2008-July/027112.html", "id": "CESA-2008:0569", "title": "devhelp, firefox, xulrunner, yelp security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:27:44", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0547-01\n\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nMultiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause SeaMonkey\nto crash or, potentially, execute arbitrary code as the user running\nSeaMonkey. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was displayed. A\nweb page containing specially-crafted content could potentially trick a\nSeaMonkey user into surrendering sensitive information. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in SeaMonkey. A web page\ncontaining malicious content could cause SeaMonkey to reveal the contents\nof a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed by\nSeaMonkey. A malicious extension could read uninitialized memory, possibly\nleaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way SeaMonkey escaped a listing of local file\nnames. If a user could be tricked into listing a local directory containing\nmalicious file names, arbitrary JavaScript could be run with the\npermissions of the user running SeaMonkey. (CVE-2008-2808)\n\nA flaw was found in the way SeaMonkey displayed information about\nself-signed certificates. It was possible for a self-signed certificate to\ncontain multiple alternate name entries, which were not all displayed to\nthe user, allowing them to mistakenly extend trust to an unknown site.\n(CVE-2008-2809)\n\nAll SeaMonkey users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/027102.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 3, "modified": "2008-07-03T00:05:00", "published": "2008-07-03T00:05:00", "href": "http://lists.centos.org/pipermail/centos-announce/2008-July/027102.html", "id": "CESA-2008:0547-01", "title": "seamonkey security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:24:22", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0547\n\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nMultiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause SeaMonkey\nto crash or, potentially, execute arbitrary code as the user running\nSeaMonkey. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was displayed. A\nweb page containing specially-crafted content could potentially trick a\nSeaMonkey user into surrendering sensitive information. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in SeaMonkey. A web page\ncontaining malicious content could cause SeaMonkey to reveal the contents\nof a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed by\nSeaMonkey. A malicious extension could read uninitialized memory, possibly\nleaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way SeaMonkey escaped a listing of local file\nnames. If a user could be tricked into listing a local directory containing\nmalicious file names, arbitrary JavaScript could be run with the\npermissions of the user running SeaMonkey. (CVE-2008-2808)\n\nA flaw was found in the way SeaMonkey displayed information about\nself-signed certificates. It was possible for a self-signed certificate to\ncontain multiple alternate name entries, which were not all displayed to\nthe user, allowing them to mistakenly extend trust to an unknown site.\n(CVE-2008-2809)\n\nAll SeaMonkey users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/027094.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/027095.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/027098.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/027099.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/027104.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/027106.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0547.html", "edition": 3, "modified": "2008-07-05T09:32:52", "published": "2008-07-02T19:43:27", "href": "http://lists.centos.org/pipermail/centos-announce/2008-July/027094.html", "id": "CESA-2008:0547", "title": "seamonkey security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-17T03:30:42", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0549\n\n\nMozilla Firefox is an open source Web browser.\n\nMultiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code as the user running\nFirefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was displayed. A\nweb page containing specially-crafted content could potentially trick a\nFirefox user into surrendering sensitive information. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in Firefox. A web page\ncontaining malicious content could cause Firefox to reveal the contents of\na local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed by\nFirefox. A malicious extension could read uninitialized memory, possibly\nleaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way Firefox escaped a listing of local file names.\nIf a user could be tricked into listing a local directory containing\nmalicious file names, arbitrary JavaScript could be run with the\npermissions of the user running Firefox. (CVE-2008-2808)\n\nA flaw was found in the way Firefox displayed information about self-signed\ncertificates. It was possible for a self-signed certificate to contain\nmultiple alternate name entries, which were not all displayed to the user,\nallowing them to mistakenly extend trust to an unknown site.\n(CVE-2008-2809)\n\nAll Mozilla Firefox users should upgrade to this updated package, which\ncontains backported patches that correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/027096.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/027097.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/027100.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/027101.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/027105.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/027107.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0549.html", "edition": 5, "modified": "2008-07-05T09:33:44", "published": "2008-07-02T19:45:20", "href": "http://lists.centos.org/pipermail/centos-announce/2008-July/027096.html", "id": "CESA-2008:0549", "title": "firefox security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:01", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811"], "description": "SeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nMultiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause SeaMonkey\nto crash or, potentially, execute arbitrary code as the user running\nSeaMonkey. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was displayed. A\nweb page containing specially-crafted content could potentially trick a\nSeaMonkey user into surrendering sensitive information. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in SeaMonkey. A web page\ncontaining malicious content could cause SeaMonkey to reveal the contents\nof a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed by\nSeaMonkey. A malicious extension could read uninitialized memory, possibly\nleaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way SeaMonkey escaped a listing of local file\nnames. If a user could be tricked into listing a local directory containing\nmalicious file names, arbitrary JavaScript could be run with the\npermissions of the user running SeaMonkey. (CVE-2008-2808)\n\nA flaw was found in the way SeaMonkey displayed information about\nself-signed certificates. It was possible for a self-signed certificate to\ncontain multiple alternate name entries, which were not all displayed to\nthe user, allowing them to mistakenly extend trust to an unknown site.\n(CVE-2008-2809)\n\nAll SeaMonkey users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\n", "modified": "2019-03-22T23:43:08", "published": "2008-07-02T04:00:00", "id": "RHSA-2008:0547", "href": "https://access.redhat.com/errata/RHSA-2008:0547", "type": "redhat", "title": "(RHSA-2008:0547) Critical: seamonkey security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:47:09", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811"], "description": "Mozilla Firefox is an open source Web browser.\n\nMultiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code as the user running\nFirefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was displayed. A\nweb page containing specially-crafted content could potentially trick a\nFirefox user into surrendering sensitive information. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in Firefox. A web page\ncontaining malicious content could cause Firefox to reveal the contents of\na local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed by\nFirefox. A malicious extension could read uninitialized memory, possibly\nleaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way Firefox escaped a listing of local file names.\nIf a user could be tricked into listing a local directory containing\nmalicious file names, arbitrary JavaScript could be run with the\npermissions of the user running Firefox. (CVE-2008-2808)\n\nA flaw was found in the way Firefox displayed information about self-signed\ncertificates. It was possible for a self-signed certificate to contain\nmultiple alternate name entries, which were not all displayed to the user,\nallowing them to mistakenly extend trust to an unknown site.\n(CVE-2008-2809)\n\nAll Mozilla Firefox users should upgrade to this updated package, which\ncontains backported patches that correct these issues.", "modified": "2017-09-08T12:05:19", "published": "2008-07-02T04:00:00", "id": "RHSA-2008:0549", "href": "https://access.redhat.com/errata/RHSA-2008:0549", "type": "redhat", "title": "(RHSA-2008:0549) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:05", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811"], "description": "Mozilla Firefox is an open source Web browser.\n\nMultiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code as the user running\nFirefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was displayed. A\nweb page containing specially-crafted content could potentially trick a\nFirefox user into surrendering sensitive information. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in Firefox. A web page\ncontaining malicious content could cause Firefox to reveal the contents of\na local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed by\nFirefox. A malicious extension could read uninitialized memory, possibly\nleaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way Firefox escaped a listing of local file names.\nIf a user could be tricked into listing a local directory containing\nmalicious file names, arbitrary JavaScript could be run with the\npermissions of the user running Firefox. (CVE-2008-2808)\n\nA flaw was found in the way Firefox displayed information about self-signed\ncertificates. It was possible for a self-signed certificate to contain\nmultiple alternate name entries, which were not all displayed to the user,\nallowing them to mistakenly extend trust to an unknown site.\n(CVE-2008-2809)\n\nAll Mozilla Firefox users should upgrade to these updated packages, which\ncontain backported patches that correct these issues.", "modified": "2017-09-08T11:52:57", "published": "2008-07-02T04:00:00", "id": "RHSA-2008:0569", "href": "https://access.redhat.com/errata/RHSA-2008:0569", "type": "redhat", "title": "(RHSA-2008:0569) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:43", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "description": "devhelp:\n[0.12-17]\n- Rebuild against xulrunner\nfirefox:\n[3.0-2.0.1.el5]\n- Replaced the RedHat prefs and bookmarks with Oracle prefs and bookmarks\n- Add patch oracle-firefox-branding.patch\n[3.0-2]\n- Fixed firstrun homepage issue\n[3.0-1]\n- Update to Firefox 3 Final\nxulrunner:\n[1.9-1.0.1.el5]\n- Added xulrunner-oracle-default-prefs.js\n[1.9-1]\n- Update to 1.9 final\nyelp:\n[2.16.0-19]\n- rebuild against xulrunner", "edition": 4, "modified": "2008-07-02T00:00:00", "published": "2008-07-02T00:00:00", "id": "ELSA-2008-0569", "href": "http://linux.oracle.com/errata/ELSA-2008-0569.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:40", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "description": "[1.5.0.12-0.19.0.1.el4]\n- Add firefox-oracle-default-bookmarks.html and firefox-oracle-default-prefs.js\n[1.5.0.12-0.19.el4]\n- Respun for mozilla bugs #439035,#439735,#440308\n[1.5.0.12-0.18.el4]\n- Update patchset to fix regression as per 1.8.1.15", "edition": 4, "modified": "2008-07-02T00:00:00", "published": "2008-07-02T00:00:00", "id": "ELSA-2008-0549", "href": "http://linux.oracle.com/errata/ELSA-2008-0549.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:58", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "description": "[1.0.9-16.3.0.1.el4_6]\n- Added mozilla-oracle-default-prefs.js, mozilla-oracle-default-bookmarks.html,\n and mozilla-home-page.patch\n[1.0.9-16.3.el4]\n- Ensure the correct headers are exported\n[1.0.9-16.2.el4]\n- Respun for mozilla bugs #439035,#439735,#440308\n[1.0.9-16.1.el4]\n- Update patchset to fix regression as per 1.8.1.15", "edition": 4, "modified": "2008-07-02T00:00:00", "published": "2008-07-02T00:00:00", "id": "ELSA-2008-0547", "href": "http://linux.oracle.com/errata/ELSA-2008-0547.html", "title": "seamonkey security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811"], "description": "An API document browser for GNOME 2. ", "modified": "2008-07-06T06:14:11", "published": "2008-07-06T06:14:11", "id": "FEDORA:M666EBPX017025", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: devhelp-0.16.1-8.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811"], "description": "Miro is a free application that turns your computer into an internet TV video player. This release is still a beta version, which means that there are some bugs, but we're moving quickly to fix them and will be releasing bug fixes on a regular basis. ", "modified": "2008-07-06T06:14:12", "published": "2008-07-06T06:14:12", "id": "FEDORA:M666EFS5017063", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: Miro-1.2.3-2.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811"], "description": "gnome-web-photo contains a thumbnailer that will be used by GNOME applicati ons, including the file manager, to generate screenshots of web pages. ", "modified": "2008-07-06T06:14:11", "published": "2008-07-06T06:14:11", "id": "FEDORA:M666EBQ2017025", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: gnome-web-photo-0.3-11.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811"], "description": "SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite. ", "modified": "2008-07-09T02:47:28", "published": "2008-07-09T02:47:28", "id": "FEDORA:976131AD4F2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: seamonkey-1.1.10-1.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811"], "description": "This package provides a C++/gtkmm wrapper for GtkMozEmbed from Mozilla 1.4.x to 1.7.x. The wrapper provides a convenient interface for C++ programmers to use the Gtkmozembed HTML-rendering widget inside their software. ", "modified": "2008-07-06T06:14:11", "published": "2008-07-06T06:14:11", "id": "FEDORA:M666EBQ0017025", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: gtkmozembedmm-1.4.2.cvs20060817-21.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. ", "modified": "2008-07-06T06:14:12", "published": "2008-07-06T06:14:12", "id": "FEDORA:M666EDWF017042", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: firefox-2.0.0.15-1.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811"], "description": "SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite. ", "modified": "2008-07-09T02:45:49", "published": "2008-07-09T02:45:49", "id": "FEDORA:503791AD4F2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: seamonkey-1.1.10-1.fc9", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811"], "description": "epiphany is a simple GNOME web browser based on the Mozilla rendering engine. ", "modified": "2008-07-06T06:14:11", "published": "2008-07-06T06:14:11", "id": "FEDORA:M666EDWY017042", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: epiphany-2.20.3-5.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811"], "description": "Kazehakase is a Web browser which aims to provide a user interface that is truly user-friendly & fully customizable. This package uses Gecko for HTML rendering engine. If you want to use WebKit for HTML rendering engine, install \"kazehakase-webkit\" rpm instead. ", "modified": "2008-07-06T06:14:11", "published": "2008-07-06T06:14:11", "id": "FEDORA:M666EBQ3017025", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: kazehakase-0.5.4-2.fc8.2", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811"], "description": "A gtk2 chm document viewer. It uses chmlib to extract files. It uses gecko to display pages. It supports displaying multilingual pages due to gecko. It features bookmarks and tabs. The tabs could be used to jump inside the chm file conveniently. Its UI is clean and handy, also is well localized. It is actively developed and maintained. The author of chmsee is Jungle Ji and several other great peopl e. Hint * Unlike other chm viewers, chmsee extracts files from chm file, and then r ead and display them. The extracted files could be found in $HOME/.chmsee/books helf directory. You can clean those files at any time and there is a special con fig option for that. * The bookmark is related to each file so not all bookmarks will be loaded, only current file's. * Try to remove $HOME/.chmsee if you encounter any problem after an upgrade. ", "modified": "2008-07-06T06:14:12", "published": "2008-07-06T06:14:12", "id": "FEDORA:M666EDWD017042", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: chmsee-1.0.0-2.31.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-25T10:57:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "description": "Check for the Version of yelp", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860086", "href": "http://plugins.openvas.org/nasl.php?oid=860086", "type": "openvas", "title": "Fedora Update for yelp FEDORA-2008-6127", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for yelp FEDORA-2008-6127\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"yelp on Fedora 8\";\ntag_insight = \"Yelp is the Gnome 2 help/documentation browser. It is designed\n to help you browse all the documentation on your system in\n one central tool.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00197.html\");\n script_id(860086);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:01:32 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-6127\");\n script_cve_id(\"CVE-2008-2801\", \"CVE-2008-2802\", \"CVE-2008-2803\", \"CVE-2008-2798\", \"CVE-2008-2799\", \"CVE-2008-2811\", \"CVE-2008-2800\", \"CVE-2008-2805\", \"CVE-2008-2810\", \"CVE-2008-2807\", \"CVE-2008-2808\", \"CVE-2008-2809\");\n script_name( \"Fedora Update for yelp FEDORA-2008-6127\");\n\n script_summary(\"Check for the Version of yelp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.20.0~10.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "description": "Check for the Version of gnome-web-photo", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860439", "href": "http://plugins.openvas.org/nasl.php?oid=860439", "type": "openvas", "title": "Fedora Update for gnome-web-photo FEDORA-2008-6127", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-web-photo FEDORA-2008-6127\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-web-photo on Fedora 8\";\ntag_insight = \"gnome-web-photo contains a thumbnailer that will be used by GNOME applications,\n including the file manager, to generate screenshots of web pages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00198.html\");\n script_id(860439);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:01:32 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-6127\");\n script_cve_id(\"CVE-2008-2801\", \"CVE-2008-2802\", \"CVE-2008-2803\", \"CVE-2008-2798\", \"CVE-2008-2799\", \"CVE-2008-2811\", \"CVE-2008-2800\", \"CVE-2008-2805\", \"CVE-2008-2810\", \"CVE-2008-2807\", \"CVE-2008-2808\", \"CVE-2008-2809\");\n script_name( \"Fedora Update for gnome-web-photo FEDORA-2008-6127\");\n\n script_summary(\"Check for the Version of gnome-web-photo\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-web-photo\", rpm:\"gnome-web-photo~0.3~11.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "description": "Check for the Version of seamonkey", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:1361412562310870077", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870077", "type": "openvas", "title": "RedHat Update for seamonkey RHSA-2008:0547-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for seamonkey RHSA-2008:0547-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Multiple flaws were found in the processing of malformed JavaScript\n content. A web page containing such malicious content could cause SeaMonkey\n to crash or, potentially, execute arbitrary code as the user running\n SeaMonkey. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n \n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n \n Several flaws were found in the way malformed web content was displayed. A\n web page containing specially-crafted content could potentially trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-2800)\n \n Two local file disclosure flaws were found in SeaMonkey. A web page\n containing malicious content could cause SeaMonkey to reveal the contents\n of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)\n \n A flaw was found in the way a malformed .properties file was processed by\n SeaMonkey. A malicious extension could read uninitialized memory, possibly\n leaking sensitive data to the extension. (CVE-2008-2807)\n \n A flaw was found in the way SeaMonkey escaped a listing of local file\n names. If a user could be tricked into listing a local directory containing\n malicious file names, arbitrary JavaScript could be run with the\n permissions of the user running SeaMonkey. (CVE-2008-2808)\n \n A flaw was found in the way SeaMonkey displayed information about\n self-signed certificates. It was possible for a self-signed certificate to\n contain multiple alternate name entries, which were not all displayed to\n the user, allowing them to mistakenly extend trust to an unknown site.\n (CVE-2008-2809)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on Red Hat Enterprise Linux AS (Advanced Server) version 2.1,\n Red Hat Enterprise Linux ES version 2.1,\n Red Hat Enterprise Linux WS version 2.1,\n Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-July/msg00000.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870077\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0547-01\");\n script_cve_id(\"CVE-2008-2798\", \"CVE-2008-2799\", \"CVE-2008-2800\", \"CVE-2008-2801\", \"CVE-2008-2802\", \"CVE-2008-2803\", \"CVE-2008-2805\", \"CVE-2008-2807\", \"CVE-2008-2808\", \"CVE-2008-2809\", \"CVE-2008-2810\", \"CVE-2008-2811\");\n script_name( \"RedHat Update for seamonkey RHSA-2008:0547-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_2.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.17.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.17.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.17.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.17.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.17.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.17.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.17.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.17.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.17.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.17.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~16.3.el4_6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~16.3.el4_6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~16.3.el4_6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~16.3.el4_6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~16.3.el4_6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~16.3.el4_6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~16.3.el4_6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~16.3.el4_6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~16.3.el4_6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~16.3.el4_6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~16.3.el4_6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.20.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.20.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~0.20.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.20.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.20.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.20.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.20.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.20.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.20.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.20.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.20.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "description": "Check for the Version of seamonkey", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:1361412562310880098", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880098", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0547 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0547 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Multiple flaws were found in the processing of malformed JavaScript\n content. A web page containing such malicious content could cause SeaMonkey\n to crash or, potentially, execute arbitrary code as the user running\n SeaMonkey. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n \n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n \n Several flaws were found in the way malformed web content was displayed. A\n web page containing specially-crafted content could potentially trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-2800)\n \n Two local file disclosure flaws were found in SeaMonkey. A web page\n containing malicious content could cause SeaMonkey to reveal the contents\n of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)\n \n A flaw was found in the way a malformed .properties file was processed by\n SeaMonkey. A malicious extension could read uninitialized memory, possibly\n leaking sensitive data to the extension. (CVE-2008-2807)\n \n A flaw was found in the way SeaMonkey escaped a listing of local file\n names. If a user could be tricked into listing a local directory containing\n malicious file names, arbitrary JavaScript could be run with the\n permissions of the user running SeaMonkey. (CVE-2008-2808)\n \n A flaw was found in the way SeaMonkey displayed information about\n self-signed certificates. It was possible for a self-signed certificate to\n contain multiple alternate name entries, which were not all displayed to\n the user, allowing them to mistakenly extend trust to an unknown site.\n (CVE-2008-2809)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-July/015060.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880098\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0547\");\n script_cve_id(\"CVE-2008-2798\", \"CVE-2008-2799\", \"CVE-2008-2800\", \"CVE-2008-2801\", \"CVE-2008-2802\", \"CVE-2008-2803\", \"CVE-2008-2805\", \"CVE-2008-2807\", \"CVE-2008-2808\", \"CVE-2008-2809\", \"CVE-2008-2810\", \"CVE-2008-2811\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0547 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~16.3.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~16.3.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~16.3.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~16.3.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~16.3.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~16.3.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~16.3.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~16.3.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~16.3.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~16.3.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "description": "Check for the Version of firefox", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:1361412562310870008", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870008", "type": "openvas", "title": "RedHat Update for firefox RHSA-2008:0549-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2008:0549-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Multiple flaws were found in the processing of malformed JavaScript\n content. A web page containing such malicious content could cause Firefox\n to crash or, potentially, execute arbitrary code as the user running\n Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n \n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code as the user running Firefox.\n (CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n \n Several flaws were found in the way malformed web content was displayed. A\n web page containing specially-crafted content could potentially trick a\n Firefox user into surrendering sensitive information. (CVE-2008-2800)\n \n Two local file disclosure flaws were found in Firefox. A web page\n containing malicious content could cause Firefox to reveal the contents of\n a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)\n \n A flaw was found in the way a malformed .properties file was processed by\n Firefox. A malicious extension could read uninitialized memory, possibly\n leaking sensitive data to the extension. (CVE-2008-2807)\n \n A flaw was found in the way Firefox escaped a listing of local file names.\n If a user could be tricked into listing a local directory containing\n malicious file names, arbitrary JavaScript could be run with the\n permissions of the user running Firefox. (CVE-2008-2808)\n \n A flaw was found in the way Firefox displayed information about self-signed\n certificates. It was possible for a self-signed certificate to contain\n multiple alternate name entries, which were not all displayed to the user,\n allowing them to mistakenly extend trust to an unknown site.\n (CVE-2008-2809)\n \n All Mozilla Firefox users should upgrade to this updated package, which\n contains backported patches that correct these issues.\";\n\ntag_affected = \"firefox on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-July/msg00001.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870008\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0549-01\");\n script_cve_id(\"CVE-2008-2798\", \"CVE-2008-2799\", \"CVE-2008-2800\", \"CVE-2008-2801\", \"CVE-2008-2802\", \"CVE-2008-2803\", \"CVE-2008-2805\", \"CVE-2008-2807\", \"CVE-2008-2808\", \"CVE-2008-2809\", \"CVE-2008-2810\", \"CVE-2008-2811\");\n script_name( \"RedHat Update for firefox RHSA-2008:0549-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.19.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~1.5.0.12~0.19.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "description": "Check for the Version of gnome-python2-extras", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860953", "href": "http://plugins.openvas.org/nasl.php?oid=860953", "type": "openvas", "title": "Fedora Update for gnome-python2-extras FEDORA-2008-6127", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-python2-extras FEDORA-2008-6127\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-python2-extras on Fedora 8\";\ntag_insight = \"The gnome-python-extra package contains the source packages for additional\n Python bindings for GNOME. It should be used together with gnome-python.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00208.html\");\n script_id(860953);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:01:32 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-6127\");\n script_cve_id(\"CVE-2008-2801\", \"CVE-2008-2802\", \"CVE-2008-2803\", \"CVE-2008-2798\", \"CVE-2008-2799\", \"CVE-2008-2811\", \"CVE-2008-2800\", \"CVE-2008-2805\", \"CVE-2008-2810\", \"CVE-2008-2807\", \"CVE-2008-2808\", \"CVE-2008-2809\");\n script_name( \"Fedora Update for gnome-python2-extras FEDORA-2008-6127\");\n\n script_summary(\"Check for the Version of gnome-python2-extras\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-extras\", rpm:\"gnome-python2-extras~2.19.1~15.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "description": "Check for the Version of firefox", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:880068", "href": "http://plugins.openvas.org/nasl.php?oid=880068", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0549 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0549 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Multiple flaws were found in the processing of malformed JavaScript\n content. A web page containing such malicious content could cause Firefox\n to crash or, potentially, execute arbitrary code as the user running\n Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n \n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code as the user running Firefox.\n (CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n \n Several flaws were found in the way malformed web content was displayed. A\n web page containing specially-crafted content could potentially trick a\n Firefox user into surrendering sensitive information. (CVE-2008-2800)\n \n Two local file disclosure flaws were found in Firefox. A web page\n containing malicious content could cause Firefox to reveal the contents of\n a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)\n \n A flaw was found in the way a malformed .properties file was processed by\n Firefox. A malicious extension could read uninitialized memory, possibly\n leaking sensitive data to the extension. (CVE-2008-2807)\n \n A flaw was found in the way Firefox escaped a listing of local file names.\n If a user could be tricked into listing a local directory containing\n malicious file names, arbitrary JavaScript could be run with the\n permissions of the user running Firefox. (CVE-2008-2808)\n \n A flaw was found in the way Firefox displayed information about self-signed\n certificates. It was possible for a self-signed certificate to contain\n multiple alternate name entries, which were not all displayed to the user,\n allowing them to mistakenly extend trust to an unknown site.\n (CVE-2008-2809)\n \n All Mozilla Firefox users should upgrade to this updated package, which\n contains backported patches that correct these issues.\";\n\ntag_affected = \"firefox on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-July/015062.html\");\n script_id(880068);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0549\");\n script_cve_id(\"CVE-2008-2798\", \"CVE-2008-2799\", \"CVE-2008-2800\", \"CVE-2008-2801\", \"CVE-2008-2802\", \"CVE-2008-2803\", \"CVE-2008-2805\", \"CVE-2008-2807\", \"CVE-2008-2808\", \"CVE-2008-2809\", \"CVE-2008-2810\", \"CVE-2008-2811\");\n script_name( \"CentOS Update for firefox CESA-2008:0549 centos4 i386\");\n\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.19.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "description": "Check for the Version of firefox", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:1361412562310880068", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880068", "type": "openvas", "title": "CentOS Update for firefox CESA-2008:0549 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2008:0549 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source Web browser.\n\n Multiple flaws were found in the processing of malformed JavaScript\n content. A web page containing such malicious content could cause Firefox\n to crash or, potentially, execute arbitrary code as the user running\n Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n \n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code as the user running Firefox.\n (CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n \n Several flaws were found in the way malformed web content was displayed. A\n web page containing specially-crafted content could potentially trick a\n Firefox user into surrendering sensitive information. (CVE-2008-2800)\n \n Two local file disclosure flaws were found in Firefox. A web page\n containing malicious content could cause Firefox to reveal the contents of\n a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)\n \n A flaw was found in the way a malformed .properties file was processed by\n Firefox. A malicious extension could read uninitialized memory, possibly\n leaking sensitive data to the extension. (CVE-2008-2807)\n \n A flaw was found in the way Firefox escaped a listing of local file names.\n If a user could be tricked into listing a local directory containing\n malicious file names, arbitrary JavaScript could be run with the\n permissions of the user running Firefox. (CVE-2008-2808)\n \n A flaw was found in the way Firefox displayed information about self-signed\n certificates. It was possible for a self-signed certificate to contain\n multiple alternate name entries, which were not all displayed to the user,\n allowing them to mistakenly extend trust to an unknown site.\n (CVE-2008-2809)\n \n All Mozilla Firefox users should upgrade to this updated package, which\n contains backported patches that correct these issues.\";\n\ntag_affected = \"firefox on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-July/015062.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880068\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0549\");\n script_cve_id(\"CVE-2008-2798\", \"CVE-2008-2799\", \"CVE-2008-2800\", \"CVE-2008-2801\", \"CVE-2008-2802\", \"CVE-2008-2803\", \"CVE-2008-2805\", \"CVE-2008-2807\", \"CVE-2008-2808\", \"CVE-2008-2809\", \"CVE-2008-2810\", \"CVE-2008-2811\");\n script_name( \"CentOS Update for firefox CESA-2008:0549 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~0.19.el4.centos\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "description": "Check for the Version of seamonkey", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:1361412562310880119", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880119", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0547 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0547 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Multiple flaws were found in the processing of malformed JavaScript\n content. A web page containing such malicious content could cause SeaMonkey\n to crash or, potentially, execute arbitrary code as the user running\n SeaMonkey. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n \n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n \n Several flaws were found in the way malformed web content was displayed. A\n web page containing specially-crafted content could potentially trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-2800)\n \n Two local file disclosure flaws were found in SeaMonkey. A web page\n containing malicious content could cause SeaMonkey to reveal the contents\n of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)\n \n A flaw was found in the way a malformed .properties file was processed by\n SeaMonkey. A malicious extension could read uninitialized memory, possibly\n leaking sensitive data to the extension. (CVE-2008-2807)\n \n A flaw was found in the way SeaMonkey escaped a listing of local file\n names. If a user could be tricked into listing a local directory containing\n malicious file names, arbitrary JavaScript could be run with the\n permissions of the user running SeaMonkey. (CVE-2008-2808)\n \n A flaw was found in the way SeaMonkey displayed information about\n self-signed certificates. It was possible for a self-signed certificate to\n contain multiple alternate name entries, which were not all displayed to\n the user, allowing them to mistakenly extend trust to an unknown site.\n (CVE-2008-2809)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-July/015056.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880119\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0547\");\n script_cve_id(\"CVE-2008-2798\", \"CVE-2008-2799\", \"CVE-2008-2800\", \"CVE-2008-2801\", \"CVE-2008-2802\", \"CVE-2008-2803\", \"CVE-2008-2805\", \"CVE-2008-2807\", \"CVE-2008-2808\", \"CVE-2008-2809\", \"CVE-2008-2810\", \"CVE-2008-2811\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0547 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.20.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.20.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.20.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.20.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.20.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.20.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.20.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.20.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.20.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.20.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "description": "Check for the Version of gtkmozembedmm", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860928", "href": "http://plugins.openvas.org/nasl.php?oid=860928", "type": "openvas", "title": "Fedora Update for gtkmozembedmm FEDORA-2008-6127", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gtkmozembedmm FEDORA-2008-6127\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gtkmozembedmm on Fedora 8\";\ntag_insight = \"This package provides a C++/gtkmm wrapper for GtkMozEmbed\n from Mozilla 1.4.x to 1.7.x.\n The wrapper provides a convenient interface for C++ programmers\n to use the Gtkmozembed HTML-rendering widget inside their software.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00196.html\");\n script_id(860928);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:01:32 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-6127\");\n script_cve_id(\"CVE-2008-2801\", \"CVE-2008-2802\", \"CVE-2008-2803\", \"CVE-2008-2798\", \"CVE-2008-2799\", \"CVE-2008-2811\", \"CVE-2008-2800\", \"CVE-2008-2805\", \"CVE-2008-2810\", \"CVE-2008-2807\", \"CVE-2008-2808\", \"CVE-2008-2809\");\n script_name( \"Fedora Update for gtkmozembedmm FEDORA-2008-6127\");\n\n script_summary(\"Check for the Version of gtkmozembedmm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"gtkmozembedmm\", rpm:\"gtkmozembedmm~1.4.2.cvs20060817~21.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-06T09:25:21", "description": "Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nMultiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause\nFirefox to crash or, potentially, execute arbitrary code as the user\nrunning Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a Firefox user into surrendering sensitive\ninformation. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in Firefox. A web page\ncontaining malicious content could cause Firefox to reveal the\ncontents of a local file to a remote attacker. (CVE-2008-2805,\nCVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed\nby Firefox. A malicious extension could read uninitialized memory,\npossibly leaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way Firefox escaped a listing of local file\nnames. If a user could be tricked into listing a local directory\ncontaining malicious file names, arbitrary JavaScript could be run\nwith the permissions of the user running Firefox. (CVE-2008-2808)\n\nA flaw was found in the way Firefox displayed information about\nself-signed certificates. It was possible for a self-signed\ncertificate to contain multiple alternate name entries, which were not\nall displayed to the user, allowing them to mistakenly extend trust to\nan unknown site. (CVE-2008-2809)\n\nAll Mozilla Firefox users should upgrade to these updated packages,\nwhich contain backported patches that correct these issues.", "edition": 27, "published": "2010-01-06T00:00:00", "title": "CentOS 5 : firefox (CESA-2008:0569)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "modified": "2010-01-06T00:00:00", "cpe": ["p-cpe:/a:centos:centos:devhelp-devel", "p-cpe:/a:centos:centos:xulrunner-devel", "p-cpe:/a:centos:centos:xulrunner-devel-unstable", "p-cpe:/a:centos:centos:xulrunner", "p-cpe:/a:centos:centos:firefox", "p-cpe:/a:centos:centos:yelp", "p-cpe:/a:centos:centos:devhelp", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2008-0569.NASL", "href": "https://www.tenable.com/plugins/nessus/43695", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0569 and \n# CentOS Errata and Security Advisory 2008:0569 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43695);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-2798\", \"CVE-2008-2799\", \"CVE-2008-2800\", \"CVE-2008-2801\", \"CVE-2008-2802\", \"CVE-2008-2803\", \"CVE-2008-2805\", \"CVE-2008-2807\", \"CVE-2008-2808\", \"CVE-2008-2809\", \"CVE-2008-2810\", \"CVE-2008-2811\");\n script_bugtraq_id(30038);\n script_xref(name:\"RHSA\", value:\"2008:0569\");\n\n script_name(english:\"CentOS 5 : firefox (CESA-2008:0569)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nMultiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause\nFirefox to crash or, potentially, execute arbitrary code as the user\nrunning Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a Firefox user into surrendering sensitive\ninformation. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in Firefox. A web page\ncontaining malicious content could cause Firefox to reveal the\ncontents of a local file to a remote attacker. (CVE-2008-2805,\nCVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed\nby Firefox. A malicious extension could read uninitialized memory,\npossibly leaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way Firefox escaped a listing of local file\nnames. If a user could be tricked into listing a local directory\ncontaining malicious file names, arbitrary JavaScript could be run\nwith the permissions of the user running Firefox. (CVE-2008-2808)\n\nA flaw was found in the way Firefox displayed information about\nself-signed certificates. It was possible for a self-signed\ncertificate to contain multiple alternate name entries, which were not\nall displayed to the user, allowing them to mistakenly extend trust to\nan unknown site. (CVE-2008-2809)\n\nAll Mozilla Firefox users should upgrade to these updated packages,\nwhich contain backported patches that correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-July/015074.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3c06eea1\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-July/015075.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a89feaf2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 79, 200, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:devhelp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner-devel-unstable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"devhelp-0.12-17.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"devhelp-devel-0.12-17.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-3.0-2.el5.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-1.9-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-devel-1.9-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-devel-unstable-1.9-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"yelp-2.16.0-19.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"devhelp / devhelp-devel / firefox / xulrunner / xulrunner-devel / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:06:10", "description": "An updated firefox package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nMultiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause\nFirefox to crash or, potentially, execute arbitrary code as the user\nrunning Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a Firefox user into surrendering sensitive\ninformation. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in Firefox. A web page\ncontaining malicious content could cause Firefox to reveal the\ncontents of a local file to a remote attacker. (CVE-2008-2805,\nCVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed\nby Firefox. A malicious extension could read uninitialized memory,\npossibly leaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way Firefox escaped a listing of local file\nnames. If a user could be tricked into listing a local directory\ncontaining malicious file names, arbitrary JavaScript could be run\nwith the permissions of the user running Firefox. (CVE-2008-2808)\n\nA flaw was found in the way Firefox displayed information about\nself-signed certificates. It was possible for a self-signed\ncertificate to contain multiple alternate name entries, which were not\nall displayed to the user, allowing them to mistakenly extend trust to\nan unknown site. (CVE-2008-2809)\n\nAll Mozilla Firefox users should upgrade to this updated package,\nwhich contains backported patches that correct these issues.", "edition": 27, "published": "2008-07-08T00:00:00", "title": "RHEL 4 : firefox (RHSA-2008:0549)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "modified": "2008-07-08T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:firefox", "cpe:/o:redhat:enterprise_linux:4.6"], "id": "REDHAT-RHSA-2008-0549.NASL", "href": "https://www.tenable.com/plugins/nessus/33424", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0549. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33424);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2798\", \"CVE-2008-2799\", \"CVE-2008-2800\", \"CVE-2008-2801\", \"CVE-2008-2802\", \"CVE-2008-2803\", \"CVE-2008-2805\", \"CVE-2008-2807\", \"CVE-2008-2808\", \"CVE-2008-2809\", \"CVE-2008-2810\", \"CVE-2008-2811\");\n script_bugtraq_id(30038);\n script_xref(name:\"RHSA\", value:\"2008:0549\");\n\n script_name(english:\"RHEL 4 : firefox (RHSA-2008:0549)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated firefox package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nMultiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause\nFirefox to crash or, potentially, execute arbitrary code as the user\nrunning Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a Firefox user into surrendering sensitive\ninformation. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in Firefox. A web page\ncontaining malicious content could cause Firefox to reveal the\ncontents of a local file to a remote attacker. (CVE-2008-2805,\nCVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed\nby Firefox. A malicious extension could read uninitialized memory,\npossibly leaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way Firefox escaped a listing of local file\nnames. If a user could be tricked into listing a local directory\ncontaining malicious file names, arbitrary JavaScript could be run\nwith the permissions of the user running Firefox. (CVE-2008-2808)\n\nA flaw was found in the way Firefox displayed information about\nself-signed certificates. It was possible for a self-signed\ncertificate to contain multiple alternate name entries, which were not\nall displayed to the user, allowing them to mistakenly extend trust to\nan unknown site. (CVE-2008-2809)\n\nAll Mozilla Firefox users should upgrade to this updated package,\nwhich contains backported patches that correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0549\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 79, 200, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0549\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"firefox-1.5.0.12-0.19.el4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:44:11", "description": "From Red Hat Security Advisory 2008:0569 :\n\nUpdated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nMultiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause\nFirefox to crash or, potentially, execute arbitrary code as the user\nrunning Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a Firefox user into surrendering sensitive\ninformation. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in Firefox. A web page\ncontaining malicious content could cause Firefox to reveal the\ncontents of a local file to a remote attacker. (CVE-2008-2805,\nCVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed\nby Firefox. A malicious extension could read uninitialized memory,\npossibly leaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way Firefox escaped a listing of local file\nnames. If a user could be tricked into listing a local directory\ncontaining malicious file names, arbitrary JavaScript could be run\nwith the permissions of the user running Firefox. (CVE-2008-2808)\n\nA flaw was found in the way Firefox displayed information about\nself-signed certificates. It was possible for a self-signed\ncertificate to contain multiple alternate name entries, which were not\nall displayed to the user, allowing them to mistakenly extend trust to\nan unknown site. (CVE-2008-2809)\n\nAll Mozilla Firefox users should upgrade to these updated packages,\nwhich contain backported patches that correct these issues.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : firefox (ELSA-2008-0569)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:xulrunner", "p-cpe:/a:oracle:linux:firefox", "p-cpe:/a:oracle:linux:yelp", "p-cpe:/a:oracle:linux:devhelp", "p-cpe:/a:oracle:linux:xulrunner-devel-unstable", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:devhelp-devel", "p-cpe:/a:oracle:linux:xulrunner-devel"], "id": "ORACLELINUX_ELSA-2008-0569.NASL", "href": "https://www.tenable.com/plugins/nessus/67718", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0569 and \n# Oracle Linux Security Advisory ELSA-2008-0569 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67718);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2798\", \"CVE-2008-2799\", \"CVE-2008-2800\", \"CVE-2008-2801\", \"CVE-2008-2802\", \"CVE-2008-2803\", \"CVE-2008-2805\", \"CVE-2008-2807\", \"CVE-2008-2808\", \"CVE-2008-2809\", \"CVE-2008-2810\", \"CVE-2008-2811\");\n script_bugtraq_id(30038);\n script_xref(name:\"RHSA\", value:\"2008:0569\");\n\n script_name(english:\"Oracle Linux 5 : firefox (ELSA-2008-0569)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0569 :\n\nUpdated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nMultiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause\nFirefox to crash or, potentially, execute arbitrary code as the user\nrunning Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a Firefox user into surrendering sensitive\ninformation. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in Firefox. A web page\ncontaining malicious content could cause Firefox to reveal the\ncontents of a local file to a remote attacker. (CVE-2008-2805,\nCVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed\nby Firefox. A malicious extension could read uninitialized memory,\npossibly leaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way Firefox escaped a listing of local file\nnames. If a user could be tricked into listing a local directory\ncontaining malicious file names, arbitrary JavaScript could be run\nwith the permissions of the user running Firefox. (CVE-2008-2808)\n\nA flaw was found in the way Firefox displayed information about\nself-signed certificates. It was possible for a self-signed\ncertificate to contain multiple alternate name entries, which were not\nall displayed to the user, allowing them to mistakenly extend trust to\nan unknown site. (CVE-2008-2809)\n\nAll Mozilla Firefox users should upgrade to these updated packages,\nwhich contain backported patches that correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-July/000665.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 79, 200, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:devhelp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner-devel-unstable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"devhelp-0.12-17.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"devhelp-devel-0.12-17.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"firefox-3.0-2.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-1.9-1.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-devel-1.9-1.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-devel-unstable-1.9-1.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"yelp-2.16.0-19.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"devhelp / devhelp-devel / firefox / xulrunner / xulrunner-devel / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:25:21", "description": "Updated SeaMonkey packages that fix a security issues are now\navailable for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3\nand Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nMultiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause\nSeaMonkey to crash or, potentially, execute arbitrary code as the user\nrunning SeaMonkey. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a SeaMonkey user into surrendering sensitive\ninformation. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in SeaMonkey. A web page\ncontaining malicious content could cause SeaMonkey to reveal the\ncontents of a local file to a remote attacker. (CVE-2008-2805,\nCVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed\nby SeaMonkey. A malicious extension could read uninitialized memory,\npossibly leaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way SeaMonkey escaped a listing of local file\nnames. If a user could be tricked into listing a local directory\ncontaining malicious file names, arbitrary JavaScript could be run\nwith the permissions of the user running SeaMonkey. (CVE-2008-2808)\n\nA flaw was found in the way SeaMonkey displayed information about\nself-signed certificates. It was possible for a self-signed\ncertificate to contain multiple alternate name entries, which were not\nall displayed to the user, allowing them to mistakenly extend trust to\nan unknown site. (CVE-2008-2809)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.", "edition": 27, "published": "2008-07-08T00:00:00", "title": "CentOS 3 / 4 : seamonkey (CESA-2008:0547)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "modified": "2008-07-08T00:00:00", "cpe": ["p-cpe:/a:centos:centos:seamonkey-nspr-devel", "p-cpe:/a:centos:centos:seamonkey-mail", "p-cpe:/a:centos:centos:seamonkey-nss-devel", "p-cpe:/a:centos:centos:seamonkey-dom-inspector", "p-cpe:/a:centos:centos:seamonkey-chat", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:seamonkey-nss", "p-cpe:/a:centos:centos:seamonkey-nspr", "p-cpe:/a:centos:centos:seamonkey", "p-cpe:/a:centos:centos:seamonkey-js-debugger", "p-cpe:/a:centos:centos:seamonkey-devel", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2008-0547.NASL", "href": "https://www.tenable.com/plugins/nessus/33399", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0547 and \n# CentOS Errata and Security Advisory 2008:0547 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33399);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-2798\", \"CVE-2008-2799\", \"CVE-2008-2800\", \"CVE-2008-2801\", \"CVE-2008-2802\", \"CVE-2008-2803\", \"CVE-2008-2805\", \"CVE-2008-2807\", \"CVE-2008-2808\", \"CVE-2008-2809\", \"CVE-2008-2810\", \"CVE-2008-2811\");\n script_bugtraq_id(30038);\n script_xref(name:\"RHSA\", value:\"2008:0547\");\n\n script_name(english:\"CentOS 3 / 4 : seamonkey (CESA-2008:0547)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated SeaMonkey packages that fix a security issues are now\navailable for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3\nand Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nMultiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause\nSeaMonkey to crash or, potentially, execute arbitrary code as the user\nrunning SeaMonkey. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a SeaMonkey user into surrendering sensitive\ninformation. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in SeaMonkey. A web page\ncontaining malicious content could cause SeaMonkey to reveal the\ncontents of a local file to a remote attacker. (CVE-2008-2805,\nCVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed\nby SeaMonkey. A malicious extension could read uninitialized memory,\npossibly leaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way SeaMonkey escaped a listing of local file\nnames. If a user could be tricked into listing a local directory\ncontaining malicious file names, arbitrary JavaScript could be run\nwith the permissions of the user running SeaMonkey. (CVE-2008-2808)\n\nA flaw was found in the way SeaMonkey displayed information about\nself-signed certificates. It was possible for a self-signed\ncertificate to contain multiple alternate name entries, which were not\nall displayed to the user, allowing them to mistakenly extend trust to\nan unknown site. (CVE-2008-2809)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-July/015056.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dfa95931\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-July/015057.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9e2c8baf\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-July/015060.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?34695ef5\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-July/015061.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ca81acd2\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-July/015066.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?218fda5a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 79, 200, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"seamonkey-1.0.9-0.20.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"seamonkey-1.0.9-0.20.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"seamonkey-chat-1.0.9-0.20.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"seamonkey-chat-1.0.9-0.20.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"seamonkey-devel-1.0.9-0.20.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"seamonkey-devel-1.0.9-0.20.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"seamonkey-dom-inspector-1.0.9-0.20.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"seamonkey-dom-inspector-1.0.9-0.20.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"seamonkey-js-debugger-1.0.9-0.20.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"seamonkey-js-debugger-1.0.9-0.20.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"seamonkey-mail-1.0.9-0.20.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"seamonkey-mail-1.0.9-0.20.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"seamonkey-nspr-1.0.9-0.20.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"seamonkey-nspr-1.0.9-0.20.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"seamonkey-nspr-devel-1.0.9-0.20.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"seamonkey-nspr-devel-1.0.9-0.20.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"seamonkey-nss-1.0.9-0.20.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"seamonkey-nss-1.0.9-0.20.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"seamonkey-nss-devel-1.0.9-0.20.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"seamonkey-nss-devel-1.0.9-0.20.el3.centos3\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-1.0.9-16.3.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-chat-1.0.9-16.3.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-devel-1.0.9-16.3.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-dom-inspector-1.0.9-16.3.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-js-debugger-1.0.9-16.3.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-mail-1.0.9-16.3.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-nspr-1.0.9-16.3.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-nspr-devel-1.0.9-16.3.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-nss-1.0.9-16.3.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-nss-devel-1.0.9-16.3.el4.centos\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-chat / seamonkey-devel / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:43:57", "description": "Multiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause\nFirefox to crash or, potentially, execute arbitrary code as the user\nrunning Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a Firefox user into surrendering sensitive\ninformation. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in Firefox. A web page\ncontaining malicious content could cause Firefox to reveal the\ncontents of a local file to a remote attacker. (CVE-2008-2805,\nCVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed\nby Firefox. A malicious extension could read uninitialized memory,\npossibly leaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way Firefox escaped a listing of local file\nnames. If a user could be tricked into listing a local directory\ncontaining malicious file names, arbitrary JavaScript could be run\nwith the permissions of the user running Firefox. (CVE-2008-2808)\n\nA flaw was found in the way Firefox displayed information about\nself-signed certificates. It was possible for a self-signed\ncertificate to contain multiple alternate name entries, which were not\nall displayed to the user, allowing them to mistakenly extend trust to\nan unknown site. (CVE-2008-2809)", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : firefox on SL 5.2 i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080702_FIREFOX_ON_SL_5_2.NASL", "href": "https://www.tenable.com/plugins/nessus/60434", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60434);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2798\", \"CVE-2008-2799\", \"CVE-2008-2800\", \"CVE-2008-2801\", \"CVE-2008-2802\", \"CVE-2008-2803\", \"CVE-2008-2805\", \"CVE-2008-2807\", \"CVE-2008-2808\", \"CVE-2008-2809\", \"CVE-2008-2810\", \"CVE-2008-2811\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL 5.2 i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause\nFirefox to crash or, potentially, execute arbitrary code as the user\nrunning Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a Firefox user into surrendering sensitive\ninformation. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in Firefox. A web page\ncontaining malicious content could cause Firefox to reveal the\ncontents of a local file to a remote attacker. (CVE-2008-2805,\nCVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed\nby Firefox. A malicious extension could read uninitialized memory,\npossibly leaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way Firefox escaped a listing of local file\nnames. If a user could be tricked into listing a local directory\ncontaining malicious file names, arbitrary JavaScript could be run\nwith the permissions of the user running Firefox. (CVE-2008-2808)\n\nA flaw was found in the way Firefox displayed information about\nself-signed certificates. It was possible for a self-signed\ncertificate to contain multiple alternate name entries, which were not\nall displayed to the user, allowing them to mistakenly extend trust to\nan unknown site. (CVE-2008-2809)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0807&L=scientific-linux-errata&T=0&P=75\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0f68ef96\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 79, 200, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"devhelp-0.12-17.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"devhelp-devel-0.12-17.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"firefox-3.0-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nspr-4.7.1-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nspr-devel-4.7.1-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nss-3.12.0.3-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nss-devel-3.12.0.3-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nss-pkcs11-devel-3.12.0.3-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nss-tools-3.12.0.3-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-1.9-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-devel-1.9-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-devel-unstable-1.9-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"yelp-2.16.0-19.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:44:10", "description": "From Red Hat Security Advisory 2008:0549 :\n\nAn updated firefox package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nMultiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause\nFirefox to crash or, potentially, execute arbitrary code as the user\nrunning Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a Firefox user into surrendering sensitive\ninformation. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in Firefox. A web page\ncontaining malicious content could cause Firefox to reveal the\ncontents of a local file to a remote attacker. (CVE-2008-2805,\nCVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed\nby Firefox. A malicious extension could read uninitialized memory,\npossibly leaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way Firefox escaped a listing of local file\nnames. If a user could be tricked into listing a local directory\ncontaining malicious file names, arbitrary JavaScript could be run\nwith the permissions of the user running Firefox. (CVE-2008-2808)\n\nA flaw was found in the way Firefox displayed information about\nself-signed certificates. It was possible for a self-signed\ncertificate to contain multiple alternate name entries, which were not\nall displayed to the user, allowing them to mistakenly extend trust to\nan unknown site. (CVE-2008-2809)\n\nAll Mozilla Firefox users should upgrade to this updated package,\nwhich contains backported patches that correct these issues.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : firefox (ELSA-2008-0549)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2008-0549.NASL", "href": "https://www.tenable.com/plugins/nessus/67714", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0549 and \n# Oracle Linux Security Advisory ELSA-2008-0549 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67714);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2798\", \"CVE-2008-2799\", \"CVE-2008-2800\", \"CVE-2008-2801\", \"CVE-2008-2802\", \"CVE-2008-2803\", \"CVE-2008-2805\", \"CVE-2008-2807\", \"CVE-2008-2808\", \"CVE-2008-2809\", \"CVE-2008-2810\", \"CVE-2008-2811\");\n script_bugtraq_id(30038);\n script_xref(name:\"RHSA\", value:\"2008:0549\");\n\n script_name(english:\"Oracle Linux 4 : firefox (ELSA-2008-0549)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0549 :\n\nAn updated firefox package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nMultiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause\nFirefox to crash or, potentially, execute arbitrary code as the user\nrunning Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a Firefox user into surrendering sensitive\ninformation. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in Firefox. A web page\ncontaining malicious content could cause Firefox to reveal the\ncontents of a local file to a remote attacker. (CVE-2008-2805,\nCVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed\nby Firefox. A malicious extension could read uninitialized memory,\npossibly leaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way Firefox escaped a listing of local file\nnames. If a user could be tricked into listing a local directory\ncontaining malicious file names, arbitrary JavaScript could be run\nwith the permissions of the user running Firefox. (CVE-2008-2808)\n\nA flaw was found in the way Firefox displayed information about\nself-signed certificates. It was possible for a self-signed\ncertificate to contain multiple alternate name entries, which were not\nall displayed to the user, allowing them to mistakenly extend trust to\nan unknown site. (CVE-2008-2809)\n\nAll Mozilla Firefox users should upgrade to this updated package,\nwhich contains backported patches that correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-July/000662.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 79, 200, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"firefox-1.5.0.12-0.19.0.1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:43:57", "description": "Multiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause\nSeaMonkey to crash or, potentially, execute arbitrary code as the user\nrunning SeaMonkey. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a SeaMonkey user into surrendering sensitive\ninformation. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in SeaMonkey. A web page\ncontaining malicious content could cause SeaMonkey to reveal the\ncontents of a local file to a remote attacker. (CVE-2008-2805,\nCVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed\nby SeaMonkey. A malicious extension could read uninitialized memory,\npossibly leaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way SeaMonkey escaped a listing of local file\nnames. If a user could be tricked into listing a local directory\ncontaining malicious file names, arbitrary JavaScript could be run\nwith the permissions of the user running SeaMonkey. (CVE-2008-2808)\n\nA flaw was found in the way SeaMonkey displayed information about\nself-signed certificates. It was possible for a self-signed\ncertificate to contain multiple alternate name entries, which were not\nall displayed to the user, allowing them to mistakenly extend trust to\nan unknown site. (CVE-2008-2809)", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080702_SEAMONKEY_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60435", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60435);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2798\", \"CVE-2008-2799\", \"CVE-2008-2800\", \"CVE-2008-2801\", \"CVE-2008-2802\", \"CVE-2008-2803\", \"CVE-2008-2805\", \"CVE-2008-2807\", \"CVE-2008-2808\", \"CVE-2008-2809\", \"CVE-2008-2810\", \"CVE-2008-2811\");\n\n script_name(english:\"Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause\nSeaMonkey to crash or, potentially, execute arbitrary code as the user\nrunning SeaMonkey. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a SeaMonkey user into surrendering sensitive\ninformation. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in SeaMonkey. A web page\ncontaining malicious content could cause SeaMonkey to reveal the\ncontents of a local file to a remote attacker. (CVE-2008-2805,\nCVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed\nby SeaMonkey. A malicious extension could read uninitialized memory,\npossibly leaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way SeaMonkey escaped a listing of local file\nnames. If a user could be tricked into listing a local directory\ncontaining malicious file names, arbitrary JavaScript could be run\nwith the permissions of the user running SeaMonkey. (CVE-2008-2808)\n\nA flaw was found in the way SeaMonkey displayed information about\nself-signed certificates. It was possible for a self-signed\ncertificate to contain multiple alternate name entries, which were not\nall displayed to the user, allowing them to mistakenly extend trust to\nan unknown site. (CVE-2008-2809)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0807&L=scientific-linux-errata&T=0&P=190\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fad7c633\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 79, 200, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-1.0.9-0.20.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-chat-1.0.9-0.20.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-devel-1.0.9-0.20.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-dom-inspector-1.0.9-0.20.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-js-debugger-1.0.9-0.20.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-mail-1.0.9-0.20.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nspr-1.0.9-0.20.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nspr-devel-1.0.9-0.20.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nss-1.0.9-0.20.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nss-devel-1.0.9-0.20.el3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-1.0.9-16.3.el4_6\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-chat-1.0.9-16.3.el4_6\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-devel-1.0.9-16.3.el4_6\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-dom-inspector-1.0.9-16.3.el4_6\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-js-debugger-1.0.9-16.3.el4_6\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-mail-1.0.9-16.3.el4_6\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-nspr-1.0.9-16.3.el4_6\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-nspr-devel-1.0.9-16.3.el4_6\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-nss-1.0.9-16.3.el4_6\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-nss-devel-1.0.9-16.3.el4_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:06:10", "description": "Updated SeaMonkey packages that fix a security issues are now\navailable for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3\nand Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nMultiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause\nSeaMonkey to crash or, potentially, execute arbitrary code as the user\nrunning SeaMonkey. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a SeaMonkey user into surrendering sensitive\ninformation. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in SeaMonkey. A web page\ncontaining malicious content could cause SeaMonkey to reveal the\ncontents of a local file to a remote attacker. (CVE-2008-2805,\nCVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed\nby SeaMonkey. A malicious extension could read uninitialized memory,\npossibly leaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way SeaMonkey escaped a listing of local file\nnames. If a user could be tricked into listing a local directory\ncontaining malicious file names, arbitrary JavaScript could be run\nwith the permissions of the user running SeaMonkey. (CVE-2008-2808)\n\nA flaw was found in the way SeaMonkey displayed information about\nself-signed certificates. It was possible for a self-signed\ncertificate to contain multiple alternate name entries, which were not\nall displayed to the user, allowing them to mistakenly extend trust to\nan unknown site. (CVE-2008-2809)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.", "edition": 27, "published": "2008-07-08T00:00:00", "title": "RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0547)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "modified": "2008-07-08T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:seamonkey", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nss-devel", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr", "p-cpe:/a:redhat:enterprise_linux:seamonkey-js-debugger", "p-cpe:/a:redhat:enterprise_linux:seamonkey-devel", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nss", "p-cpe:/a:redhat:enterprise_linux:seamonkey-mail", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr-devel", "p-cpe:/a:redhat:enterprise_linux:seamonkey-chat", "cpe:/o:redhat:enterprise_linux:4.6", "p-cpe:/a:redhat:enterprise_linux:seamonkey-dom-inspector"], "id": "REDHAT-RHSA-2008-0547.NASL", "href": "https://www.tenable.com/plugins/nessus/33423", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0547. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33423);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2798\", \"CVE-2008-2799\", \"CVE-2008-2800\", \"CVE-2008-2801\", \"CVE-2008-2802\", \"CVE-2008-2803\", \"CVE-2008-2805\", \"CVE-2008-2807\", \"CVE-2008-2808\", \"CVE-2008-2809\", \"CVE-2008-2810\", \"CVE-2008-2811\");\n script_bugtraq_id(30038);\n script_xref(name:\"RHSA\", value:\"2008:0547\");\n\n script_name(english:\"RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0547)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated SeaMonkey packages that fix a security issues are now\navailable for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3\nand Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nMultiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause\nSeaMonkey to crash or, potentially, execute arbitrary code as the user\nrunning SeaMonkey. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a SeaMonkey user into surrendering sensitive\ninformation. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in SeaMonkey. A web page\ncontaining malicious content could cause SeaMonkey to reveal the\ncontents of a local file to a remote attacker. (CVE-2008-2805,\nCVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed\nby SeaMonkey. A malicious extension could read uninitialized memory,\npossibly leaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way SeaMonkey escaped a listing of local file\nnames. If a user could be tricked into listing a local directory\ncontaining malicious file names, arbitrary JavaScript could be run\nwith the permissions of the user running SeaMonkey. (CVE-2008-2808)\n\nA flaw was found in the way SeaMonkey displayed information about\nself-signed certificates. It was possible for a self-signed\ncertificate to contain multiple alternate name entries, which were not\nall displayed to the user, allowing them to mistakenly extend trust to\nan unknown site. (CVE-2008-2809)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0547\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 79, 200, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(2\\.1|3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0547\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-1.0.9-0.17.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-chat-1.0.9-0.17.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-devel-1.0.9-0.17.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-dom-inspector-1.0.9-0.17.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-js-debugger-1.0.9-0.17.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-mail-1.0.9-0.17.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nspr-1.0.9-0.17.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nspr-devel-1.0.9-0.17.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nss-1.0.9-0.17.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nss-devel-1.0.9-0.17.el2\")) flag++;\n\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-1.0.9-0.20.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-chat-1.0.9-0.20.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-devel-1.0.9-0.20.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-dom-inspector-1.0.9-0.20.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-js-debugger-1.0.9-0.20.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-mail-1.0.9-0.20.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nspr-1.0.9-0.20.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nspr-devel-1.0.9-0.20.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nss-1.0.9-0.20.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nss-devel-1.0.9-0.20.el3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-1.0.9-16.3.el4_6\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-chat-1.0.9-16.3.el4_6\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-devel-1.0.9-16.3.el4_6\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-dom-inspector-1.0.9-16.3.el4_6\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-js-debugger-1.0.9-16.3.el4_6\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-mail-1.0.9-16.3.el4_6\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-nspr-1.0.9-16.3.el4_6\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-nspr-devel-1.0.9-16.3.el4_6\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-nss-1.0.9-16.3.el4_6\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-nss-devel-1.0.9-16.3.el4_6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-chat / seamonkey-devel / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:25:21", "description": "An updated firefox package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nMultiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause\nFirefox to crash or, potentially, execute arbitrary code as the user\nrunning Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a Firefox user into surrendering sensitive\ninformation. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in Firefox. A web page\ncontaining malicious content could cause Firefox to reveal the\ncontents of a local file to a remote attacker. (CVE-2008-2805,\nCVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed\nby Firefox. A malicious extension could read uninitialized memory,\npossibly leaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way Firefox escaped a listing of local file\nnames. If a user could be tricked into listing a local directory\ncontaining malicious file names, arbitrary JavaScript could be run\nwith the permissions of the user running Firefox. (CVE-2008-2808)\n\nA flaw was found in the way Firefox displayed information about\nself-signed certificates. It was possible for a self-signed\ncertificate to contain multiple alternate name entries, which were not\nall displayed to the user, allowing them to mistakenly extend trust to\nan unknown site. (CVE-2008-2809)\n\nAll Mozilla Firefox users should upgrade to this updated package,\nwhich contains backported patches that correct these issues.", "edition": 27, "published": "2008-07-08T00:00:00", "title": "CentOS 4 : firefox (CESA-2008:0549)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "modified": "2008-07-08T00:00:00", "cpe": ["cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:firefox"], "id": "CENTOS_RHSA-2008-0549.NASL", "href": "https://www.tenable.com/plugins/nessus/33400", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0549 and \n# CentOS Errata and Security Advisory 2008:0549 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33400);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-2798\", \"CVE-2008-2799\", \"CVE-2008-2800\", \"CVE-2008-2801\", \"CVE-2008-2802\", \"CVE-2008-2803\", \"CVE-2008-2805\", \"CVE-2008-2807\", \"CVE-2008-2808\", \"CVE-2008-2809\", \"CVE-2008-2810\", \"CVE-2008-2811\");\n script_bugtraq_id(30038);\n script_xref(name:\"RHSA\", value:\"2008:0549\");\n\n script_name(english:\"CentOS 4 : firefox (CESA-2008:0549)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated firefox package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nMultiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause\nFirefox to crash or, potentially, execute arbitrary code as the user\nrunning Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a Firefox user into surrendering sensitive\ninformation. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in Firefox. A web page\ncontaining malicious content could cause Firefox to reveal the\ncontents of a local file to a remote attacker. (CVE-2008-2805,\nCVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed\nby Firefox. A malicious extension could read uninitialized memory,\npossibly leaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way Firefox escaped a listing of local file\nnames. If a user could be tricked into listing a local directory\ncontaining malicious file names, arbitrary JavaScript could be run\nwith the permissions of the user running Firefox. (CVE-2008-2808)\n\nA flaw was found in the way Firefox displayed information about\nself-signed certificates. It was possible for a self-signed\ncertificate to contain multiple alternate name entries, which were not\nall displayed to the user, allowing them to mistakenly extend trust to\nan unknown site. (CVE-2008-2809)\n\nAll Mozilla Firefox users should upgrade to this updated package,\nwhich contains backported patches that correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-July/015062.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ce8774ae\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-July/015063.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?469ef019\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-July/015067.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b1c92b35\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 79, 200, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"firefox-1.5.0.12-0.19.el4.centos\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:06:12", "description": "Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nMultiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause\nFirefox to crash or, potentially, execute arbitrary code as the user\nrunning Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a Firefox user into surrendering sensitive\ninformation. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in Firefox. A web page\ncontaining malicious content could cause Firefox to reveal the\ncontents of a local file to a remote attacker. (CVE-2008-2805,\nCVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed\nby Firefox. A malicious extension could read uninitialized memory,\npossibly leaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way Firefox escaped a listing of local file\nnames. If a user could be tricked into listing a local directory\ncontaining malicious file names, arbitrary JavaScript could be run\nwith the permissions of the user running Firefox. (CVE-2008-2808)\n\nA flaw was found in the way Firefox displayed information about\nself-signed certificates. It was possible for a self-signed\ncertificate to contain multiple alternate name entries, which were not\nall displayed to the user, allowing them to mistakenly extend trust to\nan unknown site. (CVE-2008-2809)\n\nAll Mozilla Firefox users should upgrade to these updated packages,\nwhich contain backported patches that correct these issues.", "edition": 27, "published": "2008-07-08T00:00:00", "title": "RHEL 5 : firefox (RHSA-2008:0569)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "modified": "2008-07-08T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:xulrunner-devel-unstable", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:yelp", "p-cpe:/a:redhat:enterprise_linux:xulrunner", "p-cpe:/a:redhat:enterprise_linux:firefox", "cpe:/o:redhat:enterprise_linux:5.2", "p-cpe:/a:redhat:enterprise_linux:xulrunner-devel", "p-cpe:/a:redhat:enterprise_linux:devhelp-devel", "p-cpe:/a:redhat:enterprise_linux:devhelp"], "id": "REDHAT-RHSA-2008-0569.NASL", "href": "https://www.tenable.com/plugins/nessus/33425", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0569. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33425);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2798\", \"CVE-2008-2799\", \"CVE-2008-2800\", \"CVE-2008-2801\", \"CVE-2008-2802\", \"CVE-2008-2803\", \"CVE-2008-2805\", \"CVE-2008-2807\", \"CVE-2008-2808\", \"CVE-2008-2809\", \"CVE-2008-2810\", \"CVE-2008-2811\");\n script_bugtraq_id(30038);\n script_xref(name:\"RHSA\", value:\"2008:0569\");\n\n script_name(english:\"RHEL 5 : firefox (RHSA-2008:0569)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nMultiple flaws were found in the processing of malformed JavaScript\ncontent. A web page containing such malicious content could cause\nFirefox to crash or, potentially, execute arbitrary code as the user\nrunning Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a Firefox user into surrendering sensitive\ninformation. (CVE-2008-2800)\n\nTwo local file disclosure flaws were found in Firefox. A web page\ncontaining malicious content could cause Firefox to reveal the\ncontents of a local file to a remote attacker. (CVE-2008-2805,\nCVE-2008-2810)\n\nA flaw was found in the way a malformed .properties file was processed\nby Firefox. A malicious extension could read uninitialized memory,\npossibly leaking sensitive data to the extension. (CVE-2008-2807)\n\nA flaw was found in the way Firefox escaped a listing of local file\nnames. If a user could be tricked into listing a local directory\ncontaining malicious file names, arbitrary JavaScript could be run\nwith the permissions of the user running Firefox. (CVE-2008-2808)\n\nA flaw was found in the way Firefox displayed information about\nself-signed certificates. It was possible for a self-signed\ncertificate to contain multiple alternate name entries, which were not\nall displayed to the user, allowing them to mistakenly extend trust to\nan unknown site. (CVE-2008-2809)\n\nAll Mozilla Firefox users should upgrade to these updated packages,\nwhich contain backported patches that correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0569\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 79, 200, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:devhelp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel-unstable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0569\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"devhelp-0.12-17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"devhelp-devel-0.12-17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-3.0-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-1.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-devel-1.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xulrunner-devel-unstable-1.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xulrunner-devel-unstable-1.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xulrunner-devel-unstable-1.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"yelp-2.16.0-19.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"yelp-2.16.0-19.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"yelp-2.16.0-19.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"devhelp / devhelp-devel / firefox / xulrunner / xulrunner-devel / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:19:10", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1607-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 11, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : iceweasel\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2811\n\nSeveral remote vulnerabilities have been discovered in the Iceweasel\nwebbrowser, an unbranded version of the Firefox browser. The Common \nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2008-2798\n\n Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered\n crashes in the layout engine, which might allow the execution of\n arbitrary code.\n\nCVE-2008-2799\n\n Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in\n the Javascript engine, which might allow the execution of arbitrary code.\n\nCVE-2008-2800\n\n "moz_bug_r_a4" discovered several cross-site scripting vulnerabilities.\n\nCVE-2008-2801\n\n Collin Jackson and Adam Barth discovered that Javascript code\n could be executed in the context or signed JAR archives.\n\nCVE-2008-2802\n\n "moz_bug_r_a4" discovered that XUL documements can escalate\n privileges by accessing the pre-compiled "fastload" file.\n\nCVE-2008-2803\n\n "moz_bug_r_a4" discovered that missing input sanitising in the\n mozIJSSubScriptLoader.loadSubScript() function could lead to the\n execution of arbitrary code. Iceweasel itself is not affected, but\n some addons are.\n\nCVE-2008-2805\n\n Claudio Santambrogio discovered that missing access validation in\n DOM parsing allows malicious web sites to force the browser to\n upload local files to the server, which could lead to information\n disclosure.\n\nCVE-2008-2807\n\n Daniel Glazman discovered that a programming error in the code for\n parsing .properties files could lead to memory content being\n exposed to addons, which could lead to information disclosure.\n\nCVE-2008-2808\n\n Masahiro Yamada discovered that file URLS in directory listings\n were insufficiently escaped.\n\nCVE-2008-2809\n\n John G. Myers, Frank Benkstein and Nils Toedtmann discovered that\n alternate names on self-signed certificates were handled\n insufficiently, which could lead to spoofings secure connections.\n\nCVE-2008-2811\n\n Greg McManus discovered discovered a crash in the block reflow\n code, which might allow the execution of arbitrary code.\n\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.0.15-0etch1.\n\nIceweasel from the unstable distribution (sid) links dynamically\nagainst the xulrunner library.\n\nWe recommend that you upgrade your iceweasel package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.15.orig.tar.gz\n Size/MD5 checksum: 47244449 4fb7fdf128d5c8ce5e880510e58f5cfa\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.15-0etch1.dsc\n Size/MD5 checksum: 1289 f29a9bb4fd9f71d203de489050e1f5f5\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.15-0etch1.diff.gz\n Size/MD5 checksum: 186551 355acbaea7631bbfa0a1013902a7c82a\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.15-0etch1_all.deb\n Size/MD5 checksum: 55052 f166a298b2e71f4e478c01dc99e9601f\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.15-0etch1_all.deb\n Size/MD5 checksum: 239592 281c8418a4d86ab976acf4fd65033606\n http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.15-0etch1_all.deb\n Size/MD5 checksum: 54520 283777c2a1be7e90d85e7f900c085f40\n http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.15-0etch1_all.deb\n Size/MD5 checksum: 54262 06e72fcbbe44c5d4125137786dfb8011\n http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.15-0etch1_all.deb\n Size/MD5 checksum: 54260 cb6f4ccf969394a3f5b650fb0f8de834\n http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.15-0etch1_all.deb\n Size/MD5 checksum: 54376 fe9ef4ef5de1b277d8a532aeaaaf5581\n http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.15-0etch1_all.deb\n Size/MD5 checksum: 54412 2728ff70a7e5051d7dc5bb424ca17a79\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.15-0etch1_amd64.deb\n Size/MD5 checksum: 50156300 9ab61c77c9b1bb6af19448d2300b3277\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.15-0etch1_amd64.deb\n Size/MD5 checksum: 87772 a3c3f310edeba4b18dfbb8880c8d76f9\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.15-0etch1_amd64.deb\n Size/MD5 checksum: 10202026 6017a343bcee74e5922218b25b00a9d9\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.15-0etch1_hppa.deb\n Size/MD5 checksum: 50526254 29a44a85fd87708cc9c1f8a4bb10f346\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.15-0etch1_hppa.deb\n Size/MD5 checksum: 11108034 8e9c155e5a4128bed37260c0ad7a0c1b\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.15-0etch1_hppa.deb\n Size/MD5 checksum: 89312 1a2507f73581e80103806bda8c673abd\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.15-0etch1_i386.deb\n Size/MD5 checksum: 49553216 2f70c9f1fb5306d9f937613b3cc84cda\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.15-0etch1_i386.deb\n Size/MD5 checksum: 81902 34948a1ed1b8558e0804860914cd0c72\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.15-0etch1_i386.deb\n Size/MD5 checksum: 9117184 f77fc0ad893338c987f206101facd9f0\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.15-0etch1_ia64.deb\n Size/MD5 checksum: 14150826 de782a5715826236aacf2311f43ef949\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.15-0etch1_ia64.deb\n Size/MD5 checksum: 50499040 fe8b0f690dd078d0997b27ba36a0e510\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.15-0etch1_ia64.deb\n Size/MD5 checksum: 100112 ab756247dd84e77695ff6b4dfab96cd3\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.15-0etch1_mips.deb\n Size/MD5 checksum: 11058248 30d13ac857eddbbeeb6d19fc2a4f9b75\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.15-0etch1_mips.deb\n Size/MD5 checksum: 83040 07fc599646c9d80e43fe84e4509d34b7\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.15-0etch1_mips.deb\n Size/MD5 checksum: 53950398 74967273393c4b168c101eae383577ff\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.15-0etch1_mipsel.deb\n Size/MD5 checksum: 52499994 9c02fbe217402e9c00ef01fa103dc43d\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.15-0etch1_mipsel.deb\n Size/MD5 checksum: 10759554 cd00c8429e986dc2399c60cd8c131b2a\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.15-0etch1_mipsel.deb\n Size/MD5 checksum: 83054 66561cb487daf2a9df80c8c1722fcce1\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.15-0etch1_powerpc.deb\n Size/MD5 checksum: 9935232 0d405869b71246057614dc440c2c685c\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.15-0etch1_powerpc.deb\n Size/MD5 checksum: 83630 46e7175e4b0e1bf27a5254c7bc332eaa\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.15-0etch1_powerpc.deb\n Size/MD5 checksum: 51949586 589452bc8022d7947522d4e596f6388a\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.15-0etch1_s390.deb\n Size/MD5 checksum: 88034 a29c5e9842d6704818cce57a3cb53d1e\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.15-0etch1_s390.deb\n Size/MD5 checksum: 50828486 9f956f6e6a3a40ea666dc3b9bb4888db\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.15-0etch1_s390.deb\n Size/MD5 checksum: 10359442 86e9bac75060c34d0c42826e38b0e6ae\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.15-0etch1_sparc.deb\n Size/MD5 checksum: 81748 6fc2cc53b1d64b48b24ab8b81c9027a4\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.15-0etch1_sparc.deb\n Size/MD5 checksum: 49164610 e334feea6dd3c72cc2a49af2b3e25e33\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.15-0etch1_sparc.deb\n Size/MD5 checksum: 9138482 2a301be276e18b5605454682b37ddefd\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2008-07-11T16:12:02", "published": "2008-07-11T16:12:02", "id": "DEBIAN:DSA-1607-1:B84D2", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00188.html", "title": "[SECURITY] [DSA 1607-1] New iceweasel packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:45:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2801", "CVE-2008-2799", "CVE-2008-2803", "CVE-2008-2807", "CVE-2008-2810", "CVE-2008-2805", "CVE-2008-2808", "CVE-2008-2800", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-2811", "CVE-2008-2798", "CVE-2008-2806"], "description": "Mozilla Firefox was updated to version 2.0.0.15, fixing various bugs including following security bugs.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2008-07-11T13:26:28", "published": "2008-07-11T13:26:28", "id": "SUSE-SA:2008:034", "href": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html", "type": "suse", "title": "remote code execution in MozillaFirefox", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
