Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2011 Greenbone AGOPENVAS:1361412562310880896
HistoryAug 09, 2011 - 12:00 a.m.

CentOS Update for seamonkey CESA-2009:1431 centos4 i386

2011-08-0900:00:00
Copyright (C) 2011 Greenbone AG
plugins.openvas.org
21

6.6 Medium

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.906 High

EPSS

Percentile

98.8%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2009-September/016136.html");
  script_oid("1.3.6.1.4.1.25623.1.0.880896");
  script_version("2023-07-12T05:05:04+0000");
  script_tag(name:"last_modification", value:"2023-07-12 05:05:04 +0000 (Wed, 12 Jul 2023)");
  script_tag(name:"creation_date", value:"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_xref(name:"CESA", value:"2009:1431");
  script_cve_id("CVE-2009-2654", "CVE-2009-3072", "CVE-2009-3075", "CVE-2009-3076", "CVE-2009-3077");
  script_name("CentOS Update for seamonkey CESA-2009:1431 centos4 i386");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'seamonkey'
  package(s) announced via the referenced advisory.");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 Greenbone AG");
  script_family("CentOS Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS4");
  script_tag(name:"affected", value:"seamonkey on CentOS 4");
  script_tag(name:"insight", value:"SeaMonkey is an open source Web browser, email and newsgroup client, IRC
  chat client, and HTML editor.

  Several flaws were found in the processing of malformed web content. A web
  page containing malicious content could cause SeaMonkey to crash or,
  potentially, execute arbitrary code with the privileges of the user running
  SeaMonkey. (CVE-2009-3072, CVE-2009-3075)

  A use-after-free flaw was found in SeaMonkey. An attacker could use this
  flaw to crash SeaMonkey or, potentially, execute arbitrary code with the
  privileges of the user running SeaMonkey. (CVE-2009-3077)

  Descriptions in the dialogs when adding and removing PKCS #11 modules were
  not informative. An attacker able to trick a user into installing a
  malicious PKCS #11 module could use this flaw to install their own
  Certificate Authority certificates on a user's machine, making it possible
  to trick the user into believing they are viewing a trusted site or,
  potentially, execute arbitrary code with the privileges of the user running
  SeaMonkey. (CVE-2009-3076)

  A flaw was found in the way SeaMonkey displays the address bar when
  window.open() is called in a certain way. An attacker could use this flaw
  to conceal a malicious URL, possibly tricking a user into believing they
  are viewing a trusted site. (CVE-2009-2654)

  All SeaMonkey users should upgrade to these updated packages, which correct
  these issues. After installing the update, SeaMonkey must be restarted for
  the changes to take effect.");
  script_tag(name:"solution", value:"Please install the updated packages.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "CentOS4")
{

  if ((res = isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~1.0.9~48.el4.centos", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"seamonkey-chat", rpm:"seamonkey-chat~1.0.9~48.el4.centos", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"seamonkey-devel", rpm:"seamonkey-devel~1.0.9~48.el4.centos", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"seamonkey-dom-inspector", rpm:"seamonkey-dom-inspector~1.0.9~48.el4.centos", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"seamonkey-js-debugger", rpm:"seamonkey-js-debugger~1.0.9~48.el4.centos", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"seamonkey-mail", rpm:"seamonkey-mail~1.0.9~48.el4.centos", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

Related

redhat 3
openvas 61
centos 3
oraclelinux 2
nessus 41
osv 2
debian 3
fedora 41
ubuntu 3
securityvulns 6
freebsd 2
mozilla 4
prion 5
ubuntucve 5
veracode 5
suse 1
checkpoint_advisories 2
cve 5
saint 4
zdi 1
redhat
redhat
(RHSA-2009:1431) Critical: seamonkey security update
2009-09-09 00:00:00
(RHSA-2009:1432) Critical: seamonkey security update
2009-09-09 00:00:00
(RHSA-2009:1430) Critical: firefox security update
2009-09-09 00:00:00
openvas
openvas
CentOS Update for seamonkey CESA-2009:1431 centos4 i386
2011-08-09 00:00:00
CentOS Security Advisory CESA-2009:1431 (seamonkey)
2009-09-15 00:00:00
RedHat Security Advisory RHSA-2009:1431
2009-09-15 00:00:00
centos
centos
seamonkey security update
2009-09-10 22:51:03
seamonkey security update
2009-09-10 11:03:30
firefox, nspr, xulrunner security update
2009-09-10 22:47:20
oraclelinux
oraclelinux
seamonkey security update
2009-09-10 00:00:00
firefox security update
2009-09-10 00:00:00
nessus
nessus
RHEL 4 : seamonkey (RHSA-2009:1431)
2009-09-10 00:00:00
Oracle Linux 3 : seamonkey (ELSA-2009-1432)
2013-07-12 00:00:00
CentOS 4 : seamonkey (CESA-2009:1431)
2009-09-11 00:00:00
osv
osv
xulrunner - several vulnerabilities
2009-09-14 00:00:00
icedove - several vulnerabilities
2010-03-31 00:00:00
debian
debian
[SECURITY] [DSA 1885-1] New xulrunner packages fix several vulnerabilities
2009-09-14 17:05:35
[SECURITY] [DSA 1873-1] New xulrunner packages fix spoofing vulnerabilities
2009-08-26 18:51:42
[SECURITY] [DSA 2025-1] New icedove packages fix several vulnerabilities
2010-03-31 08:41:27
fedora
fedora
[SECURITY] Fedora 10 Update: blam-1.8.5-14.fc10
2009-09-11 23:28:07
[SECURITY] Fedora 10 Update: perl-Gtk2-MozEmbed-0.08-6.fc10.5
2009-09-11 23:28:07
[SECURITY] Fedora 10 Update: xulrunner-1.9.0.14-1.fc10
2009-09-11 23:28:07
ubuntu
ubuntu
Firefox and Xulrunner vulnerabilities
2009-09-10 00:00:00
Thunderbird vulnerabilities
2010-03-18 00:00:00
Firefox and Xulrunner vulnerability
2009-08-08 00:00:00
securityvulns
securityvulns
Mozilla Firefox multiple security vulnerabilities
2009-09-11 00:00:00
Mozilla Foundation Security Advisory 2010-07
2010-04-06 00:00:00
Mozilla Foundation Security Advisory 2009-49
2009-09-10 00:00:00
freebsd
freebsd
mozilla firefox -- multiple vulnerabilities
2009-09-10 00:00:00
mozilla -- multiple vulnerabilities
2010-03-16 00:00:00
mozilla
mozilla
Fixes for potentially exploitable crashes ported to the legacy branch — Mozilla
2010-03-16 00:00:00
TreeColumns dangling pointer vulnerability — Mozilla
2009-09-09 00:00:00
Insufficient warning for PKCS11 module installation and removal — Mozilla
2009-09-09 00:00:00
prion
prion
Memory corruption
2009-09-10 21:30:00
Design/Logic Flaw
2009-09-10 21:30:00
Code injection
2009-09-10 21:30:00
ubuntucve
ubuntucve
CVE-2009-3072
2009-09-10 00:00:00
CVE-2009-3077
2009-09-10 00:00:00
CVE-2009-3076
2009-09-10 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2020-04-10 00:37:58
Unauthorized Installation Or Removal
2020-04-10 00:38:01
Remote Code Execution (RCE)
2020-04-10 00:38:02
suse
suse
remote code execution in MozillaFirefox
2009-10-20 17:59:46
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox PKCS11 Module Installation Code Execution (CVE-2009-3076)
2010-05-12 00:00:00
Mozilla Multiple Products JavaScript String Replace Buffer Overflow (CVE-2009-3075)
2010-05-26 00:00:00
cve
cve
CVE-2009-3072
2009-09-10 21:30:00
CVE-2009-3076
2009-09-10 21:30:00
CVE-2009-3077
2009-09-10 21:30:00
saint
saint
Mozilla Firefox PKCS11 Module Installation Code Execution
2009-09-24 00:00:00
Mozilla Firefox PKCS11 Module Installation Code Execution
2009-09-24 00:00:00
Mozilla Firefox PKCS11 Module Installation Code Execution
2009-09-24 00:00:00
zdi
zdi
Mozilla Firefox TreeColumns Dangling Pointer Vulnerability
2009-09-10 00:00:00

6.6 Medium

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.906 High

EPSS

Percentile

98.8%

JSON
Related for OPENVAS:1361412562310880896
redhat3openvas61centos3oraclelinux2nessus41osv2debian3fedora41ubuntu3securityvulns6freebsd2mozilla4prion5ubuntucve5veracode5suse1checkpoint_advisories2cve5saint4zdi1