Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2017-1048)

2020-01-23T00:00:00

Description

The remote host is missing an update for the Huawei EulerOS

{"id": "OPENVAS:1361412562311220171048", "type": "openvas", "bulletinFamily": "scanner", "title": "Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2017-1048)", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "published": "2020-01-23T00:00:00", "modified": "2020-01-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171048", "reporter": "Copyright (C) 2020 Greenbone Networks GmbH", "references": ["2017-1048", "https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1048"], "cvelist": ["CVE-2017-5410", "CVE-2017-5408", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5401", "CVE-2017-5398", "CVE-2017-5428", "CVE-2017-5404", "CVE-2017-5402"], "lastseen": "2020-01-27T18:37:50", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-201703-15", "ASA-201703-2", "ASA-201703-3"]}, {"type": "centos", "idList": ["CESA-2017:0459", "CESA-2017:0461", "CESA-2017:0498", "CESA-2017:0558"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-0467", "CPAI-2018-0801"]}, {"type": "cve", "idList": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410", "CVE-2017-5428"]}, {"type": "debian", "idList": ["DEBIAN:DLA-852-1:E11AE", "DEBIAN:DLA-852-1:E6020", "DEBIAN:DLA-896-1:AEB5D", "DEBIAN:DSA-3805-1:73235", "DEBIAN:DSA-3832-1:2645B"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-5398", "DEBIANCVE:CVE-2017-5400", "DEBIANCVE:CVE-2017-5401", "DEBIANCVE:CVE-2017-5402", "DEBIANCVE:CVE-2017-5404", "DEBIANCVE:CVE-2017-5405", "DEBIANCVE:CVE-2017-5407", "DEBIANCVE:CVE-2017-5408", "DEBIANCVE:CVE-2017-5410", "DEBIANCVE:CVE-2017-5428"]}, {"type": "fedora", "idList": ["FEDORA:600E16075DAE", "FEDORA:974106070D38"]}, {"type": "freebsd", "idList": ["5F453B69-ABAB-4E76-B6E5-2ED0BAFCAEE3", "96ECA031-1313-4DAF-9BE2-9D6E1C4F1EB5"]}, {"type": "gentoo", "idList": ["GLSA-201705-06", "GLSA-201705-07"]}, {"type": "ibm", "idList": ["56C4DDBFFBFCB5FD1EB3D659ACD4BAD8BFCC757AA737E42F54F79E6BEC41F7CA"]}, {"type": "kaspersky", "idList": ["KLA10969", "KLA10970", "KLA10971", "KLA10994"]}, {"type": "mageia", "idList": ["MGASA-2017-0081", "MGASA-2017-0082", "MGASA-2018-0018"]}, {"type": "mozilla", "idList": ["MFSA2017-05", "MFSA2017-06", "MFSA2017-07", "MFSA2017-08", "MFSA2017-09"]}, {"type": "nessus", "idList": ["700012.PRM", "700013.PRM", "9986.PRM", "9987.PRM", "CENTOS_RHSA-2017-0459.NASL", "CENTOS_RHSA-2017-0461.NASL", "CENTOS_RHSA-2017-0498.NASL", "CENTOS_RHSA-2017-0558.NASL", "DEBIAN_DLA-852.NASL", "DEBIAN_DLA-896.NASL", "DEBIAN_DSA-3805.NASL", "DEBIAN_DSA-3832.NASL", "EULEROS_SA-2017-1047.NASL", "EULEROS_SA-2017-1048.NASL", "FEDORA_2017-9E1CCFE586.NASL", "FEDORA_2017-CD33654294.NASL", "FREEBSD_PKG_5F453B69ABAB4E76B6E52ED0BAFCAEE3.NASL", "FREEBSD_PKG_96ECA03113134DAF9BE29D6E1C4F1EB5.NASL", "GENTOO_GLSA-201705-06.NASL", "GENTOO_GLSA-201705-07.NASL", "MACOSX_FIREFOX_45_8_ESR.NASL", "MACOSX_FIREFOX_52.NASL", "MACOSX_FIREFOX_52_0_1.NASL", "MACOSX_FIREFOX_52_0_1_ESR.NASL", "MACOSX_THUNDERBIRD_45_8.NASL", "MOZILLA_FIREFOX_45_8_ESR.NASL", "MOZILLA_FIREFOX_52.NASL", "MOZILLA_FIREFOX_52_0_1.NASL", "MOZILLA_FIREFOX_52_0_1ESR.NASL", "MOZILLA_THUNDERBIRD_45_8.NASL", "NEWSTART_CGSL_NS-SA-2019-0103_FIREFOX.NASL", "NEWSTART_CGSL_NS-SA-2019-0110_THUNDERBIRD.NASL", "OPENSUSE-2017-344.NASL", "OPENSUSE-2017-345.NASL", "OPENSUSE-2017-368.NASL", "OPENSUSE-2017-545.NASL", "ORACLELINUX_ELSA-2017-0459.NASL", "ORACLELINUX_ELSA-2017-0461.NASL", "ORACLELINUX_ELSA-2017-0498.NASL", "ORACLELINUX_ELSA-2017-0558.NASL", "REDHAT-RHSA-2017-0459.NASL", "REDHAT-RHSA-2017-0461.NASL", "REDHAT-RHSA-2017-0498.NASL", "REDHAT-RHSA-2017-0558.NASL", "SL_20170308_FIREFOX_ON_SL5_X.NASL", "SL_20170308_FIREFOX_ON_SL7_X.NASL", "SL_20170314_THUNDERBIRD_ON_SL5_X.NASL", "SL_20170317_FIREFOX_ON_SL7_X.NASL", "SUSE_SU-2017-0714-1.NASL", "SUSE_SU-2017-0732-1.NASL", "UBUNTU_USN-3216-1.NASL", "UBUNTU_USN-3216-2.NASL", "UBUNTU_USN-3233-1.NASL", "UBUNTU_USN-3238-1.NASL", "VIRTUOZZO_VZLSA-2017-0459.NASL", "VIRTUOZZO_VZLSA-2017-0461.NASL", "VIRTUOZZO_VZLSA-2017-0498.NASL", "VIRTUOZZO_VZLSA-2017-0558.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703805", "OPENVAS:1361412562310703832", "OPENVAS:1361412562310809312", "OPENVAS:1361412562310809348", "OPENVAS:1361412562310809808", "OPENVAS:1361412562310809882", "OPENVAS:1361412562310809887", "OPENVAS:1361412562310809899", "OPENVAS:1361412562310810819", "OPENVAS:1361412562310810820", "OPENVAS:1361412562310810821", "OPENVAS:1361412562310810822", "OPENVAS:1361412562310810837", "OPENVAS:1361412562310810838", "OPENVAS:1361412562310843080", "OPENVAS:1361412562310843100", "OPENVAS:1361412562310843109", "OPENVAS:1361412562310843122", "OPENVAS:1361412562310851523", "OPENVAS:1361412562310851526", "OPENVAS:1361412562310871770", "OPENVAS:1361412562310871771", "OPENVAS:1361412562310871772", "OPENVAS:1361412562310871774", "OPENVAS:1361412562310872521", "OPENVAS:1361412562310872528", "OPENVAS:1361412562310882675", "OPENVAS:1361412562310882676", "OPENVAS:1361412562310882677", "OPENVAS:1361412562310882679", "OPENVAS:1361412562310882680", "OPENVAS:1361412562310882681", "OPENVAS:1361412562310882683", "OPENVAS:1361412562310890852", "OPENVAS:1361412562310890896", "OPENVAS:1361412562311220171047", "OPENVAS:703805", "OPENVAS:703832"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-0459", "ELSA-2017-0461", "ELSA-2017-0498", "ELSA-2017-0558", "ELSA-2017-1104", "ELSA-2018-2113", "ELSA-2018-2693", "ELSA-2019-3281", "ELSA-2019-4108", "ELSA-2020-0086", "ELSA-2020-0521", "ELSA-2020-0816", "ELSA-2020-1339", "ELSA-2020-1406", "ELSA-2020-1429", "ELSA-2020-2036", "ELSA-2020-2378"]}, {"type": "osv", "idList": ["OSV:DLA-852-1", "OSV:DLA-896-1", "OSV:DSA-3805-1", "OSV:DSA-3832-1"]}, {"type": "redhat", "idList": ["RHSA-2017:0459", "RHSA-2017:0461", "RHSA-2017:0498", "RHSA-2017:0558"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-5398", "RH:CVE-2017-5400", "RH:CVE-2017-5401", "RH:CVE-2017-5402", "RH:CVE-2017-5404", "RH:CVE-2017-5405", "RH:CVE-2017-5407", "RH:CVE-2017-5408", "RH:CVE-2017-5410", "RH:CVE-2017-5428"]}, {"type": "seebug", "idList": ["SSV:92853"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:0690-1", "OPENSUSE-SU-2017:0765-1", "SUSE-SU-2017:0714-1", "SUSE-SU-2017:0732-1"]}, {"type": "ubuntu", "idList": ["USN-3216-1", "USN-3216-2", "USN-3233-1", "USN-3238-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-5398", "UB:CVE-2017-5400", "UB:CVE-2017-5401", "UB:CVE-2017-5402", "UB:CVE-2017-5404", "UB:CVE-2017-5405", "UB:CVE-2017-5407", "UB:CVE-2017-5408", "UB:CVE-2017-5410", "UB:CVE-2017-5428"]}, {"type": "zdi", "idList": ["ZDI-17-234"]}, {"type": "zdt", "idList": ["1337DAY-ID-27356"]}]}, "score": {"value": 0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "archlinux", "idList": ["ASA-201703-15", "ASA-201703-2", "ASA-201703-3"]}, {"type": "centos", "idList": ["CESA-2017:0459", "CESA-2017:0461", "CESA-2017:0498", "CESA-2017:0558"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0801"]}, {"type": "cve", "idList": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410", "CVE-2017-5428"]}, {"type": "debian", "idList": ["DEBIAN:DLA-852-1:E6020", "DEBIAN:DLA-896-1:AEB5D", "DEBIAN:DSA-3805-1:73235", "DEBIAN:DSA-3832-1:2645B"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-5398", "DEBIANCVE:CVE-2017-5400", "DEBIANCVE:CVE-2017-5401", "DEBIANCVE:CVE-2017-5402", "DEBIANCVE:CVE-2017-5404", "DEBIANCVE:CVE-2017-5405", "DEBIANCVE:CVE-2017-5407", "DEBIANCVE:CVE-2017-5408", "DEBIANCVE:CVE-2017-5410", "DEBIANCVE:CVE-2017-5428"]}, {"type": "fedora", "idList": ["FEDORA:600E16075DAE", "FEDORA:974106070D38"]}, {"type": "freebsd", "idList": ["5F453B69-ABAB-4E76-B6E5-2ED0BAFCAEE3", "96ECA031-1313-4DAF-9BE2-9D6E1C4F1EB5"]}, {"type": "gentoo", "idList": ["GLSA-201705-06", "GLSA-201705-07"]}, {"type": "ibm", "idList": ["56C4DDBFFBFCB5FD1EB3D659ACD4BAD8BFCC757AA737E42F54F79E6BEC41F7CA"]}, {"type": "kaspersky", "idList": ["KLA10969", "KLA10970", "KLA10971", "KLA10994"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2017-5429/", "MSF:ILITIES/SUSE-CVE-2017-5433/", "MSF:ILITIES/SUSE-CVE-2017-5435/", "MSF:ILITIES/SUSE-CVE-2017-5438/", "MSF:ILITIES/SUSE-CVE-2017-5439/", "MSF:ILITIES/SUSE-CVE-2017-5440/", "MSF:ILITIES/SUSE-CVE-2017-5442/", "MSF:ILITIES/SUSE-CVE-2017-5445/", "MSF:ILITIES/SUSE-CVE-2017-5447/", "MSF:ILITIES/SUSE-CVE-2017-5464/", "MSF:ILITIES/SUSE-CVE-2017-5469/", "MSF:ILITIES/UBUNTU-CVE-2017-5429/", "MSF:ILITIES/UBUNTU-CVE-2017-5434/", "MSF:ILITIES/UBUNTU-CVE-2017-5440/", "MSF:ILITIES/UBUNTU-CVE-2017-5445/"]}, {"type": "mozilla", "idList": ["MFSA2017-05"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2017-0459.NASL", "CENTOS_RHSA-2017-0461.NASL", "CENTOS_RHSA-2017-0498.NASL", "CENTOS_RHSA-2017-0558.NASL", "DEBIAN_DLA-852.NASL", "DEBIAN_DLA-896.NASL", "DEBIAN_DSA-3805.NASL", "DEBIAN_DSA-3832.NASL", "EULEROS_SA-2017-1047.NASL", "EULEROS_SA-2017-1048.NASL", "FEDORA_2017-9E1CCFE586.NASL", "FEDORA_2017-CD33654294.NASL", "FREEBSD_PKG_5F453B69ABAB4E76B6E52ED0BAFCAEE3.NASL", "FREEBSD_PKG_96ECA03113134DAF9BE29D6E1C4F1EB5.NASL", "GENTOO_GLSA-201705-06.NASL", "GENTOO_GLSA-201705-07.NASL", "MOZILLA_FIREFOX_45_8_ESR.NASL", "MOZILLA_FIREFOX_52.NASL", "MOZILLA_FIREFOX_52_0_1.NASL", "MOZILLA_FIREFOX_52_0_1ESR.NASL", "MOZILLA_THUNDERBIRD_45_8.NASL", "OPENSUSE-2017-344.NASL", "OPENSUSE-2017-345.NASL", "OPENSUSE-2017-368.NASL", "OPENSUSE-2017-545.NASL", "ORACLELINUX_ELSA-2017-0459.NASL", "ORACLELINUX_ELSA-2017-0461.NASL", "ORACLELINUX_ELSA-2017-0498.NASL", "ORACLELINUX_ELSA-2017-0558.NASL", "REDHAT-RHSA-2017-0459.NASL", "REDHAT-RHSA-2017-0461.NASL", "REDHAT-RHSA-2017-0498.NASL", "REDHAT-RHSA-2017-0558.NASL", "SL_20170308_FIREFOX_ON_SL5_X.NASL", "SL_20170308_FIREFOX_ON_SL7_X.NASL", "SL_20170314_THUNDERBIRD_ON_SL5_X.NASL", "SL_20170317_FIREFOX_ON_SL7_X.NASL", "SUSE_SU-2017-0714-1.NASL", "SUSE_SU-2017-0732-1.NASL", "UBUNTU_USN-3216-2.NASL", "UBUNTU_USN-3233-1.NASL", "UBUNTU_USN-3238-1.NASL", "VIRTUOZZO_VZLSA-2017-0459.NASL", "VIRTUOZZO_VZLSA-2017-0461.NASL", "VIRTUOZZO_VZLSA-2017-0498.NASL", "VIRTUOZZO_VZLSA-2017-0558.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310809312", "OPENVAS:1361412562310809348", "OPENVAS:1361412562310809808", "OPENVAS:1361412562310809882", "OPENVAS:1361412562310809887", "OPENVAS:1361412562310809899", "OPENVAS:1361412562310810819", "OPENVAS:1361412562310810820", "OPENVAS:1361412562310810821", "OPENVAS:1361412562310810822", "OPENVAS:1361412562310810837", "OPENVAS:1361412562310810838", "OPENVAS:1361412562310843100", "OPENVAS:1361412562310843109", "OPENVAS:1361412562310843122", "OPENVAS:1361412562310851523", "OPENVAS:1361412562310851526", "OPENVAS:1361412562310871770", "OPENVAS:1361412562310871771", "OPENVAS:1361412562310871772", "OPENVAS:1361412562310871774", "OPENVAS:1361412562310872521", "OPENVAS:1361412562310872528", "OPENVAS:1361412562310882675", "OPENVAS:1361412562310882676", "OPENVAS:1361412562310882677", "OPENVAS:1361412562310882679", "OPENVAS:1361412562310882680", "OPENVAS:1361412562310882681", "OPENVAS:1361412562310882683", "OPENVAS:703805", "OPENVAS:703832"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-0459", "ELSA-2017-0461", "ELSA-2017-0498", "ELSA-2017-0558", "ELSA-2017-1104"]}, {"type": "redhat", "idList": ["RHSA-2017:0558"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-5398", "RH:CVE-2017-5400", "RH:CVE-2017-5401", "RH:CVE-2017-5402", "RH:CVE-2017-5404", "RH:CVE-2017-5405", "RH:CVE-2017-5407", "RH:CVE-2017-5408", "RH:CVE-2017-5410", "RH:CVE-2017-5428"]}, {"type": "seebug", "idList": ["SSV:92853"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:0690-1", "OPENSUSE-SU-2017:0765-1", "SUSE-SU-2017:0714-1", "SUSE-SU-2017:0732-1"]}, {"type": "ubuntu", "idList": ["USN-3216-2", "USN-3238-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-5398", "UB:CVE-2017-5400", "UB:CVE-2017-5401", "UB:CVE-2017-5402", "UB:CVE-2017-5404", "UB:CVE-2017-5405", "UB:CVE-2017-5407", "UB:CVE-2017-5408", "UB:CVE-2017-5410", "UB:CVE-2017-5428"]}, {"type": "zdi", "idList": ["ZDI-17-234"]}, {"type": "zdt", "idList": ["1337DAY-ID-27356"]}]}, "exploitation": null, "vulnersScore": 0.3}, "pluginID": "1361412562311220171048", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1048\");\n script_version(\"2020-01-23T15:42:05+0000\");\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\", \"CVE-2017-5428\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 15:42:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:46:27 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2017-1048)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1048\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1048\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'firefox' package(s) announced via the EulerOS-SA-2017-1048 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405, CVE-2017-5428)\");\n\n script_tag(name:\"affected\", value:\"'firefox' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~52.0~5.0.1.h1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "naslFamily": "Huawei EulerOS Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1659998956, "score": 1659983768}, "_internal": {"score_hash": "e307ab903628f30180a2b9a8d1a5b35b"}}

{"openvas": [{"lastseen": "2020-01-27T18:34:22", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2017-1047)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5408", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5401", "CVE-2017-5398", "CVE-2017-5428", "CVE-2017-5404", "CVE-2017-5402"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171047", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171047", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1047\");\n script_version(\"2020-01-23T15:42:05+0000\");\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\", \"CVE-2017-5428\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 15:42:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:46:18 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2017-1047)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1047\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1047\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'firefox' package(s) announced via the EulerOS-SA-2017-1047 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405, CVE-2017-5428)\");\n\n script_tag(name:\"affected\", value:\"'firefox' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~52.0~5.0.1.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T20:09:25", "description": "Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code, ASLR\nbypass, information disclosure or denial of service.", "cvss3": {}, "published": "2018-01-12T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for firefox-esr (DLA-852-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5408", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5401", "CVE-2017-5398", "CVE-2017-5404", "CVE-2017-5402"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310890852", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890852", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890852\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n script_name(\"Debian LTS: Security Advisory for firefox-esr (DLA-852-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-12 00:00:00 +0100 (Fri, 12 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/03/msg00009.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"firefox-esr on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n45.8.0esr-1~deb7u1.\n\nWe recommend that you upgrade your firefox-esr packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code, ASLR\nbypass, information disclosure or denial of service.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-dbg\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-dev\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ach\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-af\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-all\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-an\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ar\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-as\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ast\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-az\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bg\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-bd\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-in\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-br\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bs\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ca\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-cak\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-cs\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-cy\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-da\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-de\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-dsb\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-el\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-gb\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-za\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-eo\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-ar\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-cl\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-es\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-mx\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-et\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-eu\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fa\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ff\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fi\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fr\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fy-nl\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ga-ie\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gd\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gl\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gn\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gu-in\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-he\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hi-in\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hr\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hsb\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hu\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hy-am\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-id\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-is\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-it\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ja\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ka\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-kab\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-kk\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-km\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-kn\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ko\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-lij\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-lt\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-lv\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-mai\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-mk\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ml\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-mr\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ms\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-nb-no\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-nl\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-nn-no\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-or\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pa-in\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pl\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-br\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-pt\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-rm\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ro\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ru\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-si\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sk\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sl\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-son\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sq\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sr\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sv-se\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ta\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-te\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-th\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-tr\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-uk\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-uz\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-vi\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-xh\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-cn\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-tw\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-cak\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gn\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ka\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-kab\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"45.8.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:07", "description": "Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code, ASLR\nbypass, information disclosure or denial of service.", "cvss3": {}, "published": "2017-03-08T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3805-1 (firefox-esr - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5408", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5401", "CVE-2017-5398", "CVE-2017-5404", "CVE-2017-5402"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703805", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703805", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3805.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3805-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703805\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n script_name(\"Debian Security Advisory DSA 3805-1 (firefox-esr - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-08 00:00:00 +0100 (Wed, 08 Mar 2017)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3805.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"firefox-esr on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these problems have been fixed in\nversion 45.8.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 45.8.0esr-1 of firefox-esr and version 52.0-1 of firefox.\n\nWe recommend that you upgrade your firefox-esr packages.\");\n script_tag(name:\"summary\", value:\"Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code, ASLR\nbypass, information disclosure or denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"firefox-esr\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-dbg\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-dev\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ach\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-af\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-all\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-an\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ar\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-as\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ast\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-az\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-be\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bg\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-bd\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-in\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-br\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bs\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ca\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cs\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cy\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-da\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-de\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-dsb\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-el\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-gb\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-za\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eo\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-ar\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-cl\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-es\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-mx\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-et\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eu\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fa\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ff\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fi\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fr\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fy-nl\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ga-ie\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gd\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gl\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gn\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gu-in\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-he\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hi-in\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hr\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hsb\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hu\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hy-am\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-id\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-is\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-it\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ja\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kk\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-km\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kn\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ko\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lij\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lt\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lv\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mai\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mk\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ml\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mr\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ms\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nb-no\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nl\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nn-no\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-or\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pa-in\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pl\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-br\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-pt\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-rm\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ro\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ru\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-si\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sk\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sl\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-son\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sq\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sr\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sv-se\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ta\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-te\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-th\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-tr\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uk\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uz\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-vi\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-xh\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-cn\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-tw\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gn\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"45.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:56", "description": "Check the version of firefox", "cvss3": {}, "published": "2017-03-09T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2017:0459 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5408", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5401", "CVE-2017-5398", "CVE-2017-5404", "CVE-2017-5402"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882675", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882675", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2017:0459 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882675\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-09 05:01:08 +0100 (Thu, 09 Mar 2017)\");\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\",\n \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\",\n \"CVE-2017-5410\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2017:0459 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.8.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402,\nCVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David\nKohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence\nof Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon\nCoppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd as\nthe original reporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0459\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-March/022326.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.8.0~2.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:58", "description": "Check the version of thunderbird", "cvss3": {}, "published": "2017-03-16T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2017:0498 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5408", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5401", "CVE-2017-5398", "CVE-2017-5404", "CVE-2017-5402"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882681", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882681", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2017:0498 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882681\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-16 09:11:21 +0100 (Thu, 16 Mar 2017)\");\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\",\n \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\",\n \"CVE-2017-5410\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2017:0498 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail\nand newsgroup client.\n\nThis update upgrades Thunderbird to version 45.8.0.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402,\nCVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David\nKohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence\nof Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon\nCoppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd as\nthe original reporters.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0498\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-March/022338.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~45.8.0~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:04:24", "description": "This host is installed with Mozilla Firefox\n ESR and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-03-08T00:00:00", "type": "openvas", "title": "Mozilla Firefox ESR Security Updates(mfsa_2017-05_2017-07)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5408", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5401", "CVE-2017-5398", "CVE-2017-5404", "CVE-2017-5402"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310809899", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809899", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox ESR Security Updates(mfsa_2017-05_2017-07)-MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809899\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\",\n\t\t\"CVE-2017-5407\", \"CVE-2017-5410\", \"CVE-2017-5398\", \"CVE-2017-5408\",\n\t\t\"CVE-2017-5405\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-08 11:16:50 +0530 (Wed, 08 Mar 2017)\");\n script_name(\"Mozilla Firefox ESR Security Updates(mfsa_2017-05_2017-07)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n ESR and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - The asm.js JIT-spray bypass of ASLR and DEP.\n\n - The memory Corruption when handling ErrorResult.\n\n - An use-after-free working with events in FontFace objects.\n\n - An use-after-free working with ranges in selections.\n\n - The pixel and history stealing via floating-point timing side channel with SVG filters.\n\n - The memory corruption during JavaScript garbage collection incremental sweeping.\n\n - The file deletion via callback parameter in Mozilla Windows Updater and Maintenance Service.\n\n - The cross-origin reading of video captions in violation of CORS.\n\n - The FTP response codes can cause use of uninitialized values for ports.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote to\n execute arbitrary code, to delete arbitrary files by leveraging certain local\n file execution, to obtain sensitive information, and to cause a denial of\n service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version before 45.8 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR 45.8 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox-ESR/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"45.8\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"45.8\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:04", "description": "This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-03-08T00:00:00", "type": "openvas", "title": "Mozilla Thunderbird Security Updates(mfsa_2017-05_2017-07)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5408", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5401", "CVE-2017-5398", "CVE-2017-5404", "CVE-2017-5402"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310809312", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809312", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_thunderbird_mfsa_2017-05_2017-07_win.nasl 11888 2018-10-12 15:27:49Z cfischer $\n#\n# Mozilla Thunderbird Security Updates(mfsa_2017-05_2017-07)-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809312\");\n script_version(\"$Revision: 11888 $\");\n script_cve_id(\"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\",\n\t\t\"CVE-2017-5407\", \"CVE-2017-5410\", \"CVE-2017-5408\", \"CVE-2017-5405\",\n\t\t\"CVE-2017-5398\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 17:27:49 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-08 11:24:24 +0530 (Wed, 08 Mar 2017)\");\n script_name(\"Mozilla Thunderbird Security Updates(mfsa_2017-05_2017-07)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - asm.js JIT-spray bypass of ASLR and DEP.\n\n - Memory Corruption when handling ErrorResult.\n\n - Use-after-free working with events in FontFace objects.\n\n - Use-after-free using addRange to add range to an incorrect root object.\n\n - Use-after-free working with ranges in selections.\n\n - Segmentation fault in Skia with canvas operations.\n\n - Pixel and history stealing via floating-point timing side channel with SVG filters.\n\n - Memory corruption during JavaScript garbage collection incremental sweeping.\n\n - Use-after-free in Buffer Storage in libGLES.\n\n - File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service.\n\n - Cross-origin reading of video captions in violation of CORS.\n\n - Buffer overflow read in SVG filters.\n\n - Segmentation fault during bidirectional operations.\n\n - File picker can choose incorrect default directory.\n\n - Addressbar spoofing through blob URL.\n\n - Null dereference crash in HttpChannel.\n\n - Addressbar spoofing by dragging and dropping URLs.\n\n - Overly permissive Gecko Media Plugin sandbox regular expression access.\n\n - Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running.\n\n - Non-existent chrome.manifest file loaded during startup.\n\n - Out of bounds read when parsing HTTP digest authorization responses.\n\n - Repeated authentication prompts lead to DOS attack.\n\n - Javascript: URLs can obfuscate addressbar location.\n\n - FTP response codes can cause use of uninitialized values for ports.\n\n - Print preview spoofing.\n\n - DOS attack by using view-source: protocol repeatedly in one hyperlink.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to execute arbitrary code, to delete arbitrary files by leveraging certain local\n file execution, to obtain sensitive information, and to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird version before 45.8 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird 45.8 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Thunderbird/Win/Ver\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/thunderbird\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"45.8\"))\n{\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"45.8\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:04", "description": "Check the version of firefox", "cvss3": {}, "published": "2017-03-09T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2017:0461 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5408", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5401", "CVE-2017-5398", "CVE-2017-5404", "CVE-2017-5402"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882676", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882676", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2017:0461 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882676\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-09 05:01:16 +0100 (Thu, 09 Mar 2017)\");\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\",\n \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\",\n \"CVE-2017-5410\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2017:0461 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402,\nCVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David\nKohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence\nof Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon\nCoppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd as\nthe original reporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0461\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-March/022334.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~52.0~4.el7.centos\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-09T00:00:00", "type": "openvas", "title": "RedHat Update for firefox RHSA-2017:0461-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5408", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5401", "CVE-2017-5398", "CVE-2017-5404", "CVE-2017-5402"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871770", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871770", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2017:0461-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871770\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-09 05:00:23 +0100 (Thu, 09 Mar 2017)\");\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\",\n \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\",\n \"CVE-2017-5410\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for firefox RHSA-2017:0461-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402,\nCVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David\nKohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence\nof Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon\nCoppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd as\nthe original reporters.\");\n script_tag(name:\"affected\", value:\"firefox on\n Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0461-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-March/msg00021.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~52.0~4.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~52.0~4.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-14T00:00:00", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2017:0498-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5408", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5401", "CVE-2017-5398", "CVE-2017-5404", "CVE-2017-5402"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871772", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871772", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2017:0498-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871772\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-14 18:29:05 +0100 (Tue, 14 Mar 2017)\");\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\",\n \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\",\n \"CVE-2017-5410\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for thunderbird RHSA-2017:0498-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail\nand newsgroup client.\n\nThis update upgrades Thunderbird to version 45.8.0.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402,\nCVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David\nKohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence\nof Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon\nCoppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd as\nthe original reporters.\");\n script_tag(name:\"affected\", value:\"thunderbird on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0498-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-March/msg00023.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~45.8.0~1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~45.8.0~1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:08", "description": "Check the version of thunderbird", "cvss3": {}, "published": "2017-03-16T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2017:0498 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5408", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5401", "CVE-2017-5398", "CVE-2017-5404", "CVE-2017-5402"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882680", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882680", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2017:0498 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882680\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-16 09:11:10 +0100 (Thu, 16 Mar 2017)\");\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\",\n \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\",\n \"CVE-2017-5410\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2017:0498 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.8.0.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402,\nCVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David\nKohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence\nof Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon\nCoppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd as\nthe original reporters.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0498\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-March/022340.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~45.8.0~1.el7.centos\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:57:35", "description": "Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code, ASLR\nbypass, information disclosure or denial of service.", "cvss3": {}, "published": "2017-03-08T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3805-1 (firefox-esr - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5408", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5401", "CVE-2017-5398", "CVE-2017-5404", "CVE-2017-5402"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703805", "href": "http://plugins.openvas.org/nasl.php?oid=703805", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3805.nasl 6607 2017-07-07 12:04:25Z cfischer $\n# Auto-generated from advisory DSA 3805-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703805);\n script_version(\"$Revision: 6607 $\");\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n script_name(\"Debian Security Advisory DSA 3805-1 (firefox-esr - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:04:25 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-03-08 00:00:00 +0100 (Wed, 08 Mar 2017)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3805.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"firefox-esr on Debian Linux\");\n script_tag(name: \"insight\", value: \"Firefox ESR is a powerful, extensible web browser with support for modern\nweb application technologies.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 45.8.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 45.8.0esr-1 of firefox-esr and version 52.0-1 of firefox.\n\nWe recommend that you upgrade your firefox-esr packages.\");\n script_tag(name: \"summary\", value: \"Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code, ASLR\nbypass, information disclosure or denial of service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"firefox-esr\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-dbg\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-dev\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ach\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-af\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-all\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-an\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ar\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-as\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ast\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-az\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-be\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bg\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-bd\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-in\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-br\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bs\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ca\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cs\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cy\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-da\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-de\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-dsb\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-el\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-gb\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-za\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eo\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-ar\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-cl\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-es\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-mx\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-et\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eu\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fa\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ff\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fi\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fr\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fy-nl\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ga-ie\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gd\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gl\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gn\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gu-in\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-he\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hi-in\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hr\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hsb\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hu\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hy-am\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-id\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-is\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-it\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ja\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kk\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-km\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kn\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ko\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lij\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lt\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lv\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mai\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mk\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ml\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mr\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ms\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nb-no\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nl\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nn-no\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-or\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pa-in\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pl\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-br\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-pt\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-rm\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ro\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ru\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-si\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sk\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sl\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-son\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sq\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sr\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sv-se\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ta\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-te\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-th\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-tr\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uk\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uz\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-vi\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-xh\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-cn\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-tw\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gn\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"45.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-05-29T18:33:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-3233-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5408", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5401", "CVE-2017-5398", "CVE-2017-5404", "CVE-2017-5402"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843109", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843109", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for thunderbird USN-3233-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843109\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-25 05:50:41 +0100 (Sat, 25 Mar 2017)\");\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\",\n \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\",\n \"CVE-2017-5410\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for thunderbird USN-3233-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered in\n Thunderbird. If a user were tricked in to opening a specially crafted website in\n a browsing context, an attacker could potentially exploit these to bypass same\n origin restrictions, obtain sensitive information, cause a denial of service via\n application crash or hang, or execute arbitrary code. (CVE-2017-5398,\n CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5405,\n CVE-2017-5407, CVE-2017-5408, CVE-2017-5410)\");\n script_tag(name:\"affected\", value:\"thunderbird on Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3233-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3233-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.10|12\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:45.8.0+build1-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:45.8.0+build1-0ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:45.8.0+build1-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:45.8.0+build1-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-09T00:00:00", "type": "openvas", "title": "RedHat Update for firefox RHSA-2017:0459-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5408", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5401", "CVE-2017-5398", "CVE-2017-5404", "CVE-2017-5402"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871771", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871771", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2017:0459-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871771\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-09 05:00:36 +0100 (Thu, 09 Mar 2017)\");\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\",\n \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\",\n \"CVE-2017-5410\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for firefox RHSA-2017:0459-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.8.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402,\nCVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David\nKohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence\nof Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon\nCoppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd as\nthe original reporters.\");\n script_tag(name:\"affected\", value:\"firefox on\n Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0459-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-March/msg00022.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.8.0~2.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~45.8.0~2.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.8.0~2.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~45.8.0~2.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:52", "description": "Check the version of thunderbird", "cvss3": {}, "published": "2017-03-16T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2017:0498 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5408", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5401", "CVE-2017-5398", "CVE-2017-5404", "CVE-2017-5402"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882679", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882679", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2017:0498 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882679\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-16 09:11:00 +0100 (Thu, 16 Mar 2017)\");\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\",\n \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\",\n \"CVE-2017-5410\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2017:0498 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail\nand newsgroup client.\n\nThis update upgrades Thunderbird to version 45.8.0.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402,\nCVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David\nKohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence\nof Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon\nCoppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd as\nthe original reporters.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0498\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-March/022339.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~45.8.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:11", "description": "Check the version of firefox", "cvss3": {}, "published": "2017-03-09T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2017:0459 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5408", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5401", "CVE-2017-5398", "CVE-2017-5404", "CVE-2017-5402"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882677", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882677", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2017:0459 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882677\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-09 05:01:26 +0100 (Thu, 09 Mar 2017)\");\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\",\n \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\",\n \"CVE-2017-5410\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2017:0459 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.8.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402,\nCVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David\nKohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence\nof Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon\nCoppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd as\nthe original reporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0459\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-March/022327.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.8.0~2.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-06-25T14:48:34", "description": "This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-03-08T00:00:00", "type": "openvas", "title": "Mozilla Thunderbird Security Updates(mfsa_2017-05_2017-07)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5408", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5401", "CVE-2017-5398", "CVE-2017-5404", "CVE-2017-5402"], "modified": "2019-06-25T00:00:00", "id": "OPENVAS:1361412562310809348", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809348", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Thunderbird Security Updates(mfsa_2017-05_2017-07)-MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809348\");\n script_version(\"2019-06-25T08:25:15+0000\");\n script_cve_id(\"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\",\n\t\t\"CVE-2017-5407\", \"CVE-2017-5410\", \"CVE-2017-5408\", \"CVE-2017-5405\",\n\t\t\"CVE-2017-5398\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-06-25 08:25:15 +0000 (Tue, 25 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-08 11:26:44 +0530 (Wed, 08 Mar 2017)\");\n script_name(\"Mozilla Thunderbird Security Updates(mfsa_2017-05_2017-07)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - asm.js JIT-spray bypass of ASLR and DEP.\n\n - Memory Corruption when handling ErrorResult.\n\n - Use-after-free working with events in FontFace objects.\n\n - Use-after-free using addRange to add range to an incorrect root object.\n\n - Use-after-free working with ranges in selections.\n\n - Segmentation fault in Skia with canvas operations.\n\n - Pixel and history stealing via floating-point timing side channel with SVG filters.\n\n - Memory corruption during JavaScript garbage collection incremental sweeping.\n\n - Use-after-free in Buffer Storage in libGLES.\n\n - File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service.\n\n - Cross-origin reading of video captions in violation of CORS.\n\n - Buffer overflow read in SVG filters.\n\n - Segmentation fault during bidirectional operations.\n\n - File picker can choose incorrect default directory.\n\n - Addressbar spoofing through blob URL.\n\n - Null dereference crash in HttpChannel.\n\n - Addressbar spoofing by dragging and dropping URLs.\n\n - Overly permissive Gecko Media Plugin sandbox regular expression access.\n\n - Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running.\n\n - Non-existent chrome.manifest file loaded during startup.\n\n - Out of bounds read when parsing HTTP digest authorization responses.\n\n - Repeated authentication prompts lead to DOS attack.\n\n - Javascript: URLs can obfuscate addressbar location.\n\n - FTP response codes can cause use of uninitialized values for ports.\n\n - Print preview spoofing.\n\n - DOS attack by using view-source: protocol repeatedly in one hyperlink.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to execute arbitrary code, to delete arbitrary files by leveraging certain local\n file execution, to obtain sensitive information, and to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird version before 45.8 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird 45.8 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Thunderbird/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/thunderbird\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"45.8\"))\n{\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"45.8\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:04:29", "description": "This host is installed with Mozilla Firefox\n ESR and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-03-08T00:00:00", "type": "openvas", "title": "Mozilla Firefox ESR Security Updates(mfsa_2017-05_2017-07)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5408", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5401", "CVE-2017-5398", "CVE-2017-5404", "CVE-2017-5402", "CVE-2017-5409"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310809887", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809887", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox ESR Security Updates(mfsa_2017-05_2017-07)-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809887\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\",\n\t\t\"CVE-2017-5407\", \"CVE-2017-5410\", \"CVE-2017-5409\", \"CVE-2017-5408\",\n\t\t\"CVE-2017-5405\", \"CVE-2017-5398\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-08 11:16:18 +0530 (Wed, 08 Mar 2017)\");\n script_name(\"Mozilla Firefox ESR Security Updates(mfsa_2017-05_2017-07)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n ESR and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - The asm.js JIT-spray bypass of ASLR and DEP.\n\n - A memory Corruption when handling ErrorResult.\n\n - An use-after-free working with events in FontFace objects.\n\n - An use-after-free working with ranges in selections.\n\n - A pixel and history stealing via floating-point timing side channel with SVG filters.\n\n - A memory corruption during JavaScript garbage collection incremental sweeping.\n\n - The file deletion via callback parameter in Mozilla Windows Updater and Maintenance Service.\n\n - Cross-origin reading of video captions in violation of CORS.\n\n - The FTP response codes can cause use of uninitialized values for ports.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to execute arbitrary code, to delete arbitrary files by leveraging certain local\n file execution, to obtain sensitive information, and to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version before 45.8 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR 45.8 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"45.8\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"45.8\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T20:10:57", "description": "Multiple security issues have been found in the Mozilla Thunderbird mail\nclient: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or spoofing.\n\nWith version 45.8 Debian drops it", "cvss3": {}, "published": "2018-01-17T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for icedove/thunderbird (DLA-896-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5408", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5383", "CVE-2017-5405", "CVE-2017-5373", "CVE-2017-5396", "CVE-2017-5378", "CVE-2017-5401", "CVE-2017-5380", "CVE-2017-5390", "CVE-2017-5398", "CVE-2017-5404", "CVE-2017-5376", "CVE-2017-5375", "CVE-2017-5402"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310890896", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890896", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890896\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\", \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5390\", \"CVE-2017-5396\", \"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n script_name(\"Debian LTS: Security Advisory for icedove/thunderbird (DLA-896-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-17 00:00:00 +0100 (Wed, 17 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/04/msg00021.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"icedove on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1:45.8.0-3~deb7u1.\n\nWe recommend that you upgrade your icedove packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple security issues have been found in the Mozilla Thunderbird mail\nclient: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or spoofing.\n\nWith version 45.8 Debian drops it's custom branding from the Icedove package\nand ships the mail client as Thunderbird again.\n\nTransition packages for the Icedove packages are provided which\nautomatically upgrade to the new version. Since new binary packages need\nto be installed, make sure to allow that in your upgrade procedure (e.g.\nby using apt-get dist-upgrade instead of apt-get upgrade).\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-all\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ar\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ast\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-be\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-bg\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-bn-bd\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-br\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ca\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-cs\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-da\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-de\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-dsb\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-el\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-en-gb\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-es-ar\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-es-es\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-et\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-eu\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-fi\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-fr\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-fy-nl\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ga-ie\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-gd\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-gl\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-he\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-hr\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-hsb\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-hu\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-hy-am\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-id\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-is\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-it\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ja\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-kab\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ko\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-lt\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-nb-no\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-nl\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-nn-no\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-pa-in\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-pl\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-pt-br\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-pt-pt\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-rm\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ro\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ru\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-si\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sk\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sl\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sq\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sr\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sv-se\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ta-lk\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-tr\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-uk\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-vi\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-zh-cn\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-zh-tw\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ar\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ast\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-be\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-bg\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-bn-bd\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-br\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ca\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-cs\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-cy\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-da\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-de\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-dsb\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-el\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-en-gb\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-es-ar\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-es-es\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-et\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-eu\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-fi\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-fr\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-fy-nl\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ga-ie\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-gd\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-gl\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-he\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-hr\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-hsb\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-hu\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-hy-am\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-id\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-is\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-it\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ja\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-kab\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ko\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-lt\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-nb-no\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-nl\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-nn-no\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-pa-in\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-pl\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-pt-br\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-pt-pt\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-rm\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ro\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ru\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-si\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sk\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sl\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sq\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sr\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sv-se\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ta-lk\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-tr\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-uk\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-vi\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-zh-cn\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-zh-tw\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ar\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ast\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-be\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-bg\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-bn-bd\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-br\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ca\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-cs\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-cy\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-da\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-de\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-dsb\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-el\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-en-gb\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-es-ar\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-es-es\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-et\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-eu\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-fi\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-fr\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-fy-nl\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ga-ie\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-gd\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-gl\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-he\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hr\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hsb\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hu\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hy-am\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-id\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-is\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-it\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ja\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-kab\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ko\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-lt\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-nb-no\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-nl\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-nn-no\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pa-in\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pl\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pt-br\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pt-pt\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-rm\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ro\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ru\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-si\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sk\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sl\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sq\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sr\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sv-se\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ta-lk\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-tr\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-uk\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-vi\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-zh-cn\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-zh-tw\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-all\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ar\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ast\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-be\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-bg\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-bn-bd\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-br\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ca\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-cs\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-da\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-de\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-dsb\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-el\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-en-gb\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-es-ar\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-es-es\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-et\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-eu\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-fi\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-fr\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-fy-nl\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ga-ie\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-gd\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-gl\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-he\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hr\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hsb\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hu\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hy-am\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-id\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-is\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-it\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ja\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-kab\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ko\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-lt\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-nb-no\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-nl\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-nn-no\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pa-in\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pl\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pt-br\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pt-pt\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-rm\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ro\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ru\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-si\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sk\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sl\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sq\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sr\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sv-se\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ta-lk\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-tr\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-uk\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-vi\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-zh-cn\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-zh-tw\", ver:\"1:45.8.0-3~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:18", "description": "Multiple security issues have been found in Thunderbird, which may may\nlead to the execution of arbitrary code or information leaks.\n\nWith this update, the Icedove packages are de-branded back to the official\nMozilla branding. With the removing of the Debian branding the packages\nare also renamed back to the official names used by Mozilla.\n\nThe Thunderbird package is using a different default profile folder,\nthe default profile folder is now ", "cvss3": {}, "published": "2017-04-20T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3832-1 (icedove - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5408", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5383", "CVE-2017-5405", "CVE-2017-5373", "CVE-2017-5396", "CVE-2017-5378", "CVE-2017-5401", "CVE-2017-5380", "CVE-2017-5390", "CVE-2017-5398", "CVE-2017-5404", "CVE-2017-5376", "CVE-2017-5375", "CVE-2017-5402"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703832", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703832", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3832.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3832-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703832\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\", \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5390\", \"CVE-2017-5396\", \"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n script_name(\"Debian Security Advisory DSA 3832-1 (icedove - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-20 00:00:00 +0200 (Thu, 20 Apr 2017)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3832.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"icedove on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these problems have been fixed in\nversion 1:45.8.0-3~deb8u1.\n\nWe recommend that you upgrade your icedove packages.\");\n script_tag(name:\"summary\", value:\"Multiple security issues have been found in Thunderbird, which may may\nlead to the execution of arbitrary code or information leaks.\n\nWith this update, the Icedove packages are de-branded back to the official\nMozilla branding. With the removing of the Debian branding the packages\nare also renamed back to the official names used by Mozilla.\n\nThe Thunderbird package is using a different default profile folder,\nthe default profile folder is now '$(HOME)/.thunderbird'\n.\nThe users profile folder, that was used in Icedove, will get migrated\nto the new profile folder on the first start, that can take a little bit\nmore time.\n\nPlease read README.Debian for getting more information about the\nchanges.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-all\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ar\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ast\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-be\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-bg\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-bn-bd\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-br\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ca\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-cs\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-da\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-de\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-el\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-en-gb\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-es-ar\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-es-es\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-et\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-eu\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-fi\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-fr\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-fy-nl\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ga-ie\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-gd\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-gl\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-he\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-hr\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-hu\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-hy-am\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-id\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-is\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-it\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ja\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ko\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-lt\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-nb-no\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-nl\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-nn-no\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-pa-in\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-pl\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-pt-br\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-pt-pt\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-rm\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ro\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ru\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-si\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sk\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sl\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sq\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sr\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sv-se\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ta-lk\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-tr\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-uk\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-vi\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-zh-cn\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-zh-tw\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ar\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-be\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-bg\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-bn-bd\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-br\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ca\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-cs\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-cy\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-da\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-de\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-el\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-en-gb\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-es-ar\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-es-es\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-et\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-eu\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-fi\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-fr\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-fy-nl\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ga-ie\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-gd\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-gl\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-he\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-hr\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-hu\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-hy-am\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-id\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-is\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-it\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ja\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ko\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-lt\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-nb-no\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-nl\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-nn-no\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-pa-in\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-pl\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-br\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-pt\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-rm\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ro\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ru\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-si\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sk\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sl\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sq\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sr\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sv-se\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ta-lk\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-tr\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-uk\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-vi\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-cn\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-tw\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ar\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-be\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-bg\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-bn-bd\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-br\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ca\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-cs\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-cy\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-da\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-de\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-el\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-en-gb\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-es-ar\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-es-es\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-et\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-eu\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-fi\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-fr\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-fy-nl\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ga-ie\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-gd\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-gl\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-he\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-hr\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-hu\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-hy-am\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-id\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-is\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-it\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ja\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ko\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-lt\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-nb-no\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-nl\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-nn-no\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-pa-in\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-pl\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-pt-br\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-pt-pt\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-rm\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ro\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ru\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-si\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-sk\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-sl\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-sq\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-sr\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-sv-se\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-ta-lk\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-tr\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-uk\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-vi\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-zh-cn\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lightning-l10n-zh-tw\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-dbg\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-all\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ar\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ast\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-be\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-bg\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-bn-bd\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-br\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ca\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-cs\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-da\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-de\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-el\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-en-gb\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-es-ar\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-es-es\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-et\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-eu\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-fi\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-fr\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-fy-nl\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ga-ie\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-gd\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-gl\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-he\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-hr\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-hu\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-hy-am\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-id\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-is\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-it\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ja\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ko\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-lt\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-nb-no\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-nl\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-nn-no\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-pa-in\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-pl\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-pt-br\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-pt-pt\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-rm\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ro\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ru\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-si\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-sk\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-sl\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-sq\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-sr\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-sv-se\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-ta-lk\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-tr\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-uk\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-vi\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-zh-cn\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"thunderbird-l10n-zh-tw\", ver:\"1:45.8.0-3~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:57:52", "description": "Multiple security issues have been found in Thunderbird, which may may\nlead to the execution of arbitrary code or information leaks.\n\nWith this update, the Icedove packages are de-branded back to the official\nMozilla branding. With the removing of the Debian branding the packages\nare also renamed back to the official names used by Mozilla.\n\nThe Thunderbird package is using a different default profile folder,\nthe default profile folder is now ", "cvss3": {}, "published": "2017-04-20T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3832-1 (icedove - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5408", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5383", "CVE-2017-5405", "CVE-2017-5373", "CVE-2017-5396", "CVE-2017-5378", "CVE-2017-5401", "CVE-2017-5380", "CVE-2017-5390", "CVE-2017-5398", "CVE-2017-5404", "CVE-2017-5376", "CVE-2017-5375", "CVE-2017-5402"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703832", "href": "http://plugins.openvas.org/nasl.php?oid=703832", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3832.nasl 6607 2017-07-07 12:04:25Z cfischer $\n# Auto-generated from advisory DSA 3832-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703832);\n script_version(\"$Revision: 6607 $\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\", \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5390\", \"CVE-2017-5396\", \"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n script_name(\"Debian Security Advisory DSA 3832-1 (icedove - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:04:25 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-04-20 00:00:00 +0200 (Thu, 20 Apr 2017)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3832.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"icedove on Debian Linux\");\n script_tag(name: \"insight\", value: \"Icedove is an unbranded Thunderbird mail client suitable for free\ndistribution. It supports different mail accounts (POP, IMAP, Gmail), has an\nintegrated learning Spam filter, and offers easy organization of mails with\ntagging and virtual folders. Also, more features can be added by installing\nextensions.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 1:45.8.0-3~deb8u1.\n\nWe recommend that you upgrade your icedove packages.\");\n script_tag(name: \"summary\", value: \"Multiple security issues have been found in Thunderbird, which may may\nlead to the execution of arbitrary code or information leaks.\n\nWith this update, the Icedove packages are de-branded back to the official\nMozilla branding. With the removing of the Debian branding the packages\nare also renamed back to the official names used by Mozilla.\n\nThe Thunderbird package is using a different default profile folder,\nthe default profile folder is now '$(HOME)/.thunderbird' \n.\nThe users profile folder, that was used in Icedove, will get migrated\nto the new profile folder on the first start, that can take a little bit\nmore time.\n\nPlease read README.Debian for getting more information about the\nchanges.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-all\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ar\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ast\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-be\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-bg\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-bn-bd\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-br\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ca\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-cs\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-da\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-de\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-el\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-en-gb\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-es-ar\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-es-es\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-et\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-eu\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-fi\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-fr\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-fy-nl\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ga-ie\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-gd\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-gl\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-he\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-hr\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-hu\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-hy-am\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-id\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-is\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-it\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ja\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ko\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-lt\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-nb-no\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-nl\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-nn-no\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pa-in\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pl\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pt-br\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pt-pt\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-rm\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ro\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ru\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-si\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sk\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sl\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sq\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sr\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sv-se\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ta-lk\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-tr\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-uk\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-vi\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-zh-cn\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-zh-tw\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ar\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-be\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-bg\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-bn-bd\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-br\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ca\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-cs\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-cy\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-da\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-de\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-el\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-en-gb\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-es-ar\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-es-es\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-et\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-eu\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-fi\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-fr\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-fy-nl\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ga-ie\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-gd\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-gl\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-he\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-hr\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-hu\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-hy-am\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-id\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-is\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-it\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ja\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ko\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-lt\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-nb-no\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-nl\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-nn-no\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pa-in\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pl\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-br\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-pt\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-rm\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ro\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ru\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-si\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sk\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sl\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sq\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sr\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sv-se\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ta-lk\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-tr\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-uk\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-vi\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-cn\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-tw\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-ar\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-be\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-bg\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-bn-bd\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-br\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-ca\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-cs\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-cy\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-da\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-de\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-el\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-en-gb\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-es-ar\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-es-es\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-et\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-eu\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-fi\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-fr\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-fy-nl\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-ga-ie\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-gd\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-gl\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-he\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-hr\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-hu\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-hy-am\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-id\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-is\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-it\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-ja\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-ko\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-lt\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-nb-no\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-nl\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-nn-no\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-pa-in\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-pl\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-pt-br\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-pt-pt\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-rm\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-ro\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-ru\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-si\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-sk\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-sl\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-sq\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-sr\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-sv-se\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-ta-lk\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-tr\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-uk\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-vi\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-zh-cn\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lightning-l10n-zh-tw\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-dbg\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-all\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-ar\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-ast\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-be\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-bg\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-bn-bd\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-br\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-ca\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-cs\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-da\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-de\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-el\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-en-gb\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-es-ar\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-es-es\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-et\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-eu\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-fi\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-fr\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-fy-nl\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-ga-ie\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-gd\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-gl\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-he\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-hr\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-hu\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-hy-am\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-id\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-is\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-it\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-ja\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-ko\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-lt\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-nb-no\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-nl\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-nn-no\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-pa-in\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-pl\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-pt-br\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-pt-pt\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-rm\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-ro\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-ru\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-si\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-sk\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-sl\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-sq\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-sr\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-sv-se\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-ta-lk\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-tr\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-uk\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-vi\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-zh-cn\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-l10n-zh-tw\", ver:\"1:45.8.0-3~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-06-25T14:48:51", "description": "This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-04-11T00:00:00", "type": "openvas", "title": "Mozilla Thunderbird Security Updates( mfsa_2017-09_2017-09 )-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5412", "CVE-2017-5408", "CVE-2017-5422", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5406", "CVE-2017-5403", "CVE-2017-5401", "CVE-2017-5414", "CVE-2017-5421", "CVE-2017-5413", "CVE-2017-5398", "CVE-2017-5418", "CVE-2017-5425", "CVE-2017-5404", "CVE-2017-5416", "CVE-2017-5419", "CVE-2017-5399", "CVE-2017-5402"], "modified": "2019-06-25T00:00:00", "id": "OPENVAS:1361412562310810838", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810838", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Thunderbird Security Updates( mfsa_2017-09_2017-09 )-MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810838\");\n script_version(\"2019-06-25T08:25:15+0000\");\n script_cve_id(\"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5403\",\n\t\t\"CVE-2017-5404\", \"CVE-2017-5406\", \"CVE-2017-5407\", \"CVE-2017-5410\",\n\t\t\"CVE-2017-5398\", \"CVE-2017-5408\", \"CVE-2017-5412\", \"CVE-2017-5413\",\n\t\t\"CVE-2017-5414\", \"CVE-2017-5416\", \"CVE-2017-5425\", \"CVE-2017-5399\",\n\t\t\"CVE-2017-5418\", \"CVE-2017-5419\", \"CVE-2017-5405\", \"CVE-2017-5421\",\n\t\t\"CVE-2017-5422\");\n script_bugtraq_id(96654, 96677, 96664, 96691, 96692, 96693, 96694, 96651);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-06-25 08:25:15 +0000 (Tue, 25 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-04-11 10:24:42 +0530 (Tue, 11 Apr 2017)\");\n script_name(\"Mozilla Thunderbird Security Updates( mfsa_2017-09_2017-09 )-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - asm.js JIT-spray bypass of ASLR and DEP.\n\n - Memory Corruption when handling ErrorResult.\n\n - Use-after-free working with events in FontFace objects.\n\n - Use-after-free using addRange to add range to an incorrect root object.\n\n - Use-after-free working with ranges in selections.\n\n - Segmentation fault in Skia with canvas operations.\n\n - Pixel and history stealing via floating-point timing side channel with SVG filters.\n\n - Memory corruption during JavaScript garbage collection incremental sweeping.\n\n - Use-after-free in Buffer Storage in libGLES.\n\n - Cross-origin reading of video captions in violation of CORS.\n\n - Buffer overflow read in SVG filters.\n\n - Segmentation fault during bidirectional operations.\n\n - File picker can choose incorrect default directory.\n\n - Null dereference crash in HttpChannel.\n\n - Overly permissive Gecko Media Plugin sandbox regular expression access.\n\n - Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running.\n\n - Out of bounds read when parsing HTTP digest authorization responses.\n\n - Repeated authentication prompts lead to DOS attack.\n\n - FTP response codes can cause use of uninitialized values for ports.\n\n - Print preview spoofing.\n\n - DOS attack by using view-source: protocol repeatedly in one hyperlink.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to execute arbitrary code, to delete arbitrary files\n by leveraging certain local file execution, to obtain sensitive information,\n and to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird version before 52.0 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird version 52.0.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Thunderbird/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"52.0\"))\n{\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"52.0\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:18", "description": "This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-04-11T00:00:00", "type": "openvas", "title": "Mozilla Thunderbird Security Updates( mfsa_2017-09_2017-09 )-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5412", "CVE-2017-5408", "CVE-2017-5422", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5406", "CVE-2017-5403", "CVE-2017-5401", "CVE-2017-5414", "CVE-2017-5421", "CVE-2017-5413", "CVE-2017-5398", "CVE-2017-5418", "CVE-2017-5404", "CVE-2017-5416", "CVE-2017-5419", "CVE-2017-5411", "CVE-2017-5399", "CVE-2017-5402"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310810837", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810837", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_thunderbird_mfsa_2017-09_2017-09_win.nasl 11888 2018-10-12 15:27:49Z cfischer $\n#\n# Mozilla Thunderbird Security Updates( mfsa_2017-09_2017-09 )-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810837\");\n script_version(\"$Revision: 11888 $\");\n script_cve_id(\"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5403\",\n\t\t\"CVE-2017-5404\", \"CVE-2017-5406\", \"CVE-2017-5407\", \"CVE-2017-5410\",\n\t\t\"CVE-2017-5411\", \"CVE-2017-5408\", \"CVE-2017-5412\", \"CVE-2017-5413\",\n\t\t\"CVE-2017-5414\", \"CVE-2017-5416\", \"CVE-2017-5398\", \"CVE-2017-5399\",\n\t\t\"CVE-2017-5418\", \"CVE-2017-5419\", \"CVE-2017-5405\", \"CVE-2017-5421\",\n\t\t\"CVE-2017-5422\");\n script_bugtraq_id(96654, 96677, 96664, 96691, 96692, 96693, 96694, 96651);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 17:27:49 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-11 10:18:00 +0530 (Tue, 11 Apr 2017)\");\n script_name(\"Mozilla Thunderbird Security Updates( mfsa_2017-09_2017-09 )-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - asm.js JIT-spray bypass of ASLR and DEP.\n\n - Memory Corruption when handling ErrorResult.\n\n - Use-after-free working with events in FontFace objects.\n\n - Use-after-free using addRange to add range to an incorrect root object.\n\n - Use-after-free working with ranges in selections.\n\n - Segmentation fault in Skia with canvas operations.\n\n - Pixel and history stealing via floating-point timing side channel with SVG filters.\n\n - Memory corruption during JavaScript garbage collection incremental sweeping.\n\n - Use-after-free in Buffer Storage in libGLES.\n\n - Cross-origin reading of video captions in violation of CORS.\n\n - Buffer overflow read in SVG filters.\n\n - Segmentation fault during bidirectional operations.\n\n - File picker can choose incorrect default directory.\n\n - Null dereference crash in HttpChannel.\n\n - Overly permissive Gecko Media Plugin sandbox regular expression access.\n\n - Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running.\n\n - Out of bounds read when parsing HTTP digest authorization responses.\n\n - Repeated authentication prompts lead to DOS attack.\n\n - FTP response codes can cause use of uninitialized values for ports.\n\n - Print preview spoofing.\n\n - DOS attack by using view-source: protocol repeatedly in one hyperlink.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to execute arbitrary code, to delete arbitrary files\n by leveraging certain local file execution, to obtain sensitive information,\n and to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird version before 52.0 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird version 52.0 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Thunderbird/Win/Ver\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/thunderbird\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"52.0\"))\n{\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"52.0\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-04T17:34:47", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-14T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2017:0690-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5412", "CVE-2017-5408", "CVE-2017-5422", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5427", "CVE-2017-5406", "CVE-2017-5403", "CVE-2017-5401", "CVE-2017-5414", "CVE-2017-5421", "CVE-2017-5413", "CVE-2017-5398", "CVE-2017-5420", "CVE-2017-5426", "CVE-2017-5418", "CVE-2017-5404", "CVE-2017-5416", "CVE-2017-5419", "CVE-2017-5415", "CVE-2017-5399", "CVE-2017-5417", "CVE-2017-5402"], "modified": "2020-06-03T00:00:00", "id": "OPENVAS:1361412562310851523", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851523", "sourceData": " # Copyright (C) 2017 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851523\");\n script_version(\"2020-06-03T08:38:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-03 08:38:58 +0000 (Wed, 03 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-14 18:29:26 +0100 (Tue, 14 Mar 2017)\");\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5399\", \"CVE-2017-5400\", \"CVE-2017-5401\",\n \"CVE-2017-5402\", \"CVE-2017-5403\", \"CVE-2017-5404\", \"CVE-2017-5405\",\n \"CVE-2017-5406\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\",\n \"CVE-2017-5412\", \"CVE-2017-5413\", \"CVE-2017-5414\", \"CVE-2017-5415\",\n \"CVE-2017-5416\", \"CVE-2017-5417\", \"CVE-2017-5418\", \"CVE-2017-5419\",\n \"CVE-2017-5420\", \"CVE-2017-5421\", \"CVE-2017-5422\", \"CVE-2017-5426\",\n \"CVE-2017-5427\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2017:0690-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MozillaFirefox'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for MozillaFirefox and mozilla-nss fixes the following issues:\n\n MozillaFirefox was updated to Firefox 52.0 (boo#1028391)\n\n * requires NSS = 3.28.3\n\n * Pages containing insecure password fields now display a warning\n directly within username and password fields.\n\n * Send and open a tab from one device to another with Sync\n\n * Removed NPAPI support for plugins other than Flash. Silverlight, Java,\n Acrobat and the like are no longer supported.\n\n * Removed Battery Status API to reduce fingerprinting of users by\n trackers\n\n * MFSA 2017-05 CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP\n (bmo#1334933) CVE-2017-5401: Memory Corruption when handling\n ErrorResult (bmo#1328861) CVE-2017-5402: Use-after-free working with\n events in FontFace\n objects (bmo#1334876) CVE-2017-5403: Use-after-free\n using addRange to add range to an incorrect root object (bmo#1340186)\n CVE-2017-5404: Use-after-free working with ranges in selections\n (bmo#1340138) CVE-2017-5406: Segmentation fault in Skia with canvas\n operations (bmo#1306890) CVE-2017-5407: Pixel and history stealing via\n floating-point timing side channel with SVG filters (bmo#1336622)\n CVE-2017-5410: Memory corruption during JavaScript garbage collection\n incremental sweeping (bmo#1330687) CVE-2017-5408: Cross-origin reading of\n video captions in violation\n of CORS (bmo#1313711) CVE-2017-5412: Buffer overflow\n read in SVG filters (bmo#1328323) CVE-2017-5413: Segmentation fault during\n bidirectional operations (bmo#1337504) CVE-2017-5414: File picker can\n choose incorrect default directory (bmo#1319370) CVE-2017-5415: Addressbar\n spoofing through blob URL (bmo#1321719) CVE-2017-5416: Null dereference\n crash in HttpChannel (bmo#1328121) CVE-2017-5417: Addressbar spoofing by\n dragging and dropping URLs (bmo#791597) CVE-2017-5426: Gecko Media Plugin\n sandbox is not started if seccomp-bpf filter is running (bmo#1257361)\n CVE-2017-5427: Non-existent chrome.manifest file loaded during startup\n (bmo#1295542) CVE-2017-5418: Out of bounds read when parsing HTTP digest\n authorization responses (bmo#1338876) CVE-2017-5419: Repeated\n authentication prompts lead to DOS attack (bmo#1312243) CVE-2017-5420:\n Javascript: URLs can obfuscate addressbar location (bmo#1284395)\n CVE-2017-5405: FTP response codes can cause use of uninitialized values\n for ports (bmo#1336699) CVE-2017-5421: Print preview spoofing\n (bmo#1301876) CVE-2017-5422: DOS attack by using view-source: protocol\n repeatedly in one hyperlink (bmo#1295002) CVE-2017-5399: Memory safety\n bugs fixed in Firefox 52 CVE-2017-5398 ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"MozillaFirefox, on openSUSE Leap 42.2, openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0690-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.1)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~52.0~55.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~52.0~55.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~52.0~55.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~52.0~55.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~52.0~55.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~52.0~55.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~52.0~55.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~52.0~55.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk\", rpm:\"java-1_8_0-openjdk~1.8.0.121~8.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-accessibility\", rpm:\"java-1_8_0-openjdk-accessibility~1.8.0.121~8.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-debuginfo\", rpm:\"java-1_8_0-openjdk-debuginfo~1.8.0.121~8.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-debugsource\", rpm:\"java-1_8_0-openjdk-debugsource~1.8.0.121~8.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-demo\", rpm:\"java-1_8_0-openjdk-demo~1.8.0.121~8.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-demo-debuginfo\", rpm:\"java-1_8_0-openjdk-demo-debuginfo~1.8.0.121~8.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-devel\", rpm:\"java-1_8_0-openjdk-devel~1.8.0.121~8.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-devel-debuginfo\", rpm:\"java-1_8_0-openjdk-devel-debuginfo~1.8.0.121~8.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-headless\", rpm:\"java-1_8_0-openjdk-headless~1.8.0.121~8.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-headless-debuginfo\", rpm:\"java-1_8_0-openjdk-headless-debuginfo~1.8.0.121~8.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-src\", rpm:\"java-1_8_0-openjdk-src~1.8.0.121~8.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.28.3~38.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo\", rpm:\"libfreebl3-debuginfo~3.28.3~38.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3\", rpm:\"libsoftokn3~3.28.3~38.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo\", rpm:\"libsoftokn3-debuginfo~3.28.3~38.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.28.3~38.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs\", rpm:\"mozilla-nss-certs~3.28.3~38.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo\", rpm:\"mozilla-nss-certs-debuginfo~3.28.3~38.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo\", rpm:\"mozilla-nss-debuginfo~3.28.3~38.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debugsource\", rpm:\"mozilla-nss-debugsource~3.28.3~38.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-devel\", rpm:\"mozilla-nss-devel~3.28.3~38.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit\", rpm:\"mozilla-nss-sysinit~3.28.3~38.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo\", rpm:\"mozilla-nss-sysinit-debuginfo~3.28.3~38.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.28.3~38.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools-debuginfo\", rpm:\"mozilla-nss-tools-debuginfo~3.28.3~38.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-javadoc\", rpm:\"java-1_8_0-openjdk-javadoc~1.8.0.121~8.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.28.3~38.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo-32bit\", rpm:\"libfreebl3-debuginfo-32bit~3.28.3~38.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-32bit\", rpm:\"libsoftokn3-32bit~3.28.3~38.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-32bit\", rpm:\"libsoftokn3-debuginfo-32bit~3.28.3~38.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.28.3~38.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-32bit\", rpm:\"mozilla-nss-certs-32bit~3.28.3~38.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-32bit\", rpm:\"mozilla-nss-certs-debuginfo-32bit~3.28.3~38.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-32bit\", rpm:\"mozilla-nss-debuginfo-32bit~3.28.3~38.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-32bit\", rpm:\"mozilla-nss-sysinit-32bit~3.28.3~38.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-32bit\", rpm:\"mozilla-nss-sysinit-debuginfo-32bit~3.28.3~38.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk\", rpm:\"java-1_8_0-openjdk~1.8.0.121~23.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-accessibility\", rpm:\"java-1_8_0-openjdk-accessibility~1.8.0.121~23.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-debuginfo\", rpm:\"java-1_8_0-openjdk-debuginfo~1.8.0.121~23.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-debugsource\", rpm:\"java-1_8_0-openjdk-debugsource~1.8.0.121~23.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-demo\", rpm:\"java-1_8_0-openjdk-demo~1.8.0.121~23.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-demo-debuginfo\", rpm:\"java-1_8_0-openjdk-demo-debuginfo~1.8.0.121~23.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-devel\", rpm:\"java-1_8_0-openjdk-devel~1.8.0.121~23.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-devel-debuginfo\", rpm:\"java-1_8_0-openjdk-devel-debuginfo~1.8.0.121~23.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-headless\", rpm:\"java-1_8_0-openjdk-headless~1.8.0.121~23.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-headless-debuginfo\", rpm:\"java-1_8_0-openjdk-headless-debuginfo~1.8.0.121~23.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-src\", rpm:\"java-1_8_0-openjdk-src~1.8.0.121~23.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.28.3~38.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo\", rpm:\"libfreebl3-debuginfo~3.28.3~38.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3\", rpm:\"libsoftokn3~3.28.3~38.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo\", rpm:\"libsoftokn3-debuginfo~3.28.3~38.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.28.3~38.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs\", rpm:\"mozilla-nss-certs~3.28.3~38.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo\", rpm:\"mozilla-nss-certs-debuginfo~3.28.3~38.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo\", rpm:\"mozilla-nss-debuginfo~3.28.3~38.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debugsource\", rpm:\"mozilla-nss-debugsource~3.28.3~38.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-devel\", rpm:\"mozilla-nss-devel~3.28.3~38.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit\", rpm:\"mozilla-nss-sysinit~3.28.3~38.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo\", rpm:\"mozilla-nss-sysinit-debuginfo~3.28.3~38.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.28.3~38.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools-debuginfo\", rpm:\"mozilla-nss-tools-debuginfo~3.28.3~38.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-javadoc\", rpm:\"java-1_8_0-openjdk-javadoc~1.8.0.121~23.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~52.0~55.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~52.0~55.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~52.0~55.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~52.0~55.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~52.0~55.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~52.0~55.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~52.0~55.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~52.0~55.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.28.3~38.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo-32bit\", rpm:\"libfreebl3-debuginfo-32bit~3.28.3~38.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-32bit\", rpm:\"libsoftokn3-32bit~3.28.3~38.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-32bit\", rpm:\"libsoftokn3-debuginfo-32bit~3.28.3~38.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.28.3~38.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-32bit\", rpm:\"mozilla-nss-certs-32bit~3.28.3~38.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-32bit\", rpm:\"mozilla-nss-certs-debuginfo-32bit~3.28.3~38.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-32bit\", rpm:\"mozilla-nss-debuginfo-32bit~3.28.3~38.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-32bit\", rpm:\"mozilla-nss-sysinit-32bit~3.28.3~38.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-32bit\", rpm:\"mozilla-nss-sysinit-debuginfo-32bit~3.28.3~38.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~52.0~55.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~52.0~55.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~52.0~55.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~52.0~55.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~52.0~55.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~52.0~55.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~52.0~55.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~52.0~55.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:07:26", "description": "This host is installed with Mozilla Firefox\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-03-08T00:00:00", "type": "openvas", "title": "Mozilla Firefox Security Updates(mfsa_2017-05_2017-07)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5412", "CVE-2017-5408", "CVE-2017-5422", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5427", "CVE-2017-5406", "CVE-2017-5403", "CVE-2017-5401", "CVE-2017-5414", "CVE-2017-5421", "CVE-2017-5413", "CVE-2017-5398", "CVE-2017-5420", "CVE-2017-5418", "CVE-2017-5404", "CVE-2017-5416", "CVE-2017-5419", "CVE-2017-5415", "CVE-2017-5399", "CVE-2017-5417", "CVE-2017-5402"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310809882", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809882", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Security Updates(mfsa_2017-05_2017-07)-MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809882\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5403\",\n \"CVE-2017-5404\", \"CVE-2017-5406\", \"CVE-2017-5407\", \"CVE-2017-5410\",\n \"CVE-2017-5421\", \"CVE-2017-5422\", \"CVE-2017-5408\", \"CVE-2017-5412\",\n \"CVE-2017-5413\", \"CVE-2017-5414\", \"CVE-2017-5415\", \"CVE-2017-5416\",\n \"CVE-2017-5417\", \"CVE-2017-5399\", \"CVE-2017-5398\", \"CVE-2017-5427\",\n \"CVE-2017-5418\", \"CVE-2017-5419\", \"CVE-2017-5420\", \"CVE-2017-5405\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-08 11:14:44 +0530 (Wed, 08 Mar 2017)\");\n script_name(\"Mozilla Firefox Security Updates(mfsa_2017-05_2017-07)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - asm.js JIT-spray bypass of ASLR and DEP.\n\n - Memory Corruption when handling ErrorResult.\n\n - Use-after-free working with events in FontFace objects.\n\n - Use-after-free using addRange to add range to an incorrect root object.\n\n - Use-after-free working with ranges in selections.\n\n - Segmentation fault in Skia with canvas operations.\n\n - Pixel and history stealing via floating-point timing side channel with SVG filters.\n\n - Memory corruption during JavaScript garbage collection incremental sweeping.\n\n - Use-after-free in Buffer Storage in libGLES.\n\n - File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service.\n\n - Cross-origin reading of video captions in violation of CORS.\n\n - Buffer overflow read in SVG filters.\n\n - Segmentation fault during bidirectional operations.\n\n - File picker can choose incorrect default directory.\n\n - Addressbar spoofing through blob URL.\n\n - Null dereference crash in HttpChannel.\n\n - Addressbar spoofing by dragging and dropping URLs.\n\n - Overly permissive Gecko Media Plugin sandbox regular expression access.\n\n - Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running.\n\n - Non-existent chrome.manifest file loaded during startup.\n\n - Out of bounds read when parsing HTTP digest authorization responses.\n\n - Repeated authentication prompts lead to DOS attack.\n\n - Javascript: URLs can obfuscate addressbar location.\n\n - FTP response codes can cause use of uninitialized values for ports.\n\n - Print preview spoofing.\n\n - DOS attack by using view-source: protocol repeatedly in one hyperlink.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to execute arbitrary code, to delete arbitrary files\n by leveraging certain local file execution, to obtain sensitive information,\n and to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 52.0 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox 52.0 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"52.0\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"52.0\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for firefox USN-3216-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5412", "CVE-2017-5408", "CVE-2017-5422", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5427", "CVE-2017-5406", "CVE-2017-5403", "CVE-2017-5401", "CVE-2017-5414", "CVE-2017-5421", "CVE-2017-5413", "CVE-2017-5398", "CVE-2017-5420", "CVE-2017-5426", "CVE-2017-5418", "CVE-2017-5404", "CVE-2017-5416", "CVE-2017-5419", "CVE-2017-5415", "CVE-2017-5399", "CVE-2017-5417", "CVE-2017-5402"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843122", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843122", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for firefox USN-3216-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843122\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-31 06:35:49 +0200 (Fri, 31 Mar 2017)\");\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5399\", \"CVE-2017-5400\", \"CVE-2017-5401\",\n \"CVE-2017-5402\", \"CVE-2017-5403\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5406\",\n \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\", \"CVE-2017-5412\", \"CVE-2017-5413\",\n \"CVE-2017-5414\", \"CVE-2017-5415\", \"CVE-2017-5416\", \"CVE-2017-5417\", \"CVE-2017-5418\",\n \"CVE-2017-5419\", \"CVE-2017-5420\", \"CVE-2017-5421\", \"CVE-2017-5422\", \"CVE-2017-5426\",\n \"CVE-2017-5427\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for firefox USN-3216-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3216-1 fixed vulnerabilities in Firefox.\n The update resulted in a startup crash when Firefox is used with XRDP. This\n update fixes the problem. We apologize for the inconvenience. Original advisory\n details: Multiple security issues were discovered in Firefox. If a user were\n tricked in to opening a specially crafted website, an attacker could potentially\n exploit these to bypass same origin restrictions, obtain sensitive information,\n spoof the addressbar, spoof the print dialog, cause a denial of service via\n application crash or hang, or execute arbitrary code. (CVE-2017-5398,\n CVE-2017-5399, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5403,\n CVE-2017-5404, CVE-2017-5405, CVE-2017-5406, CVE-2017-5407, CVE-2017-5408,\n CVE-2017-5410, CVE-2017-5412, CVE-2017-5413, CVE-2017-5414, CVE-2017-5415,\n CVE-2017-5416, CVE-2017-5417, CVE-2017-5418, CVE-2017-5419, CVE-2017-5420,\n CVE-2017-5421, CVE-2017-5422, CVE-2017-5426, CVE-2017-5427)\");\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3216-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3216-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.10|12\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"52.0.2+build1-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"52.0.2+build1-0ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"52.0.2+build1-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"52.0.2+build1-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-08T00:00:00", "type": "openvas", "title": "Ubuntu Update for firefox USN-3216-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5412", "CVE-2017-5408", "CVE-2017-5422", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5427", "CVE-2017-5406", "CVE-2017-5403", "CVE-2017-5401", "CVE-2017-5414", "CVE-2017-5421", "CVE-2017-5413", "CVE-2017-5398", "CVE-2017-5420", "CVE-2017-5426", "CVE-2017-5418", "CVE-2017-5404", "CVE-2017-5416", "CVE-2017-5419", "CVE-2017-5415", "CVE-2016-5412", "CVE-2017-5399", "CVE-2017-5417", "CVE-2017-5402"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843080", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843080", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for firefox USN-3216-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843080\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-08 05:53:19 +0100 (Wed, 08 Mar 2017)\");\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5399\", \"CVE-2017-5400\", \"CVE-2017-5401\",\n \"CVE-2017-5402\", \"CVE-2017-5403\", \"CVE-2017-5404\", \"CVE-2017-5405\",\n \"CVE-2017-5406\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\",\n \"CVE-2017-5412\", \"CVE-2017-5413\", \"CVE-2017-5414\", \"CVE-2017-5415\",\n \"CVE-2017-5416\", \"CVE-2017-5417\", \"CVE-2017-5418\", \"CVE-2017-5419\",\n \"CVE-2017-5420\", \"CVE-2017-5421\", \"CVE-2017-5422\", \"CVE-2017-5426\",\n \"CVE-2017-5427\", \"CVE-2016-5412\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for firefox USN-3216-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered in\n Firefox. If a user were tricked in to opening a specially crafted website, an\n attacker could potentially exploit these to bypass same origin restrictions,\n obtain sensitive information, spoof the addressbar, spoof the print dialog,\n cause a denial of service via application crash or hang, or execute arbitrary\n code. (CVE-2017-5398, CVE-2017-5399, CVE-2017-5400, CVE-2017-5401,\n CVE-2017-5402, CVE-2017-5403, CVE-2017-5404, CVE-2017-5405, CVE-2017-5406,\n CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5412, CVE-2017-5413,\n CVE-2017-5414, CVE-2017-5415, CVE-2017-5416, CVE-2017-5417, CVE-2017-5418,\n CVE-2017-5419, CVE-2017-5420, CVE-2017-5421, CVE-2017-5422, CVE-2017-5426,\n CVE-2017-5427)\");\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3216-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3216-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.10|12\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"52.0+build2-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"52.0+build2-0ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"52.0+build2-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"52.0+build2-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:08:44", "description": "This host is installed with Mozilla Firefox\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-03-08T00:00:00", "type": "openvas", "title": "Mozilla Firefox Security Updates(mfsa_2017-05_2017-07)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5410", "CVE-2017-5412", "CVE-2017-5408", "CVE-2017-5422", "CVE-2017-5407", "CVE-2017-5400", "CVE-2017-5405", "CVE-2017-5427", "CVE-2017-5406", "CVE-2017-5403", "CVE-2017-5401", "CVE-2017-5414", "CVE-2017-5421", "CVE-2017-5413", "CVE-2017-5398", "CVE-2017-5420", "CVE-2017-5426", "CVE-2017-5418", "CVE-2017-5425", "CVE-2017-5404", "CVE-2017-5416", "CVE-2017-5419", "CVE-2017-5415", "CVE-2017-5411", "CVE-2017-5399", "CVE-2017-5417", "CVE-2017-5402", "CVE-2017-5409"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310809808", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809808", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Security Updates(mfsa_2017-05_2017-07)-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809808\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5403\",\n\t\t\"CVE-2017-5404\", \"CVE-2017-5406\", \"CVE-2017-5407\", \"CVE-2017-5410\",\n\t\t\"CVE-2017-5411\", \"CVE-2017-5409\", \"CVE-2017-5408\", \"CVE-2017-5412\",\n\t\t\"CVE-2017-5413\", \"CVE-2017-5414\", \"CVE-2017-5415\", \"CVE-2017-5416\",\n\t\t\"CVE-2017-5417\", \"CVE-2017-5425\", \"CVE-2017-5426\", \"CVE-2017-5427\",\n\t\t\"CVE-2017-5418\", \"CVE-2017-5419\", \"CVE-2017-5420\", \"CVE-2017-5405\",\n\t\t\"CVE-2017-5421\", \"CVE-2017-5422\", \"CVE-2017-5399\", \"CVE-2017-5398\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-08 11:13:40 +0530 (Wed, 08 Mar 2017)\");\n script_name(\"Mozilla Firefox Security Updates(mfsa_2017-05_2017-07)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - asm.js JIT-spray bypass of ASLR and DEP.\n\n - Memory Corruption when handling ErrorResult.\n\n - Use-after-free working with events in FontFace objects.\n\n - Use-after-free using addRange to add range to an incorrect root object.\n\n - Use-after-free working with ranges in selections.\n\n - Segmentation fault in Skia with canvas operations.\n\n - Pixel and history stealing via floating-point timing side channel with SVG filters.\n\n - Memory corruption during JavaScript garbage collection incremental sweeping.\n\n - Use-after-free in Buffer Storage in libGLES.\n\n - File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service.\n\n - Cross-origin reading of video captions in violation of CORS.\n\n - Buffer overflow read in SVG filters.\n\n - Segmentation fault during bidirectional operations.\n\n - File picker can choose incorrect default directory.\n\n - Addressbar spoofing through blob URL.\n\n - Null dereference crash in HttpChannel.\n\n - Addressbar spoofing by dragging and dropping URLs.\n\n - Overly permissive Gecko Media Plugin sandbox regular expression access.\n\n - Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running.\n\n - Non-existent chrome.manifest file loaded during startup.\n\n - Out of bounds read when parsing HTTP digest authorization responses.\n\n - Repeated authentication prompts lead to DOS attack.\n\n - Javascript: URLs can obfuscate addressbar location.\n\n - FTP response codes can cause use of uninitialized values for ports.\n\n - Print preview spoofing.\n\n - DOS attack by using view-source: protocol repeatedly in one hyperlink.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to execute arbitrary code, to delete arbitrary files by leveraging certain local\n file execution, to obtain sensitive information, and to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 52.0 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox 52.0 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"52.0\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"52.0\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:27:46", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-21T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for Mozilla (openSUSE-SU-2017:0765-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5428"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851526", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851526", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851526\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-21 05:51:13 +0100 (Tue, 21 Mar 2017)\");\n script_cve_id(\"CVE-2017-5428\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for Mozilla (openSUSE-SU-2017:0765-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Mozilla'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Mozilla Firefox was updated to 52.0.1 to fix one security issue:\n\n - CVE-2017-5428: integer overflow in createImageBitmap() (boo#1029822,\n MFSA 2017-08)\");\n\n script_tag(name:\"affected\", value:\"Mozilla on openSUSE Leap 42.2, openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0765-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.1)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~52.0.1~57.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~52.0.1~57.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~52.0.1~57.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~52.0.1~57.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~52.0.1~57.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~52.0.1~57.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~52.0.1~57.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~52.0.1~57.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~52.0.1~58.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~52.0.1~58.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~52.0.1~58.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~52.0.1~58.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~52.0.1~58.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~52.0.1~58.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~52.0.1~58.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~52.0.1~58.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-25T00:00:00", "type": "openvas", "title": "Fedora Update for firefox FEDORA-2017-cd33654294", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5428"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872521", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872521", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for firefox FEDORA-2017-cd33654294\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872521\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-25 05:57:09 +0100 (Sat, 25 Mar 2017)\");\n script_cve_id(\"CVE-2017-5428\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for firefox FEDORA-2017-cd33654294\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"firefox on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-cd33654294\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NAY7J5V7XLXM6AUVQA62BLONQMHFFK4\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~52.0~6.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:06:28", "description": "This host is installed with Mozilla Firefox\n and is prone to buffer overflow vulnerability.", "cvss3": {}, "published": "2017-03-20T00:00:00", "type": "openvas", "title": "Mozilla Firefox Security Updates(mfsa_2017-08_2017-08)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5428"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310810820", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810820", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Security Updates(mfsa_2017-08_2017-08)-MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810820\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2017-5428\");\n script_bugtraq_id(96959);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-20 13:41:26 +0530 (Mon, 20 Mar 2017)\");\n script_name(\"Mozilla Firefox Security Updates(mfsa_2017-08_2017-08)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n and is prone to buffer overflow vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an integer overflow\n in createImageBitmap().\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to cause buffer overflow.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 52.0.1\n on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 52.0.1\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-08\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"52.0.1\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"52.0.1\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-18T00:00:00", "type": "openvas", "title": "RedHat Update for firefox RHSA-2017:0558-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5428"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871774", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871774", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2017:0558-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871774\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-18 06:36:58 +0100 (Sat, 18 Mar 2017)\");\n script_cve_id(\"CVE-2017-5428\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for firefox RHSA-2017:0558-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nSecurity Fix(es):\n\n * A flaw was found in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2017-5428)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\nUpstream acknowledges Chaitin Security Research Lab via Trend Micro's Zero\nDay Initiative as the original reporters.\");\n script_tag(name:\"affected\", value:\"firefox on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0558-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-March/msg00039.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~52.0~5.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~52.0~5.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:31", "description": "Check the version of firefox", "cvss3": {}, "published": "2017-03-21T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2017:0558 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5428"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882683", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882683", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2017:0558 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882683\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-21 05:50:36 +0100 (Tue, 21 Mar 2017)\");\n script_cve_id(\"CVE-2017-5428\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2017:0558 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web\nbrowser.\n\nSecurity Fix(es):\n\n * A flaw was found in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2017-5428)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\nUpstream acknowledges Chaitin Security Research Lab via Trend Micro's Zero\nDay Initiative as the original reporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0558\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-March/022344.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~52.0~5.el7.centos\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-29T00:00:00", "type": "openvas", "title": "Fedora Update for firefox FEDORA-2017-9e1ccfe586", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5428"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872528", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872528", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for firefox FEDORA-2017-9e1ccfe586\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872528\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-29 06:26:57 +0200 (Wed, 29 Mar 2017)\");\n script_cve_id(\"CVE-2017-5428\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for firefox FEDORA-2017-9e1ccfe586\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"firefox on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-9e1ccfe586\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T2MTBBE3ELRRCBYS64TCE4US6VBLJE7I\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~52.0~6.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:29", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for firefox USN-3238-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5428"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843100", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843100", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for firefox USN-3238-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843100\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-21 05:51:05 +0100 (Tue, 21 Mar 2017)\");\n script_cve_id(\"CVE-2017-5428\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for firefox USN-3238-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"An integer overflow was discovered in\n Firefox. If a user were tricked in to opening a specially crafted website, an\n attacker could exploit this to cause a denial of service via application crash\n or execute arbitrary code. (CVE-2017-5428)\");\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3238-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3238-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.10|12\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"52.0.1+build2-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"52.0.1+build2-0ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"52.0.1+build2-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"52.0.1+build2-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:06:51", "description": "This host is installed with Mozilla Firefox\n ESR and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-03-20T00:00:00", "type": "openvas", "title": "Mozilla Firefox ESR Security Updates(mfsa_2017-08_2017-08)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5428"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310810822", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810822", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox ESR Security Updates(mfsa_2017-08_2017-08)-MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810822\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2017-5428\");\n script_bugtraq_id(96959);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-20 13:41:55 +0530 (Mon, 20 Mar 2017)\");\n script_name(\"Mozilla Firefox ESR Security Updates(mfsa_2017-08_2017-08)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n ESR and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an integer overflow\n in createImageBitmap().\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to cause buffer overflow.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version before 52.0.1\n on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 52.0.1\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-08\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox-ESR/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"52.0.1\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"52.0.1\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:05:21", "description": "This host is installed with Mozilla Firefox\n and is prone to buffer overflow vulnerability.", "cvss3": {}, "published": "2017-03-20T00:00:00", "type": "openvas", "title": "Mozilla Firefox Security Updates(mfsa_2017-08_2017-08)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5428"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310810819", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810819", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Security Updates(mfsa_2017-08_2017-08)-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810819\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2017-5428\");\n script_bugtraq_id(96959);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-20 13:40:58 +0530 (Mon, 20 Mar 2017)\");\n script_name(\"Mozilla Firefox Security Updates(mfsa_2017-08_2017-08)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n and is prone to buffer overflow vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an integer overflow\n in createImageBitmap().\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to cause buffer overflow.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 52.0.1\n on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 52.0.1\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-08\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"52.0.1\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"52.0.1\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:05:46", "description": "This host is installed with Mozilla Firefox\n ESR and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-03-20T00:00:00", "type": "openvas", "title": "Mozilla Firefox ESR Security Updates(mfsa_2017-08_2017-08)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5428"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310810821", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810821", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox ESR Security Updates(mfsa_2017-08_2017-08)-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810821\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2017-5428\");\n script_bugtraq_id(96959);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-20 13:41:45 +0530 (Mon, 20 Mar 2017)\");\n script_name(\"Mozilla Firefox ESR Security Updates(mfsa_2017-08_2017-08)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n ESR and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an integer overflow\n in createImageBitmap().\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to cause buffer overflow.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version before 52.0.1\n on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 52.0.1\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-08\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"52.0.1\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"52.0.1\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-08-19T12:37:10", "description": "According to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405,CVE-2017-5428)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1048)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410", "CVE-2017-5428"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:firefox", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1048.NASL", "href": "https://www.tenable.com/plugins/nessus/99893", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99893);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-5398\",\n \"CVE-2017-5400\",\n \"CVE-2017-5401\",\n \"CVE-2017-5402\",\n \"CVE-2017-5404\",\n \"CVE-2017-5405\",\n \"CVE-2017-5407\",\n \"CVE-2017-5408\",\n \"CVE-2017-5410\",\n \"CVE-2017-5428\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1048)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the firefox package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Multiple flaws were found in the processing of\n malformed web content. A web page containing malicious\n content could cause Firefox to crash or, potentially,\n execute arbitrary code with the privileges of the user\n running Firefox. (CVE-2017-5398, CVE-2017-5400,\n CVE-2017-5401, CVE-2017-5402, CVE-2017-5404,\n CVE-2017-5407, CVE-2017-5408, CVE-2017-5410,\n CVE-2017-5405,CVE-2017-5428)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1048\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d6a52dec\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:X\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"firefox-52.0-5.0.1.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg, allowmaj:TRUE)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:36:56", "description": "According to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405,CVE-2017-5428)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1047)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410", "CVE-2017-5428"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:firefox", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1047.NASL", "href": "https://www.tenable.com/plugins/nessus/99892", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99892);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-5398\",\n \"CVE-2017-5400\",\n \"CVE-2017-5401\",\n \"CVE-2017-5402\",\n \"CVE-2017-5404\",\n \"CVE-2017-5405\",\n \"CVE-2017-5407\",\n \"CVE-2017-5408\",\n \"CVE-2017-5410\",\n \"CVE-2017-5428\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1047)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the firefox package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Multiple flaws were found in the processing of\n malformed web content. A web page containing malicious\n content could cause Firefox to crash or, potentially,\n execute arbitrary code with the privileges of the user\n running Firefox. (CVE-2017-5398, CVE-2017-5400,\n CVE-2017-5401, CVE-2017-5402, CVE-2017-5404,\n CVE-2017-5407, CVE-2017-5408, CVE-2017-5410,\n CVE-2017-5405,CVE-2017-5428)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1047\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ad017917\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:X\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"firefox-52.0-5.0.1.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg, allowmaj:TRUE)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:36:10", "description": "An update for firefox is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.8.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, AndrA(c) Bargull, Kan-Ru Chen, and Nathan Froyd as the original reporters.\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-13T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : firefox (VZLSA-2017-0459)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:firefox", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZLSA-2017-0459.NASL", "href": "https://www.tenable.com/plugins/nessus/101435", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101435);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-5398\",\n \"CVE-2017-5400\",\n \"CVE-2017-5401\",\n \"CVE-2017-5402\",\n \"CVE-2017-5404\",\n \"CVE-2017-5405\",\n \"CVE-2017-5407\",\n \"CVE-2017-5408\",\n \"CVE-2017-5410\"\n );\n\n script_name(english:\"Virtuozzo 6 : firefox (VZLSA-2017-0459)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 5\nand Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.8.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2017-5398, CVE-2017-5400,\nCVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407,\nCVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson,\nDavid Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous,\nEric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler,\nHonza Bambas, Jon Coppeard, Randell Jesup, AndrA(c) Bargull, Kan-Ru\nChen, and Nathan Froyd as the original reporters.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0459.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8a5f1631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017-0459\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:X\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"firefox-45.8.0-2.vl6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:36:14", "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.8.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd as the original reporters.\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-13T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : thunderbird (VZLSA-2017-0498)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:thunderbird", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZLSA-2017-0498.NASL", "href": "https://www.tenable.com/plugins/nessus/101437", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101437);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-5398\",\n \"CVE-2017-5400\",\n \"CVE-2017-5401\",\n \"CVE-2017-5402\",\n \"CVE-2017-5404\",\n \"CVE-2017-5405\",\n \"CVE-2017-5407\",\n \"CVE-2017-5408\",\n \"CVE-2017-5410\"\n );\n\n script_name(english:\"Virtuozzo 6 : thunderbird (VZLSA-2017-0498)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.8.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2017-5398,\nCVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404,\nCVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson,\nDavid Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous,\nEric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler,\nHonza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen,\nand Nathan Froyd as the original reporters.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0498.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?be6650d3\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017-0498\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:X\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"thunderbird-45.8.0-1.vl6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:36:14", "description": "An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, AndrA(c) Bargull, Kan-Ru Chen, and Nathan Froyd as the original reporters.\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-13T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : firefox (VZLSA-2017-0461)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:firefox", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZLSA-2017-0461.NASL", "href": "https://www.tenable.com/plugins/nessus/101436", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101436);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-5398\",\n \"CVE-2017-5400\",\n \"CVE-2017-5401\",\n \"CVE-2017-5402\",\n \"CVE-2017-5404\",\n \"CVE-2017-5405\",\n \"CVE-2017-5407\",\n \"CVE-2017-5408\",\n \"CVE-2017-5410\"\n );\n\n script_name(english:\"Virtuozzo 7 : firefox (VZLSA-2017-0461)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2017-5398, CVE-2017-5400,\nCVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407,\nCVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson,\nDavid Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous,\nEric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler,\nHonza Bambas, Jon Coppeard, Randell Jesup, AndrA(c) Bargull, Kan-Ru\nChen, and Nathan Froyd as the original reporters.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0461.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1c15c7bb\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017-0461\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:X\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"firefox-52.0-4.vl7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-7\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:01", "description": "The remote host is affected by the vulnerability described in GLSA-201705-06 (Mozilla Firefox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, bypass access restriction, access otherwise protected information, or spoof content via multiple vectors.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-10T00:00:00", "type": "nessus", "title": "GLSA-201705-06 : Mozilla Firefox: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:firefox", "p-cpe:/a:gentoo:linux:firefox-bin", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201705-06.NASL", "href": "https://www.tenable.com/plugins/nessus/100083", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201705-06.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100083);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n script_xref(name:\"GLSA\", value:\"201705-06\");\n\n script_name(english:\"GLSA-201705-06 : Mozilla Firefox: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201705-06\n(Mozilla Firefox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla Firefox. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, bypass\n access restriction, access otherwise protected information, or spoof\n content via multiple vectors.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201705-06\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Mozilla Firefox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-45.8.0'\n All Mozilla Firefox binary users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-45.8.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/firefox\", unaffected:make_list(\"ge 45.8.0\"), vulnerable:make_list(\"lt 45.8.0\"))) flag++;\nif (qpkg_check(package:\"www-client/firefox-bin\", unaffected:make_list(\"ge 45.8.0\"), vulnerable:make_list(\"lt 45.8.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla Firefox\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:43", "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.8.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd as the original reporters.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-14T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 / 7 : thunderbird (RHSA-2017:0498)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:thunderbird", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-0498.NASL", "href": "https://www.tenable.com/plugins/nessus/97717", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0498. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97717);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n script_xref(name:\"RHSA\", value:\"2017:0498\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : thunderbird (RHSA-2017:0498)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.8.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2017-5398,\nCVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404,\nCVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson,\nDavid Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous,\nEric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler,\nHonza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen,\nand Nathan Froyd as the original reporters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5398\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0498\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-45.8.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-45.8.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-debuginfo-45.8.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-45.8.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-45.8.0-1.el6_8\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-45.8.0-1.el6_8\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-45.8.0-1.el6_8\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-debuginfo-45.8.0-1.el6_8\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-debuginfo-45.8.0-1.el6_8\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-45.8.0-1.el6_8\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"thunderbird-45.8.0-1.el7_3\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-45.8.0-1.el7_3\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:51", "description": "This update to Mozilla Thunderbird 45.8.0 fixes security issues and bugs.\n\nThe following security issues from advisory MFSA 2017-07 were fixed.\n(boo#1028391) In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts :\n\n - CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP\n\n - CVE-2017-5401: Memory Corruption when handling ErrorResult\n\n - CVE-2017-5402: Use-after-free working with events in FontFace objects (bmo#1334876)\n\n - CVE-2017-5404: Use-after-free working with ranges in selections\n\n - CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters\n\n - CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping\n\n - CVE-2017-5408: Cross-origin reading of video captions in violation of CORS\n\n - CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports (bmo#1336699)\n\n - CVE-2017-5398: Memory safety bugs fixed in Thunderbird 45.8\n\nThe following non-security issues were fixed :\n\n - crash when viewing certain IMAP messages", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-15T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaThunderbird (openSUSE-2017-345)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "cpe:/o:novell:opensuse:42.1", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-345.NASL", "href": "https://www.tenable.com/plugins/nessus/97748", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-345.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97748);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n\n script_name(english:\"openSUSE Security Update : MozillaThunderbird (openSUSE-2017-345)\");\n script_summary(english:\"Check for the openSUSE-2017-345 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to Mozilla Thunderbird 45.8.0 fixes security issues and\nbugs.\n\nThe following security issues from advisory MFSA 2017-07 were fixed.\n(boo#1028391) In general, these flaws cannot be exploited through\nemail in Thunderbird because scripting is disabled when reading mail,\nbut are potentially risks in browser or browser-like contexts :\n\n - CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP\n\n - CVE-2017-5401: Memory Corruption when handling\n ErrorResult\n\n - CVE-2017-5402: Use-after-free working with events in\n FontFace objects (bmo#1334876)\n\n - CVE-2017-5404: Use-after-free working with ranges in\n selections\n\n - CVE-2017-5407: Pixel and history stealing via\n floating-point timing side channel with SVG filters\n\n - CVE-2017-5410: Memory corruption during JavaScript\n garbage collection incremental sweeping\n\n - CVE-2017-5408: Cross-origin reading of video captions in\n violation of CORS\n\n - CVE-2017-5405: FTP response codes can cause use of\n uninitialized values for ports (bmo#1336699)\n\n - CVE-2017-5398: Memory safety bugs fixed in Thunderbird\n 45.8\n\nThe following non-security issues were fixed :\n\n - crash when viewing certain IMAP messages\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1028391\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaThunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-45.8.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-buildsymbols-45.8.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-debuginfo-45.8.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-debugsource-45.8.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-devel-45.8.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-translations-common-45.8.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-translations-other-45.8.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaThunderbird-45.8.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaThunderbird-buildsymbols-45.8.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaThunderbird-debuginfo-45.8.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaThunderbird-debugsource-45.8.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaThunderbird-devel-45.8.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaThunderbird-translations-common-45.8.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaThunderbird-translations-other-45.8.0-39.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird / MozillaThunderbird-buildsymbols / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:39", "description": "This update upgrades Thunderbird to version 45.8.0.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-15T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20170314)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:thunderbird", "p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170314_THUNDERBIRD_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/97751", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97751);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20170314)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update upgrades Thunderbird to version 45.8.0.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Thunderbird to crash or, potentially,\n execute arbitrary code with the privileges of the user\n running Thunderbird. (CVE-2017-5398, CVE-2017-5400,\n CVE-2017-5401, CVE-2017-5402, CVE-2017-5404,\n CVE-2017-5407, CVE-2017-5408, CVE-2017-5410,\n CVE-2017-5405)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1703&L=scientific-linux-errata&F=&S=&P=7630\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5866eeef\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-45.8.0-1.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-debuginfo-45.8.0-1.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-45.8.0-1.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-debuginfo-45.8.0-1.el6_8\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-45.8.0-1.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-45.8.0-1.el7_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:44", "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.8.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd as the original reporters.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-16T00:00:00", "type": "nessus", "title": "CentOS 5 / 6 / 7 : thunderbird (CESA-2017:0498)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:5", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-0498.NASL", "href": "https://www.tenable.com/plugins/nessus/97756", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0498 and \n# CentOS Errata and Security Advisory 2017:0498 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97756);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n script_xref(name:\"RHSA\", value:\"2017:0498\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : thunderbird (CESA-2017:0498)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.8.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2017-5398,\nCVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404,\nCVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson,\nDavid Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous,\nEric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler,\nHonza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen,\nand Nathan Froyd as the original reporters.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-March/022338.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?885ec8bc\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-March/022339.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f620eaa8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-March/022340.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3b3bc423\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5398\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-45.8.0-1.el5.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-45.8.0-1.el6.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-45.8.0-1.el7.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:44", "description": "From Red Hat Security Advisory 2017:0498 :\n\nAn update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.8.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd as the original reporters.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-15T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : thunderbird (ELSA-2017-0498)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:thunderbird", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-0498.NASL", "href": "https://www.tenable.com/plugins/nessus/97749", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:0498 and \n# Oracle Linux Security Advisory ELSA-2017-0498 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97749);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n script_xref(name:\"RHSA\", value:\"2017:0498\");\n\n script_name(english:\"Oracle Linux 6 / 7 : thunderbird (ELSA-2017-0498)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2017:0498 :\n\nAn update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.8.0.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2017-5398,\nCVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404,\nCVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson,\nDavid Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous,\nEric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler,\nHonza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen,\nand Nathan Froyd as the original reporters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-March/006783.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-March/006784.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"thunderbird-45.8.0-1.0.1.el6_8\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"thunderbird-45.8.0-1.0.1.el7_3\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:17", "description": "Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, cause a denial of service via application crash or hang, or execute arbitrary code.\n(CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5405, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-27T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : thunderbird vulnerabilities (USN-3233-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:thunderbird", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3233-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97973", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3233-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97973);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n script_xref(name:\"USN\", value:\"3233-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : thunderbird vulnerabilities (USN-3233-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues were discovered in Thunderbird. If a user\nwere tricked in to opening a specially crafted website in a browsing\ncontext, an attacker could potentially exploit these to bypass same\norigin restrictions, obtain sensitive information, cause a denial of\nservice via application crash or hang, or execute arbitrary code.\n(CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402,\nCVE-2017-5404, CVE-2017-5405, CVE-2017-5407, CVE-2017-5408,\nCVE-2017-5410).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3233-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"thunderbird\", pkgver:\"1:45.8.0+build1-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"thunderbird\", pkgver:\"1:45.8.0+build1-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"thunderbird\", pkgver:\"1:45.8.0+build1-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"thunderbird\", pkgver:\"1:45.8.0+build1-0ubuntu0.16.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:04", "description": "The remote host is affected by the vulnerability described in GLSA-201705-07 (Mozilla Thunderbird: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla Thunderbird.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker, by enticing a user to open a specially crafted email or web page, could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, spoof content or obtain sensitive information.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-10T00:00:00", "type": "nessus", "title": "GLSA-201705-07 : Mozilla Thunderbird: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:thunderbird", "p-cpe:/a:gentoo:linux:thunderbird-bin", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201705-07.NASL", "href": "https://www.tenable.com/plugins/nessus/100084", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201705-07.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100084);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n script_xref(name:\"GLSA\", value:\"201705-07\");\n\n script_name(english:\"GLSA-201705-07 : Mozilla Thunderbird: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201705-07\n(Mozilla Thunderbird: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla Thunderbird.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker, by enticing a user to open a specially crafted email\n or web page, could possibly execute arbitrary code with the privileges of\n the process, cause a Denial of Service condition, spoof content or obtain\n sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201705-07\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Mozilla Thunderbird users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-45.8.0'\n All Mozilla Thunderbird binary users should upgrade to the latest\n version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=mail-client/thunderbird-bin-45.8.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"mail-client/thunderbird\", unaffected:make_list(\"ge 45.8.0\"), vulnerable:make_list(\"lt 45.8.0\"))) flag++;\nif (qpkg_check(package:\"mail-client/thunderbird-bin\", unaffected:make_list(\"ge 45.8.0\"), vulnerable:make_list(\"lt 45.8.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla Thunderbird\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:51", "description": "This update upgrades Firefox to version 45.8.0 ESR.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-09T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20170308)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:firefox", "p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170308_FIREFOX_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/97631", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97631);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20170308)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update upgrades Firefox to version 45.8.0 ESR.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Firefox to crash or, potentially, execute\n arbitrary code with the privileges of the user running\n Firefox. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401,\n CVE-2017-5402, CVE-2017-5404, CVE-2017-5407,\n CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1703&L=scientific-linux-errata&F=&S=&P=7158\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?96d41314\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"firefox-45.8.0-2.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"firefox-debuginfo-45.8.0-2.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"firefox-45.8.0-2.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"firefox-debuginfo-45.8.0-2.el6_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:44", "description": "An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd as the original reporters.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-09T00:00:00", "type": "nessus", "title": "CentOS 7 : firefox (CESA-2017:0461)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-0461.NASL", "href": "https://www.tenable.com/plugins/nessus/97613", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0461 and \n# CentOS Errata and Security Advisory 2017:0461 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97613);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n script_xref(name:\"RHSA\", value:\"2017:0461\");\n\n script_name(english:\"CentOS 7 : firefox (CESA-2017:0461)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2017-5398, CVE-2017-5400,\nCVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407,\nCVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson,\nDavid Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous,\nEric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler,\nHonza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru\nChen, and Nathan Froyd as the original reporters.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-March/022334.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43846dbf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5398\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"firefox-52.0-4.el7.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:47", "description": "This update upgrades Firefox to version 52.0 ESR.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-09T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : firefox on SL7.x x86_64 (20170308)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:firefox", "p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170308_FIREFOX_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/97632", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97632);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL7.x x86_64 (20170308)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update upgrades Firefox to version 52.0 ESR.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Firefox to crash or, potentially, execute\n arbitrary code with the privileges of the user running\n Firefox. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401,\n CVE-2017-5402, CVE-2017-5404, CVE-2017-5407,\n CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1703&L=scientific-linux-errata&F=&S=&P=6699\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?56f8f05e\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-52.0-4.el7_3\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-debuginfo-52.0-4.el7_3\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:51", "description": "An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd as the original reporters.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-09T00:00:00", "type": "nessus", "title": "RHEL 7 : firefox (RHSA-2017:0461)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-0461.NASL", "href": "https://www.tenable.com/plugins/nessus/97629", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0461. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97629);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n script_xref(name:\"RHSA\", value:\"2017:0461\");\n\n script_name(english:\"RHEL 7 : firefox (RHSA-2017:0461)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2017-5398, CVE-2017-5400,\nCVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407,\nCVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson,\nDavid Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous,\nEric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler,\nHonza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru\nChen, and Nathan Froyd as the original reporters.\"\n );\n # https://www.mozilla.org/en-US/security/advisories/mfsa2017-06\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5410\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0461\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-52.0-4.el7_3\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-debuginfo-52.0-4.el7_3\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:55", "description": "An update for firefox is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.8.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd as the original reporters.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-09T00:00:00", "type": "nessus", "title": "CentOS 5 / 6 : firefox (CESA-2017:0459)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:5", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2017-0459.NASL", "href": "https://www.tenable.com/plugins/nessus/97612", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0459 and \n# CentOS Errata and Security Advisory 2017:0459 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97612);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n script_xref(name:\"RHSA\", value:\"2017:0459\");\n\n script_name(english:\"CentOS 5 / 6 : firefox (CESA-2017:0459)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 5\nand Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.8.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2017-5398, CVE-2017-5400,\nCVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407,\nCVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson,\nDavid Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous,\nEric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler,\nHonza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru\nChen, and Nathan Froyd as the original reporters.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-March/022326.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42c694e2\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-March/022327.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b79f2dda\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5398\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-45.8.0-2.el5.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"firefox-45.8.0-2.el6.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:44", "description": "An update for firefox is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.8.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd as the original reporters.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-09T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : firefox (RHSA-2017:0459)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2017-0459.NASL", "href": "https://www.tenable.com/plugins/nessus/97628", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0459. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97628);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n script_xref(name:\"RHSA\", value:\"2017:0459\");\n\n script_name(english:\"RHEL 5 / 6 : firefox (RHSA-2017:0459)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 5\nand Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.8.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2017-5398, CVE-2017-5400,\nCVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407,\nCVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson,\nDavid Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous,\nEric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler,\nHonza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru\nChen, and Nathan Froyd as the original reporters.\"\n );\n # https://www.mozilla.org/en-US/security/advisories/mfsa2017-06\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5410\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0459\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-45.8.0-2.el5_11\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-debuginfo-45.8.0-2.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-45.8.0-2.el6_8\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-debuginfo-45.8.0-2.el6_8\", allowmaj:TRUE)) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:44", "description": "From Red Hat Security Advisory 2017:0461 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd as the original reporters.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-09T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : firefox (ELSA-2017-0461)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-0461.NASL", "href": "https://www.tenable.com/plugins/nessus/97627", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:0461 and \n# Oracle Linux Security Advisory ELSA-2017-0461 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97627);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n script_xref(name:\"RHSA\", value:\"2017:0461\");\n\n script_name(english:\"Oracle Linux 7 : firefox (ELSA-2017-0461)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2017:0461 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2017-5398, CVE-2017-5400,\nCVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407,\nCVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson,\nDavid Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous,\nEric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler,\nHonza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru\nChen, and Nathan Froyd as the original reporters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-March/006777.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"firefox-52.0-4.0.1.el7_3\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:55", "description": "From Red Hat Security Advisory 2017:0459 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.8.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd as the original reporters.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-09T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : firefox (ELSA-2017-0459)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2017-0459.NASL", "href": "https://www.tenable.com/plugins/nessus/97626", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:0459 and \n# Oracle Linux Security Advisory ELSA-2017-0459 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97626);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n script_xref(name:\"RHSA\", value:\"2017:0459\");\n\n script_name(english:\"Oracle Linux 5 / 6 : firefox (ELSA-2017-0459)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2017:0459 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 5\nand Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.8.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2017-5398, CVE-2017-5400,\nCVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407,\nCVE-2017-5408, CVE-2017-5410, CVE-2017-5405)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson,\nDavid Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous,\nEric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler,\nHonza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru\nChen, and Nathan Froyd as the original reporters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-March/006775.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-March/006776.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"firefox-45.8.0-2.0.1.el5_11\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"firefox-45.8.0-2.0.1.el6_8\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-16T13:41:39", "description": "The version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is prior to 45.8. It is, therefore, affected by multiple vulnerabilities :\n\n - Mozilla developers and community members Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd reported memory safety bugs present in Firefox 51 and Firefox ESR 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5398)\n\n - JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5400)\n\n - A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitable.\n (CVE-2017-5401)\n\n - A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. (CVE-2017-5402)\n\n - A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. (CVE-2017-5404)\n\n - Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. (CVE-2017-5405)\n\n - Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. (CVE-2017-5407)\n\n - Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. (CVE-2017-5408)\n\n - Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. (CVE-2017-5410)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Mozilla security advisories.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-09T00:00:00", "type": "nessus", "title": "Mozilla Firefox ESR < 45.8 Multiple Vulnerabilities (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MACOSX_FIREFOX_45_8_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/97636", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97636);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2017-5398\",\n \"CVE-2017-5400\",\n \"CVE-2017-5401\",\n \"CVE-2017-5402\",\n \"CVE-2017-5404\",\n \"CVE-2017-5405\",\n \"CVE-2017-5407\",\n \"CVE-2017-5408\",\n \"CVE-2017-5410\"\n );\n script_bugtraq_id(\n 96651,\n 96654,\n 96664,\n 96677,\n 96693\n );\n script_xref(name:\"MFSA\", value:\"2017-06\");\n\n script_name(english:\"Mozilla Firefox ESR < 45.8 Multiple Vulnerabilities (macOS)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote macOS or Mac OS X host contains a web browser that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox ESR installed on the remote macOS or\nMac OS X host is prior to 45.8. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - Mozilla developers and community members Boris Zbarsky,\n Christian Holler, Honza Bambas, Jon Coppeard, Randell\n Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd\n reported memory safety bugs present in Firefox 51 and\n Firefox ESR 45.7. Some of these bugs showed evidence of\n memory corruption and we presume that with enough\n effort that some of these could be exploited to run\n arbitrary code. (CVE-2017-5398)\n\n - JIT-spray targeting asm.js combined with a heap spray\n allows for a bypass of ASLR and DEP protections leading\n to potential memory corruption attacks. (CVE-2017-5400)\n\n - A crash triggerable by web content in which an\n ErrorResult references unassigned memory due to a logic\n error. The resulting crash may be exploitable.\n (CVE-2017-5401)\n\n - A use-after-free can occur when events are fired for a\n FontFace object after the object has been already been\n destroyed while working with fonts. This results in a\n potentially exploitable crash. (CVE-2017-5402)\n\n - A use-after-free error can occur when manipulating\n ranges in selections with one node inside a native\n anonymous tree and one node outside of it. This results\n in a potentially exploitable crash. (CVE-2017-5404)\n\n - Certain response codes in FTP connections can result in\n the use of uninitialized values for ports in FTP\n operations. (CVE-2017-5405)\n\n - Using SVG filters that don't use the fixed point math\n implementation on a target iframe, a malicious page can\n extract pixel values from a targeted user. This can be\n used to extract history information and read text\n values across domains. This violates same-origin policy\n and leads to information disclosure. (CVE-2017-5407)\n\n - Video files loaded video captions cross-origin without\n checking for the presence of CORS headers permitting\n such cross-origin use, leading to potential information\n disclosure for video captions. (CVE-2017-5408)\n\n - Memory corruption resulting in a potentially\n exploitable crash during garbage collection of\n JavaScript due errors in how incremental sweeping is\n managed for memory cleanup. (CVE-2017-5410)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Mozilla security advisories.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 45.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5398\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nis_esr = get_kb_item(kb_base+\"/is_esr\");\nif (isnull(is_esr)) audit(AUDIT_NOT_INST, \"Mozilla Firefox ESR\");\n\nmozilla_check_version(version:version, path:path, product:'firefox', esr:TRUE, fix:'45.8', severity:SECURITY_HOLE);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:38", "description": "Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, ASLR bypass, information disclosure or denial of service.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-10T00:00:00", "type": "nessus", "title": "Debian DSA-3805-1 : firefox-esr - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:firefox-esr", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3805.NASL", "href": "https://www.tenable.com/plugins/nessus/97643", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3805. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97643);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n script_xref(name:\"DSA\", value:\"3805\");\n\n script_name(english:\"Debian DSA-3805-1 : firefox-esr - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code,\nASLR bypass, information disclosure or denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/firefox-esr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3805\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the firefox-esr packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 45.8.0esr-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-dbg\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-dev\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ach\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-af\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-all\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-an\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ar\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-as\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ast\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-az\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-be\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bg\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bn-bd\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bn-in\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-br\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bs\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ca\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-cs\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-cy\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-da\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-de\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-dsb\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-el\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-en-gb\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-en-za\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-eo\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-ar\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-cl\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-es\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-mx\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-et\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-eu\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fa\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ff\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fi\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fr\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fy-nl\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ga-ie\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gd\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gl\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gn\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gu-in\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-he\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hi-in\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hr\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hsb\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hu\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hy-am\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-id\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-is\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-it\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ja\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-kk\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-km\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-kn\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ko\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lij\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lt\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lv\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mai\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mk\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ml\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mr\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ms\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nb-no\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nl\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nn-no\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-or\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pa-in\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pl\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pt-br\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pt-pt\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-rm\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ro\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ru\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-si\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sk\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sl\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-son\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sq\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sr\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sv-se\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ta\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-te\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-th\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-tr\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-uk\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-uz\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-vi\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-xh\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-zh-cn\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-zh-tw\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dbg\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dev\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ach\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-af\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-all\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-an\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ar\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-as\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ast\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-az\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-be\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bg\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-br\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bs\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ca\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cs\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cy\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-da\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-de\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-dsb\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-el\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eo\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-et\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eu\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fa\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ff\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fi\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fr\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gd\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gl\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gn\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-he\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hr\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hu\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-id\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-is\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-it\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ja\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kk\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-km\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kn\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ko\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lij\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lt\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lv\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mai\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mk\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ml\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mr\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ms\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nl\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-or\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pl\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-rm\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ro\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ru\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-si\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sk\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sl\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-son\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sq\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sr\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ta\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-te\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-th\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-tr\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-uk\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-uz\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-vi\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-xh\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"45.8.0esr-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-16T13:40:29", "description": "The version of Mozilla Thunderbird installed on the remote macOS or Mac OS X host is prior to 45.8. It is, therefore, affected by multiple vulnerabilities :\n\n - Mozilla developers and community members Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd reported memory safety bugs present in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort that some of these could be exploited to run arbitrary code.\n (CVE-2017-5398)\n\n - JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5400)\n\n - A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitable.\n (CVE-2017-5401)\n\n - A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. (CVE-2017-5402)\n\n - A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. (CVE-2017-5404)\n\n - Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. (CVE-2017-5405)\n\n - Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. (CVE-2017-5407)\n\n - Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. (CVE-2017-5408)\n\n - Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due to errors in how incremental sweeping is managed for memory cleanup. (CVE-2017-5410)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Mozilla security advisories.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-10T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird < 45.8 Multiple Vulnerabilities (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MACOSX_THUNDERBIRD_45_8.NASL", "href": "https://www.tenable.com/plugins/nessus/97662", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97662);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2017-5398\",\n \"CVE-2017-5400\",\n \"CVE-2017-5401\",\n \"CVE-2017-5402\",\n \"CVE-2017-5404\",\n \"CVE-2017-5405\",\n \"CVE-2017-5407\",\n \"CVE-2017-5408\",\n \"CVE-2017-5410\"\n );\n script_bugtraq_id(\n 96651,\n 96654,\n 96664,\n 96677,\n 96693\n );\n script_xref(name:\"MFSA\", value:\"2017-07\");\n\n script_name(english:\"Mozilla Thunderbird < 45.8 Multiple Vulnerabilities (macOS)\");\n script_summary(english:\"Checks the version of Thunderbird.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote macOS or Mac OS X host contains a mail client that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Thunderbird installed on the remote macOS or\nMac OS X host is prior to 45.8. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Mozilla developers and community members Boris Zbarsky,\n Christian Holler, Honza Bambas, Jon Coppeard, Randell\n Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd\n reported memory safety bugs present in Thunderbird\n 45.7. Some of these bugs showed evidence of memory\n corruption, and we presume that with enough effort that\n some of these could be exploited to run arbitrary code.\n (CVE-2017-5398)\n\n - JIT-spray targeting asm.js combined with a heap spray\n allows for a bypass of ASLR and DEP protections leading\n to potential memory corruption attacks. (CVE-2017-5400)\n\n - A crash triggerable by web content in which an\n ErrorResult references unassigned memory due to a logic\n error. The resulting crash may be exploitable.\n (CVE-2017-5401)\n\n - A use-after-free can occur when events are fired for a\n FontFace object after the object has been already been\n destroyed while working with fonts. This results in a\n potentially exploitable crash. (CVE-2017-5402)\n\n - A use-after-free error can occur when manipulating\n ranges in selections with one node inside a native\n anonymous tree and one node outside of it. This results\n in a potentially exploitable crash. (CVE-2017-5404)\n\n - Certain response codes in FTP connections can result in\n the use of uninitialized values for ports in FTP\n operations. (CVE-2017-5405)\n\n - Using SVG filters that don't use the fixed point math\n implementation on a target iframe, a malicious page can\n extract pixel values from a targeted user. This can be\n used to extract history information and read text\n values across domains. This violates same-origin policy\n and leads to information disclosure. (CVE-2017-5407)\n\n - Video files loaded video captions cross-origin without\n checking for the presence of CORS headers permitting\n such cross-origin use, leading to potential information\n disclosure for video captions. (CVE-2017-5408)\n\n - Memory corruption resulting in a potentially\n exploitable crash during garbage collection of\n JavaScript due to errors in how incremental sweeping is\n managed for memory cleanup. (CVE-2017-5410)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Mozilla security advisories.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1313711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1321612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1322971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1324379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1325052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1328861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1330687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1332550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1332597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1333568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1333887\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1334876\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1334933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1335450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1336510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1336622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1336699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1338383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1340138\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Thunderbird version 45.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5398\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_thunderbird_installed.nasl\");\n script_require_keys(\"MacOSX/Thunderbird/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Thunderbird\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nis_esr = get_kb_item(kb_base+\"/is_esr\");\nif (!isnull(is_esr)) exit(0, 'The Mozilla Thunderbird installation is in the ESR branch.');\n\nmozilla_check_version(version:version, path:path, product:'thunderbird', fix:'45.8', severity:SECURITY_HOLE);\n\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-16T13:40:31", "description": "The version of Mozilla Thunderbird installed on the remote Windows host is prior to 45.8. It is, therefore, affected by multiple vulnerabilities :\n\n - Mozilla developers and community members Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd reported memory safety bugs present in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort that some of these could be exploited to run arbitrary code.\n (CVE-2017-5398)\n\n - JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5400)\n\n - A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitable.\n (CVE-2017-5401)\n\n - A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. (CVE-2017-5402)\n\n - A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. (CVE-2017-5404)\n\n - Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. (CVE-2017-5405)\n\n - Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. (CVE-2017-5407)\n\n - Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. (CVE-2017-5408)\n\n - Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due to errors in how incremental sweeping is managed for memory cleanup. (CVE-2017-5410)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Mozilla security advisories.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-10T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird < 45.8 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MOZILLA_THUNDERBIRD_45_8.NASL", "href": "https://www.tenable.com/plugins/nessus/97663", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97663);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2017-5398\",\n \"CVE-2017-5400\",\n \"CVE-2017-5401\",\n \"CVE-2017-5402\",\n \"CVE-2017-5404\",\n \"CVE-2017-5405\",\n \"CVE-2017-5407\",\n \"CVE-2017-5408\",\n \"CVE-2017-5410\"\n );\n script_bugtraq_id(\n 96651,\n 96654,\n 96664,\n 96677,\n 96693\n );\n script_xref(name:\"MFSA\", value:\"2017-07\");\n\n script_name(english:\"Mozilla Thunderbird < 45.8 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Thunderbird.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a mail client that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Thunderbird installed on the remote Windows\nhost is prior to 45.8. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Mozilla developers and community members Boris Zbarsky,\n Christian Holler, Honza Bambas, Jon Coppeard, Randell\n Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd\n reported memory safety bugs present in Thunderbird\n 45.7. Some of these bugs showed evidence of memory\n corruption, and we presume that with enough effort that\n some of these could be exploited to run arbitrary code.\n (CVE-2017-5398)\n\n - JIT-spray targeting asm.js combined with a heap spray\n allows for a bypass of ASLR and DEP protections leading\n to potential memory corruption attacks. (CVE-2017-5400)\n\n - A crash triggerable by web content in which an\n ErrorResult references unassigned memory due to a logic\n error. The resulting crash may be exploitable.\n (CVE-2017-5401)\n\n - A use-after-free can occur when events are fired for a\n FontFace object after the object has been already been\n destroyed while working with fonts. This results in a\n potentially exploitable crash. (CVE-2017-5402)\n\n - A use-after-free error can occur when manipulating\n ranges in selections with one node inside a native\n anonymous tree and one node outside of it. This results\n in a potentially exploitable crash. (CVE-2017-5404)\n\n - Certain response codes in FTP connections can result in\n the use of uninitialized values for ports in FTP\n operations. (CVE-2017-5405)\n\n - Using SVG filters that don't use the fixed point math\n implementation on a target iframe, a malicious page can\n extract pixel values from a targeted user. This can be\n used to extract history information and read text\n values across domains. This violates same-origin policy\n and leads to information disclosure. (CVE-2017-5407)\n\n - Video files loaded video captions cross-origin without\n checking for the presence of CORS headers permitting\n such cross-origin use, leading to potential information\n disclosure for video captions. (CVE-2017-5408)\n\n - Memory corruption resulting in a potentially\n exploitable crash during garbage collection of\n JavaScript due to errors in how incremental sweeping is\n managed for memory cleanup. (CVE-2017-5410)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Mozilla security advisories.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1313711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1321612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1322971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1324379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1325052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1328861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1330687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1332550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1332597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1333568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1333887\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1334876\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1334933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1335450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1336510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1336622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1336699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1338383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1340138\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Thunderbird version 45.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5398\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', fix:'45.8', severity:SECURITY_HOLE);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:45", "description": "Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, ASLR bypass, information disclosure or denial of service.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 45.8.0esr-1~deb7u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-13T00:00:00", "type": "nessus", "title": "Debian DLA-852-1 : firefox-esr security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:firefox-esr", "p-cpe:/a:debian:debian_linux:firefox-esr-dbg", "p-cpe:/a:debian:debian_linux:firefox-esr-dev", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ach", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-af", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-all", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-an", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ar", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-as", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ast", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-az", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-be", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bg", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-br", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bs", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ca", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cs", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cy", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-da", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-de", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-dsb", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-el", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-gb", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-za", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eo", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-ar", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-cl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-es", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-mx", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-et", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eu", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fa", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ff", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fi", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gd", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gn", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gu-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-he", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hi-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hsb", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hu", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hy-am", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-id", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-is", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-it", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ja", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-km", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kn", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ko", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lij", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lt", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lv", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mai", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ml", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ms", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nb-no", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nn-no", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-or", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pa-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-br", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-rm", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ro", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ru", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-si", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-son", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sq", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sv-se", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ta", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-te", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-th", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-tr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uz", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-vi", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-xh", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:iceweasel", "p-cpe:/a:debian:debian_linux:iceweasel-dbg", "p-cpe:/a:debian:debian_linux:iceweasel-dev", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ach", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-af", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-all", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-an", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ar", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-as", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ast", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-az", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-be", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bg", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-br", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bs", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ca", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-cs", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-cy", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-da", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-de", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-dsb", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-el", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-gb", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-za", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-eo", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-ar", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-cl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-es", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-mx", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-et", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-eu", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fa", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ff", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fi", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gd", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gu-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-he", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hi-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hsb", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hu", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hy-am", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-id", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-is", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-it", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ja", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-kk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-km", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-kn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ko", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-lij", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-lt", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-lv", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-mai", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-mk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ml", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-mr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ms", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-nb-no", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-nl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-nn-no", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-or", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pa-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-br", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-rm", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ro", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ru", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-si", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-son", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sq", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sv-se", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ta", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-te", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-th", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-tr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-uk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-uz", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-vi", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-xh", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-tw", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-852.NASL", "href": "https://www.tenable.com/plugins/nessus/97668", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-852-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97668);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n\n script_name(english:\"Debian DLA-852-1 : firefox-esr security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code,\nASLR bypass, information disclosure or denial of service.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n45.8.0esr-1~deb7u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/03/msg00009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/firefox-esr\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ach\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-za\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-mx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gu-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hi-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lij\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-son\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ach\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-za\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-mx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gu-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hi-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lij\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-son\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-dbg\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-dev\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ach\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-af\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-all\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-an\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ar\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-as\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ast\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-az\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-be\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-bg\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-bn-bd\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-bn-in\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-br\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-bs\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ca\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-cs\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-cy\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-da\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-de\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-dsb\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-el\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-en-gb\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-en-za\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-eo\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-es-ar\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-es-cl\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-es-es\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-es-mx\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-et\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-eu\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-fa\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ff\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-fi\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-fr\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-fy-nl\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ga-ie\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-gd\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-gl\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-gn\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-gu-in\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-he\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-hi-in\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-hr\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-hsb\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-hu\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-hy-am\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-id\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-is\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-it\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ja\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-kk\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-km\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-kn\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ko\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-lij\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-lt\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-lv\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-mai\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-mk\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ml\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-mr\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ms\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-nb-no\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-nl\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-nn-no\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-or\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-pa-in\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-pl\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-pt-br\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-pt-pt\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-rm\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ro\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ru\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-si\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-sk\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-sl\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-son\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-sq\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-sr\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-sv-se\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ta\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-te\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-th\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-tr\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-uk\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-uz\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-vi\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-xh\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-zh-cn\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-zh-tw\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-dbg\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-dev\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ach\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-af\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-all\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-an\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ar\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-as\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ast\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-az\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-be\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bg\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-br\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bs\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ca\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-cs\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-cy\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-da\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-de\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-dsb\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-el\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-eo\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-et\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-eu\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fa\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ff\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fi\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fr\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gd\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gl\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gn\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-he\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hr\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hu\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-id\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-is\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-it\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ja\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-kk\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-km\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-kn\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ko\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lij\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lt\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lv\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mai\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mk\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ml\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mr\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ms\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nl\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-or\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pl\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-rm\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ro\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ru\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-si\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sk\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sl\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-son\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sq\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sr\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ta\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-te\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-th\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-tr\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-uk\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-uz\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-vi\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-xh\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"45.8.0esr-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:46", "description": "This update for MozillaFirefox to ESR 45.8 fixes the following issues:\nSecurity issues fixed (bsc#1028391) :\n\n - CVE-2017-5402: Use-after-free working with events in FontFace objects\n\n - CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping\n\n - CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP\n\n - CVE-2017-5401: Memory Corruption when handling ErrorResult\n\n - CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters\n\n - CVE-2017-5404: Use-after-free working with ranges in selections\n\n - CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports\n\n - CVE-2017-5408: Cross-origin reading of video captions in violation of CORS\n\n - CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service\n\n - CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 Bugfixes :\n\n - fix crashes on Itanium (bsc#1027527)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-20T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2017:0732-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5409", "CVE-2017-5410"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-0732-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97832", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0732-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97832);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5409\", \"CVE-2017-5410\");\n\n script_name(english:\"SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2017:0732-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for MozillaFirefox to ESR 45.8 fixes the following issues:\nSecurity issues fixed (bsc#1028391) :\n\n - CVE-2017-5402: Use-after-free working with events in\n FontFace objects\n\n - CVE-2017-5410: Memory corruption during JavaScript\n garbage collection incremental sweeping\n\n - CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP\n\n - CVE-2017-5401: Memory Corruption when handling\n ErrorResult\n\n - CVE-2017-5407: Pixel and history stealing via\n floating-point timing side channel with SVG filters\n\n - CVE-2017-5404: Use-after-free working with ranges in\n selections\n\n - CVE-2017-5405: FTP response codes can cause use of\n uninitialized values for ports\n\n - CVE-2017-5408: Cross-origin reading of video captions in\n violation of CORS\n\n - CVE-2017-5409: File deletion via callback parameter in\n Mozilla Windows Updater and Maintenance Service\n\n - CVE-2017-5398: Memory safety bugs fixed in Firefox 52\n and Firefox ESR 45.8 Bugfixes :\n\n - fix crashes on Itanium (bsc#1027527)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5398/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5400/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5401/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5402/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5404/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5405/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5407/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5408/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5409/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5410/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170732-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3713e709\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 5:zypper in -t patch\nsleclo50sp3-MozillaFirefox-13034=1\n\nSUSE Manager Proxy 2.1:zypper in -t patch\nslemap21-MozillaFirefox-13034=1\n\nSUSE Manager 2.1:zypper in -t patch sleman21-MozillaFirefox-13034=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-MozillaFirefox-13034=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-MozillaFirefox-13034=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-MozillaFirefox-13034=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-MozillaFirefox-13034=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-MozillaFirefox-13034=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-MozillaFirefox-13034=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"MozillaFirefox-45.8.0esr-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"MozillaFirefox-translations-45.8.0esr-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"MozillaFirefox-45.8.0esr-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"MozillaFirefox-translations-45.8.0esr-68.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:43", "description": "This update for MozillaFirefox to ESR 45.8 fixes the following issues:\nSecurity issues fixed (bsc#1028391) :\n\n - CVE-2017-5402: Use-after-free working with events in FontFace objects\n\n - CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping\n\n - CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP\n\n - CVE-2017-5401: Memory Corruption when handling ErrorResult\n\n - CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters\n\n - CVE-2017-5404: Use-after-free working with ranges in selections\n\n - CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports\n\n - CVE-2017-5408: Cross-origin reading of video captions in violation of CORS\n\n - CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service\n\n - CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-20T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2017:0714-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5409", "CVE-2017-5410"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox", "p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo", "p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0714-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97825", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0714-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97825);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5409\", \"CVE-2017-5410\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2017:0714-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for MozillaFirefox to ESR 45.8 fixes the following issues:\nSecurity issues fixed (bsc#1028391) :\n\n - CVE-2017-5402: Use-after-free working with events in\n FontFace objects\n\n - CVE-2017-5410: Memory corruption during JavaScript\n garbage collection incremental sweeping\n\n - CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP\n\n - CVE-2017-5401: Memory Corruption when handling\n ErrorResult\n\n - CVE-2017-5407: Pixel and history stealing via\n floating-point timing side channel with SVG filters\n\n - CVE-2017-5404: Use-after-free working with ranges in\n selections\n\n - CVE-2017-5405: FTP response codes can cause use of\n uninitialized values for ports\n\n - CVE-2017-5408: Cross-origin reading of video captions in\n violation of CORS\n\n - CVE-2017-5409: File deletion via callback parameter in\n Mozilla Windows Updater and Maintenance Service\n\n - CVE-2017-5398: Memory safety bugs fixed in Firefox 52\n and Firefox ESR 45.8\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5398/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5400/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5401/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5402/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5404/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5405/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5407/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5408/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5409/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5410/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170714-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?be982349\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-392=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2017-392=1\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-392=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-392=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-392=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-392=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-392=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-392=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2017-392=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-45.8.0esr-102.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-debuginfo-45.8.0esr-102.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-debugsource-45.8.0esr-102.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-translations-45.8.0esr-102.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-45.8.0esr-102.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-debuginfo-45.8.0esr-102.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-debugsource-45.8.0esr-102.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-translations-45.8.0esr-102.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-45.8.0esr-102.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-debuginfo-45.8.0esr-102.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-debugsource-45.8.0esr-102.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-45.8.0esr-102.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-45.8.0esr-102.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-debuginfo-45.8.0esr-102.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-debugsource-45.8.0esr-102.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-45.8.0esr-102.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-45.8.0esr-102.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-debuginfo-45.8.0esr-102.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-debugsource-45.8.0esr-102.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-45.8.0esr-102.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-16T12:22:44", "description": "The version of Mozilla Firefox ESR installed on the remote Windows host is prior to 45.8. It is, therefore, affected by multiple vulnerabilities :\n\n - Mozilla developers and community members Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd reported memory safety bugs present in Firefox 51 and Firefox ESR 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5398)\n\n - JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5400)\n\n - A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitable.\n (CVE-2017-5401)\n\n - A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. (CVE-2017-5402)\n\n - A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. (CVE-2017-5404)\n\n - Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. (CVE-2017-5405)\n\n - Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. (CVE-2017-5407)\n\n - Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. (CVE-2017-5408)\n\n - The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. (CVE-2017-5409)\n\n - Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. (CVE-2017-5410)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Mozilla security advisories.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-09T00:00:00", "type": "nessus", "title": "Mozilla Firefox ESR < 45.8 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5409", "CVE-2017-5410"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_45_8_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/97638", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97638);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2017-5398\",\n \"CVE-2017-5400\",\n \"CVE-2017-5401\",\n \"CVE-2017-5402\",\n \"CVE-2017-5404\",\n \"CVE-2017-5405\",\n \"CVE-2017-5407\",\n \"CVE-2017-5408\",\n \"CVE-2017-5409\",\n \"CVE-2017-5410\"\n );\n script_bugtraq_id(\n 96651,\n 96654,\n 96664,\n 96677,\n 96693,\n 96696\n );\n script_xref(name:\"MFSA\", value:\"2017-06\");\n\n script_name(english:\"Mozilla Firefox ESR < 45.8 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox ESR installed on the remote Windows\nhost is prior to 45.8. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Mozilla developers and community members Boris Zbarsky,\n Christian Holler, Honza Bambas, Jon Coppeard, Randell\n Jesup, Andre Bargull, Kan-Ru Chen, and Nathan Froyd\n reported memory safety bugs present in Firefox 51 and\n Firefox ESR 45.7. Some of these bugs showed evidence of\n memory corruption and we presume that with enough\n effort that some of these could be exploited to run\n arbitrary code. (CVE-2017-5398)\n\n - JIT-spray targeting asm.js combined with a heap spray\n allows for a bypass of ASLR and DEP protections leading\n to potential memory corruption attacks. (CVE-2017-5400)\n\n - A crash triggerable by web content in which an\n ErrorResult references unassigned memory due to a logic\n error. The resulting crash may be exploitable.\n (CVE-2017-5401)\n\n - A use-after-free can occur when events are fired for a\n FontFace object after the object has been already been\n destroyed while working with fonts. This results in a\n potentially exploitable crash. (CVE-2017-5402)\n\n - A use-after-free error can occur when manipulating\n ranges in selections with one node inside a native\n anonymous tree and one node outside of it. This results\n in a potentially exploitable crash. (CVE-2017-5404)\n\n - Certain response codes in FTP connections can result in\n the use of uninitialized values for ports in FTP\n operations. (CVE-2017-5405)\n\n - Using SVG filters that don't use the fixed point math\n implementation on a target iframe, a malicious page can\n extract pixel values from a targeted user. This can be\n used to extract history information and read text\n values across domains. This violates same-origin policy\n and leads to information disclosure. (CVE-2017-5407)\n\n - Video files loaded video captions cross-origin without\n checking for the presence of CORS headers permitting\n such cross-origin use, leading to potential information\n disclosure for video captions. (CVE-2017-5408)\n\n - The Mozilla Windows updater can be called by a\n non-privileged user to delete an arbitrary local file\n by passing a special path to the callback parameter\n through the Mozilla Maintenance Service, which has\n privileged access. Note: This attack requires local\n system access and only affects Windows. Other operating\n systems are not affected. (CVE-2017-5409)\n\n - Memory corruption resulting in a potentially\n exploitable crash during garbage collection of\n JavaScript due errors in how incremental sweeping is\n managed for memory cleanup. (CVE-2017-5410)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Mozilla security advisories.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 45.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5398\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'45.8', severity:SECURITY_HOLE);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:36", "description": "Versions of Mozilla Firefox ESR earlier than 45.8 are unpatched for the following vulnerabilities :\n\n - An unspecified flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists in 'js/src/jsgc.cpp' that is triggered as certain input is not properly validated when handling zone groups. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists in 'netwerk/streamconv/converters/nsMultiMixedConv.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists in 'netwerk/cache/nsDiskCacheDeviceSQL.cpp' that is triggered when handling cache eviction. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.- A use-after-free condition exists that is triggered when handling NPAPI plugin references. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.\n - A flaw exists in 'dom/base/nsDocument.cpp' that is triggered when handling frame request callbacks rescheduling. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists in the 'js::array_sort()' function in 'js/src/jsarray.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists in the 'cairo_cff_font_write_cid_fontdict()' function in 'cairo-cff-subset.c' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and crash a process linked against the library or potentially execute arbitrary code.\n - A use-after-free error exists in the 'FontFaceSet' class in 'layout/style/FontFaceSet.cpp' that is triggered when handling events for FontFace objects. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.\n - A flaw exists in the JavaScript Garbage Collection mechanism that is triggered during incremental sweeping on memory cleanups. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists in 'dom/bindings/ErrorResult.h' that is triggered when handling ErrorResult references. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A use-after-free error exists that is triggered when handling ranges in selections with one node inside and one node outside of a native anonymous tree. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.\n - A flaw exists in the 'HTMLTrackElement::LoadResource()' function in 'dom/html/HTMLTrackElement.cpp' that is triggered as CORS headers are not checked when loading video captions. This may allow a context-dependent attacker to disclose video captions.\n - A path truncation flaw exist in the 'NS_main()' function in 'toolkit/mozapps/update/updater/updater.cpp' that is triggered when passing callback parameters through the Mozilla Maintenance Service. This may allow a local attacker to delete arbitrary files with elevated privileges.\n - A flaw exists in the 'FilterNodeLightingSoftware::SetAttribute()' function template in 'gfx/2d/FilterNodeSoftware.cpp' that is triggered when handling subnormal surfaceScale values. With a specially crafted SVG filter, a context-dependent attacker can perform a side-channel attack, potentially resulting in disclosure of history information or text values across domains.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-08T00:00:00", "type": "nessus", "title": "Mozilla Firefox ESR < 45.8 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5409", "CVE-2017-5410"], "modified": "2019-11-06T00:00:00", "cpe": ["cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*"], "id": "9987.PRM", "href": "https://www.tenable.com/plugins/nnm/9987", "sourceData": "Binary data 9987.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:19:30", "description": "Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or spoofing.\n\nWith version 45.8 Debian drops it's custom branding from the Icedove package and ships the mail client as Thunderbird again. Please see the link below for further information:\nhttps://wiki.debian.org/Thunderbird\n\nTransition packages for the Icedove packages are provided which automatically upgrade to the new version. Since new binary packages need to be installed, make sure to allow that in your upgrade procedure (e.g. by using 'apt-get dist-upgrade' instead of 'apt-get upgrade').\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1:45.8.0-3~deb7u1.\n\nWe recommend that you upgrade your icedove packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-19T00:00:00", "type": "nessus", "title": "Debian DLA-896-1 : icedove/thunderbird security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5373", "CVE-2017-5375", "CVE-2017-5376", "CVE-2017-5378", "CVE-2017-5380", "CVE-2017-5383", "CVE-2017-5390", "CVE-2017-5396", "CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:calendar-google-provider", "p-cpe:/a:debian:debian_linux:icedove", "p-cpe:/a:debian:debian_linux:icedove-dbg", "p-cpe:/a:debian:debian_linux:icedove-dev", "p-cpe:/a:debian:debian_linux:iceowl-extension", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-896.NASL", "href": "https://www.tenable.com/plugins/nessus/99442", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-896-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99442);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\", \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5390\", \"CVE-2017-5396\", \"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n\n script_name(english:\"Debian DLA-896-1 : icedove/thunderbird security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in the Mozilla Thunderbird\nmail client: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nspoofing.\n\nWith version 45.8 Debian drops it's custom branding from the Icedove\npackage and ships the mail client as Thunderbird again. Please see the\nlink below for further information:\nhttps://wiki.debian.org/Thunderbird\n\nTransition packages for the Icedove packages are provided which\nautomatically upgrade to the new version. Since new binary packages\nneed to be installed, make sure to allow that in your upgrade\nprocedure (e.g. by using 'apt-get dist-upgrade' instead of 'apt-get\nupgrade').\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1:45.8.0-3~deb7u1.\n\nWe recommend that you upgrade your icedove packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/04/msg00021.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/icedove\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://wiki.debian.org/Thunderbird\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:calendar-google-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-extension\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"calendar-google-provider\", reference:\"1:45.8.0-3~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove\", reference:\"1:45.8.0-3~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove-dbg\", reference:\"1:45.8.0-3~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove-dev\", reference:\"1:45.8.0-3~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceowl-extension\", reference:\"1:45.8.0-3~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:19:00", "description": "Multiple security issues have been found in Thunderbird, which may may lead to the execution of arbitrary code or information leaks.\n\nWith this update, the Icedove packages are de-branded back to the official Mozilla branding. With the removing of the Debian branding the packages are also renamed back to the official names used by Mozilla.\n\nThe Thunderbird package is using a different default profile folder, the default profile folder is now '\\$(HOME)/.thunderbird'. The users profile folder, that was used in Icedove, will get migrated to the new profile folder on the first start, that can take a little bit more time.\n\nPlease read README.Debian for getting more information about the changes.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-21T00:00:00", "type": "nessus", "title": "Debian DSA-3832-1 : icedove - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5373", "CVE-2017-5375", "CVE-2017-5376", "CVE-2017-5378", "CVE-2017-5380", "CVE-2017-5383", "CVE-2017-5390", "CVE-2017-5396", "CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:icedove", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3832.NASL", "href": "https://www.tenable.com/plugins/nessus/99545", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3832. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99545);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\", \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5390\", \"CVE-2017-5396\", \"CVE-2017-5398\", \"CVE-2017-5400\", \"CVE-2017-5401\", \"CVE-2017-5402\", \"CVE-2017-5404\", \"CVE-2017-5405\", \"CVE-2017-5407\", \"CVE-2017-5408\", \"CVE-2017-5410\");\n script_xref(name:\"DSA\", value:\"3832\");\n\n script_name(english:\"Debian DSA-3832-1 : icedove - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Thunderbird, which may may\nlead to the execution of arbitrary code or information leaks.\n\nWith this update, the Icedove packages are de-branded back to the\nofficial Mozilla branding. With the removing of the Debian branding\nthe packages are also renamed back to the official names used by\nMozilla.\n\nThe Thunderbird package is using a different default profile folder,\nthe default profile folder is now '\\$(HOME)/.thunderbird'. The users\nprofile folder, that was used in Icedove, will get migrated to the new\nprofile folder on the first start, that can take a little bit more\ntime.\n\nPlease read README.Debian for getting more information about the\nchanges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/icedove\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3832\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icedove packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 1:45.8.0-3~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"calendar-google-provider\", reference:\"1:45.8.0-3~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove\", reference:\"1:45.8.0-3~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-dbg\", reference:\"1:45.8.0-3~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-dev\", reference:\"1:45.8.0-3~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-extension\", reference:\"1:45.8.0-3~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:37", "description": "Versions of Mozilla Firefox prior to 52 are unpatched for the following vulnerabilities :\n\n - A flaw exists that is triggered when using a JIT-spray targeting 'asm.js' in conjunction with a heap spray that may allow a context-dependent attacker to bypass the Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR) protection mechanisms.\n - A flaw exists in the 'txMozillaXMLOutput::createResultDocument()' function in 'dom/xslt/xslt/txMozillaXMLOutput.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists in 'dom/network/UDPSocketParent.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists in 'js/src/jit/arm/MacroAssembler-arm.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists in the 'nsDocShell::CreateAboutBlankContentViewer()' function in 'docshell/base/nsDocShell.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists that is triggered as certain input is not properly validated when handling SMIL RAII objects. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists that is triggered as certain input is not properly validated when handling accessibles. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists in the 'trace()' function in 'xpcom/base/CycleCollectedJSContext.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An integer underflow condition exists in the 'apply_lookup()' function in 'hb-ot-layout-gsubgpos-private.hh' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and crash a process linked against the library or potentially execute arbitrary code.\n - A flaw exists in the 'nsWebBrowser::RemoveWebBrowserListener()' function in 'embedding/browser/nsWebBrowser.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists in 'dom/u2f/U2F.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists in the 'Element::DescribeAttribute()' function in 'dom/base/Element.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists in 'xpcom/ds/nsSupportsArray.cpp' that is triggered when handling 'nsISupportsArrays'. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists in 'dom/workers/ServiceWorkerPrivate.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists in 'layout/printing/nsPrintEngine.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists in 'netwerk/cache2/CacheIndex.cpp' that is triggered when handling cache index serialization. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists in 'media/webrtc/trunk/webrtc/modules/video_coding/rtt_filter.cc' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists related to the camera system service that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists in 'js/src/jsgc.cpp' that is triggered as certain input is not properly validated when handling zone groups. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists in 'netwerk/streamconv/converters/nsMultiMixedConv.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists in 'netwerk/cache/nsDiskCacheDeviceSQL.cpp' that is triggered when handling cache eviction. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A use-after-free condition exists that is triggered when handling NPAPI plugin references. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.\n - A flaw exists in 'dom/base/nsDocument.cpp' that is triggered when handling frame request callbacks rescheduling. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists in the 'js::array_sort()' function in 'js/src/jsarray.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists in the 'cairo_cff_font_write_cid_fontdict()' function in 'cairo-cff-subset.c' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and crash a process linked against the library or potentially execute arbitrary code.\n - A use-after-free error exists that is triggered when using addRange to add the range to an incorrect root object. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.\n - A use-after-free error exists in the 'FontFaceSet' class in 'layout/style/FontFaceSet.cpp' that is triggered when handling events for FontFace objects. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.\n - A flaw exists in the JavaScript Garbage Collection mechanism that is triggered during incremental sweeping on memory cleanups. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists in 'dom/bindings/ErrorResult.h' that is triggered when handling 'ErrorResult' references. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A use-after-free error exists that is triggered when handling ranges in selections with one node inside and one node outside of a native anonymous tree. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.\n - An out-of-bounds read flaw exists that is triggered when handling SVG filter color value operations. This may allow a context-dependent attacker to potentially disclose sensitive memory contents.\n - A flaw exists in the 'HTMLTrackElement::LoadResource()' function in 'dom/html/HTMLTrackElement.cpp' that is triggered as CORS headers are not checked when loading video captions. This may allow a context-dependent attacker to disclose video captions.\n - A path truncation flaw exist in the 'NS_main()' function in 'toolkit/mozapps/update/updater/updater.cpp' that is triggered when passing callback parameters through the Mozilla Maintenance Service. This may allow a local attacker to delete arbitrary files with elevated privileges.\n - A flaw exists in the 'FilterNodeLightingSoftware::SetAttribute()' function template in 'gfx/2d/FilterNodeSoftware.cpp' that is triggered when handling subnormal surfaceScale values. With a specially crafted SVG filter, a context-dependent attacker can perform a side-channel attack, potentially resulting in disclosure of history information or text values across domains.\n - An out-of-bounds access flaw exists that is triggered when handling bidirectional layout operations. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor.\n - A flaw exists in the 'Location' class in 'dom/base/Location.cpp' that is triggered when using a Blob URL. This may allow a context-dependent attacker to spoof the address bar.\n - A flaw exists in the 'HTMLInputElement' class in 'dom/html/HTMLInputElement.cpp' that is triggered when handling the local default directory for a file picker dialog. This may allow a context-dependent attacker to disclose information e.g. about the operating system or the local account name.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-08T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 52 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5409", "CVE-2017-5410", "CVE-2017-5399", "CVE-2017-5403", "CVE-2017-5412", "CVE-2017-5413", "CVE-2017-5414", "CVE-2017-5415"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"], "id": "9986.PRM", "href": "https://www.tenable.com/plugins/nnm/9986", "sourceData": "Binary data 9986.prm", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:51", "description": "This update for MozillaFirefox and mozilla-nss fixes the following issues :\n\nMozillaFirefox was updated to Firefox 52.0 (boo#1028391)\n\n - requires NSS >= 3.28.3\n\n - Pages containing insecure password fields now display a warning directly within username and password fields.\n\n - Send and open a tab from one device to another with Sync\n\n - Removed NPAPI support for plugins other than Flash.\n Silverlight, Java, Acrobat and the like are no longer supported.\n\n - Removed Battery Status API to reduce fingerprinting of users by trackers\n\n - MFSA 2017-05 CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP (bmo#1334933) CVE-2017-5401: Memory Corruption when handling ErrorResult (bmo#1328861) CVE-2017-5402: Use-after-free working with events in FontFace objects (bmo#1334876) CVE-2017-5403:\n Use-after-free using addRange to add range to an incorrect root object (bmo#1340186) CVE-2017-5404:\n Use-after-free working with ranges in selections (bmo#1340138) CVE-2017-5406: Segmentation fault in Skia with canvas operations (bmo#1306890) CVE-2017-5407:\n Pixel and history stealing via floating-point timing side channel with SVG filters (bmo#1336622) CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping (bmo#1330687) CVE-2017-5408: Cross-origin reading of video captions in violation of CORS (bmo#1313711) CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323) CVE-2017-5413: Segmentation fault during bidirectional operations (bmo#1337504) CVE-2017-5414: File picker can choose incorrect default directory (bmo#1319370) CVE-2017-5415: Addressbar spoofing through blob URL (bmo#1321719) CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121) CVE-2017-5417: Addressbar spoofing by draging and dropping URLs (bmo#791597) CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running (bmo#1257361) CVE-2017-5427: Non-existent chrome.manifest file loaded during startup (bmo#1295542) CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses (bmo#1338876) CVE-2017-5419: Repeated authentication prompts lead to DOS attack (bmo#1312243) CVE-2017-5420: Javascript: URLs can obfuscate addressbar location (bmo#1284395) CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports (bmo#1336699) CVE-2017-5421: Print preview spoofing (bmo#1301876) CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink (bmo#1295002) CVE-2017-5399: Memory safety bugs fixed in Firefox 52 CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8\n\nmozilla-nss was updated to NSS 3.28.3\n\n - This is a patch release to fix binary compatibility issues. NSS version 3.28, 3.28.1 and 3.28.2 contained changes that were in violation with the NSS compatibility promise. ECParams, which is part of the public API of the freebl/softokn parts of NSS, had been changed to include an additional attribute. That size increase caused crashes or malfunctioning with applications that use that data structure directly, or indirectly through ECPublicKey, ECPrivateKey, NSSLOWKEYPublicKey, NSSLOWKEYPrivateKey, or potentially other data structures that reference ECParams. The change has been reverted to the original state in bug bmo#1334108. SECKEYECPublicKey had been extended with a new attribute, named 'encoding'. If an application passed type SECKEYECPublicKey to NSS (as part of SECKEYPublicKey), the NSS library read the uninitialized attribute. With this NSS release SECKEYECPublicKey.encoding is deprecated. NSS no longer reads the attribute, and will always set it to ECPoint_Undefined. See bug bmo#1340103.\n\n - requires NSPR >= 4.13.1\n\n - update to NSS 3.28.2 This is a stability and compatibility release. Below is a summary of the changes.\n\n - Fixed a NSS 3.28 regression in the signature scheme flexibility that causes connectivity issues between iOS 8 clients and NSS servers with ECDSA certificates (bmo#1334114)\n\n - Fixed a possible crash on some Windows systems (bmo#1323150)\n\n - Fixed a compatibility issue with TLS clients that do not provide a list of supported key exchange groups (bmo#1330612)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-15T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2017-344)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5398", "CVE-2017-5399", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5403", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5406", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410", "CVE-2017-5412", "CVE-2017-5413", "CVE-2017-5414", "CVE-2017-5415", "CVE-2017-5416", "CVE-2017-5417", "CVE-2017-5418", "CVE-2017-5419", "CVE-2017-5420", "CVE-2017-5421", "CVE-2017-5422", "CVE-2017-5426", "CVE-2017-5427"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:MozillaFirefo

Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2017-1048)

Description

Related